users@jersey.java.net

[Jersey] Re: Problems with matrix parameters

From: Daniel Larsson <daniel.j.larsson_at_gmail.com>
Date: Thu, 11 Aug 2011 19:41:09 +0200

Wasn't sure if I had to URI encode the parameter, or if jersey does, but yes
"%" needs to be encoded. But I also noticed, as you did, both versions
caused the problem. I'll file an issue =)


2011/8/11 Pavel Bucek <pavel.bucek_at_oracle.com>

> Hope you had a nice break.
>
> Ok, I'm able to reproduce.. simple workaround is not use trace feature, but
> it is valid issue. Can you please file it on our issue tracker? -
> http://java.net/jira/browse/JERSEY
>
> I'm just wondering.. is this legal? Shouln't be that character encoded and
> represented like "%25"? .. but actually that exception is produced even for
>
> UriBuilder b =
> UriBuilder.fromUri(resource().getURI()).path("admin/companies").matrixParam("foo",
> "fooParam%25").matrixParam("bar", "barparam");
>
> so it is definitely an issue and we need to deal with that.
>
> Thanks for clarification!
> Pavel
>
>
> On 8/11/11 2:12 PM, Daniel Larsson wrote:
>
> Back from vacation.
>
> I downloaded your maven project, changed MatrixParamTest slightly:
>
> public class MatrixParamTest extends JerseyTest {
> public MatrixParamTest() throws Exception {
> super(new
> WebAppDescriptor.Builder("com.example.matrixparamproblem")
> .contextPath("matrix-param-problem-1.0-SNAPSHOT")
> .initParam("com.sun.jersey.config.feature.Trace",
> "true").build());
> // First change, turned on tracing
> }
>
> @Test
> public void testHelloWorld() throws Exception {
> Client c = client();
> c.addFilter(new LoggingFilter());
>
> // Second change, added a '%' to foo value
> UriBuilder b =
> UriBuilder.fromUri(resource().getURI()).path("admin/companies").matrixParam("foo",
> "fooParam%").matrixParam("bar", "barParam");
> String responseMsg =
> client().resource(b.build()).get(String.class);
> System.out.println("response ---> " + responseMsg);
> }
> }
>
> With these changes, I'm getting a
> java.lang.StringIndexOutOfBoundsException: String index out of range: 29
> exception
>
> Interestingly, it seems to work when turning off tracing.
>
> 2011/7/21 Daniel Larsson <daniel.j.larsson_at_gmail.com>
>
>> The point is, the sent URL is still a valid URL, and it crashes Jersey. My
>> original code used the "matching" matrix parameter, so that's probably why I
>> made that slightly confused curl example. Never the less, the URL parsing
>> gets botched up before it hits my resource, so I'm guessing if I changed one
>> of the "foo" and "bar" parameters to "matching", my problem would still be
>> the same. Look at the trace output, e.g.:
>>
>> < X-Jersey-Trace-006: accept sub-resource locator:
>> "admin/companies;matchi" : "ng=foo" -> @Path("/{id: admin}/") com.example.
>>
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>> And just crafting the URL in a specific way (I haven't managed to figure
>> out how to create such URLs, I stumbled upon one by chance), Jersey crashes
>> with the mentioned exception. Regardless if the URL is meaningful or not,
>> Jersey shouldn't crash while parsing it, right?
>>
>> 2011/7/20 Pavel Bucek <pavel.bucek_at_oracle.com>
>>
>>> I don't really undestand your testcase. in your code, you are looking
>>> for "foo" and "bar" parameters, but you are defining only "matching" in
>>> provided url.
>>>
>>> see attached sample, especially test MatrixParamTest class (in
>>> src/test/..).
>>>
>>> you can run it by executing "mvn clean test".
>>>
>>> Regards,
>>> Pavel
>>>
>>>
>>> On 7/15/11 6:08 PM, Daniel Larsson wrote:
>>>
>>> I'm quite fond of matrix parameters, and use them a lot in my URLs. It
>>> seems there's some problem with traversing URLs containing embedded matrix
>>> parameters, however. I started
>>> getting java.lang.StringIndexOutOfBoundsException inside the jersey code,
>>> traversing the resource graph for certain URLs.
>>>
>>> Attached is a small maven project exposing this problem. The URL needs
