users@jersey.java.net

[Jersey] Bug in HttpHeaderReader

From: Adam Ryan <aryan_at_qvalent.com>
Date: Thu, 3 Mar 2016 04:58:22 +0000

Hi,

I believe there is a bug in org.glassfish.jersey.message.internal.HttpHeaderReader:306<https://github.com/jersey/jersey/blob/master/core-common/src/main/java/org/glassfish/jersey/message/internal/HttpHeaderReader.java#L306>.

If you look at RFC 1867<https://www.ietf.org/rfc/rfc1867.txt>, section 6 (Examples), the boundary is defined in the Content-Type header following a comma (I understand other RFCs use semi-colons here, but not this one), but if I use a comma here when using Jersey I get the following stack trace:

java.text.ParseException: Expected separator ';' instead of ','
         at org.glassfish.jersey.message.internal.HttpHeaderReader.nextSeparator(HttpHeaderReader.java:146)
         at org.glassfish.jersey.message.internal.HttpHeaderReader.readParameters(HttpHeaderReader.java:306)
         at org.glassfish.jersey.message.internal.HttpHeaderReader.readParameters(HttpHeaderReader.java:296)
         at org.glassfish.jersey.message.internal.MediaTypeProvider.valueOf(MediaTypeProvider.java:118)
         at org.glassfish.jersey.message.internal.MediaTypeProvider.fromString(MediaTypeProvider.java:90)
         ... 34 more

By simply changing my request to use a semi-colon here I get a successful request.

My issue here is that Jersey should support what is written by the IETF, but at the moment it does not.

Thanks,
Adam

Adam Ryan
Qvalent Pty. Ltd. (a subsidiary of Westpac Banking Corporation)
phone: (02) 49510080 | fax: (02) 49510055 | email: aryan@qvalent.com<mailto:aryan@qvalent.com> website: www.qvalent.com<http://www.qvalent.com/>


________________________________

Please consider our environment before printing this email.

WARNING - This email and any attachments may be confidential. If received in error, please delete and inform us by return email. Because emails and attachments may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems, you must be cautious. Qvalent cannot guarantee that what you receive is what we sent. If you have any doubts about the authenticity of an email sent by Qvalent, please contact us immediately.

It is also important to check for viruses and defects before opening or using attachments. Qvalent's liability is limited to resupplying any affected attachments.

Qvalent is a wholly owned subsidiary of the Westpac Banking Corporation.

Qvalent Pty Ltd ABN 71 088 314 827