1. Try escaping the braces using
http://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
2. File a bug report against the Jersey documentation asking for them
to specify how to escape such characters.
Gili
On 20/08/2014 3:59 PM, Gabriel Soto wrote:
> Hi Gili,
>
> I'm trying to test that the server does not break and logs an
> appropriate error after receiving "strange" HTTP requests.
> In this case, the request would be an HTTP GET with a header similar
> to this:
>
> GET /test{} HTTP/1.1
>
> I'm reading the JAX-RS API again, and the error I was getting actually
> makes sense because the path() method takes a string that may contain
> template parameters. I'm not sure why it worked on previous versions.
>
> However, the question remains. Would there be a way to do this kind of
> thing with JAX-RS/Jersey?
>
> Thanks again!
> Gabriel
>
>
>
>
> On Wed, Aug 20, 2014 at 4:27 PM, cowwoc <cowwoc_at_bbs.darktech.org
> <mailto:cowwoc_at_bbs.darktech.org>> wrote:
>
> Hi Gabriel,
>
> Not that I know of. Explain to me again what you're trying to
> test? What kind of "unexpected input" would you send? Why do you
> need to access it still encoded? And what do you expect the server
> to do once it receives this unexpected input?
>
> Gili
>
>
> On 20/08/2014 3:07 PM, Gabriel Soto wrote:
>> Thanks for the quick reply, Gili.
>>
>> Your answer provokes a new question. I'd prefer the request to
>> have the URL unescaped, since I'm trying to test the server's
>> behavior when faced with this kind of unexpected input.
>>
>> I can see that the Jersey client does escape URLs by default. Is
>> it possible to change this behavior so the sent request contains
>> the original URL?
>>
>> Thanks,
>> Gabriel
>>
>> On Wed, Aug 20, 2014 at 3:17 PM, cowwoc <cowwoc_at_bbs.darktech.org
>> <mailto:cowwoc_at_bbs.darktech.org>> wrote:
>>
>> I don't know the answer to your question but I would point
>> out that according to the Java: the argument is "the path,
>> may contain URI template parameters."
>>
>> Perhaps you can escape the braces using percent/URL encoding?
>> Or perhaps a double slash?
>>
>> I think the Javadoc should discuss how to escape braces, so I
>> suggest a issue to that effect.
>>
>> Gili
>>
>>
>> On 20/08/2014 2:08 PM, Gabriel Soto wrote:
>>
>> I'm trying to perform some fuzz testing by sending
>> requests to a server with malformed URIs.
>>
>> The following minimal code worked well on Jersey 2.3.1:
>>
>> ClientBuilder.newClient()
>> .target(UriBuilder.fromUri("http://localhost"))
>> .path("test{}")
>> .request();
>>
>> We just updated to 2.11.0 and the same code produces the
>> following error:
>>
>> java.lang.IllegalStateException: Illegal character "}" at
>> position 5 is not allowed as a start of a name in a path
>> template "test{}".
>> at
>> org.glassfish.jersey.client.JerseyWebTarget.getUri(JerseyWebTarget.java:136)
>> at
>> org.glassfish.jersey.client.JerseyWebTarget.request(JerseyWebTarget.java:216)
>> at
>> org.glassfish.jersey.client.JerseyWebTarget.request(JerseyWebTarget.java:59)
>> (...)
>> Caused by: java.lang.IllegalArgumentException: Illegal
>> character "}" at position 5 is not allowed as a start of
>> a name in a path template "test{}".
>> at
>> org.glassfish.jersey.uri.internal.UriTemplateParser.parseName(UriTemplateParser.java:328)
>> at
>> org.glassfish.jersey.uri.internal.UriTemplateParser.parse(UriTemplateParser.java:251)
>> at
>> org.glassfish.jersey.uri.internal.UriTemplateParser.<init>(UriTemplateParser.java:110)
>> at
>> org.glassfish.jersey.uri.UriTemplate.createUriComponent(UriTemplate.java:1001)
>> at
>> org.glassfish.jersey.uri.UriTemplate.createURIWithStringValues(UriTemplate.java:961)
>> at
>> org.glassfish.jersey.uri.UriTemplate.createURIWithStringValues(UriTemplate.java:906)
>> at
>> org.glassfish.jersey.uri.UriTemplate.createURI(UriTemplate.java:871)
>> at
>> org.glassfish.jersey.uri.internal.JerseyUriBuilder._build(JerseyUriBuilder.java:893)
>> at
>> org.glassfish.jersey.uri.internal.JerseyUriBuilder.build(JerseyUriBuilder.java:810)
>> at
>> org.glassfish.jersey.client.JerseyWebTarget.getUri(JerseyWebTarget.java:134)
>> (...)
>>
>> I'm trying to understand if this is related to
>> https://java.net/jira/browse/JERSEY-2525
>> It certainly doesn't look fixed in this version.
>>
>> Any ideas?
>>
>> Thanks,
>> Gabriel
>>
>>
>>
>
>