>>> to be specially crafted to expose the error, but I haven't had time to try
>>> figure out what exactly goes wrong. I've turned on tracing, and the output
>>> when the exception isn't thrown looks very odd, it seems to cut the URL in
>>> "random" places.
>>>
>>> Here's a curl command that exposes the problem (for me):
>>>
>>> # curl -v '
>>> http://localhost:8080/matrix-param-problem-1.0-SNAPSHOT/resources/admin/companies;matching=foo%20bar1%25/
>>> '
>>>
>>> This URL works, but gives odd trace messages:
>>>
>>> curl -v '
>>> http://localhost:8080/matrix-param-problem-1.0-SNAPSHOT/resources/admin/companies;matching=foo%20bar%25/
>>> '
>>> * About to connect() to localhost port 8080 (#0)
>>> * Trying ::1... connected
>>> * Connected to localhost (::1) port 8080 (#0)
>>> > GET
>>> /matrix-param-problem-1.0-SNAPSHOT/resources/admin/companies;matching=foo%20bar%25/
>>> HTTP/1.1
>>> > User-Agent: curl/7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7
>>> OpenSSL/0.9.8l zlib/1.2.3
>>> > Host: localhost:8080
>>> > Accept: */*
>>> >
>>> < HTTP/1.1 200 OK
>>> < X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition
>>> 3.1.1-b08 Java/Apple Inc./1.6)
>>> < Server: GlassFish Server Open Source Edition 3.1.1-b08
>>> < X-Jersey-Trace-000: accept root resource classes: "/admin/companies/"
>>> < X-Jersey-Trace-001: match path "/admin/companies/" ->
>>> "/application\.wadl(/.*)?", "(/.*)?"
>>> < X-Jersey-Trace-002: accept right hand path
>>> java.util.regex.Matcher[pattern=(/.*)? region=0,17
>>> lastmatch=/admin/companies/]: "/admin/companies/" -> "" :
>>> "/admin/companies/"
>>> < X-Jersey-Trace-003: accept resource: "admin/companies;matchi" ->
>>> @Path("/") com.example.matrixparamproblem.BaseResource_at_8810bb
>>> < X-Jersey-Trace-004: match path "/admin/companies/" -> "/(admin)(/.*)?",
>>> ""
>>> < X-Jersey-Trace-005: accept right hand path
>>> java.util.regex.Matcher[pattern=/(admin)(/.*)? region=0,17
>>> lastmatch=/admin/companies/]: "/admin/companies/" -> "/admin" :
>>> "/companies/"
>>> < X-Jersey-Trace-006: accept sub-resource locator:
>>> "admin/companies;matchi" : "ng=foo" -> @Path("/{id: admin}/")
>>> com.example.matrixparamproblem.BaseResource_at_8810bb.getSub(javax.ws.rs.core.PathSegment)
>>> = com.example.matrixparamproblem.BaseResource$SubResource_at_102a1c8
>>> < X-Jersey-Trace-007: match path "/companies/" -> "/(companies)(/.*)?",
>>> ""
>>> < X-Jersey-Trace-008: accept right hand path
>>> java.util.regex.Matcher[pattern=/(companies)(/.*)? region=0,11
>>> lastmatch=/companies/]: "/companies/" -> "/companies/" : ""
>>> < X-Jersey-Trace-009: accept sub-resource locator:
>>> "admin/companies;matching=foo" : " bar%/" -> @Path("/{id: companies}/")
>>> com.example.matrixparamproblem.BaseResource$SubResource_at_102a1c8.getSubSub(javax.ws.rs.core.PathSegment)
>>> =
>>> com.example.matrixparamproblem.BaseResource$SubResource$SubSubResource_at_1cb82
>>> < X-Jersey-Trace-010: match path "" -> ""
>>> < X-Jersey-Trace-011: accept resource methods:
>>> "admin/companies;matching=foo bar%/", GET ->
>>> com.example.matrixparamproblem.BaseResource$SubResource$SubSubResource_at_1cb82
>>> < X-Jersey-Trace-012: matched resource method: public java.util.Map
>>> com.example.matrixparamproblem.BaseResource$SubResource$SubSubResource.getJson()
>>> < X-Jersey-Trace-013: matched message body writer:
>>> java.util.HashMap_at_308d9, "application/json" ->
>>> org.codehaus.jackson.jaxrs.JacksonJaxbJsonProvider_at_8f5109
>>> < Content-Type: application/json
>>> < Transfer-Encoding: chunked
>>> < Date: Fri, 15 Jul 2011 16:02:20 GMT
>>>
>>> The application is deployed in a glassfish 3.1.1-b08 container, with
>>> jersey 1.8-ea03. I compiled my source against the 1.8 release of jersey, but
>>> haven't bothered to update the jersey version inside glassfish. The real
>>> application is using 1.8 inside glassfish, so I don't think this version
>>> discrepancy is the reason.
>>>
>>>
>>>
>>
>
>