camel-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Edward Welch (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CAMEL-9281) Http4 component removes trailing slashes from http requests (producer)
Date Wed, 04 Nov 2015 14:23:27 GMT

    [ https://issues.apache.org/jira/browse/CAMEL-9281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14989608#comment-14989608
] 

Edward Welch commented on CAMEL-9281:
-------------------------------------

Was doing some more digging, realized this block of code was changed to address [CAMEL-9104]
in version 2.16.0, but was not backported to 2.15.x because of some refactoring.

Looking at the code in 2.16.0, I have come up with this solution:

{code}
        if (path != null && path.length() > 0) {

            //Find a ? indicating there are query params
            int idx = uri.indexOf("?");

            //Break apart the uri into base and queryParams
            String base;
            String queryParams;
            if (idx == -1) {
                //No query params
                base = uri;
                queryParams = "";
            } else {
                base = uri.substring(0, idx);
                queryParams = uri.substring(idx);
            }

            // if the base ends with a / and the path starts with a /, remove a slash from
the path
            if (base.endsWith("/") && path.startsWith("/")) {
                path = path.substring(1);
            }
            // if the neither the base ends with a / or the path starts with a /, add one
to the base
            if (!base.endsWith("/") && !path.startsWith("/") ) {
                base = base + "/";
            }

            // add everything together;
            uri = base.concat(path).concat(queryParams);

        }
{code}

Unfortunately, the patch for this is a little complicated, because the HttpHelper tests were
not refactored into camel-http-common when HttpHelper was moved.  Also, I noticed this code
is copied and pasted in the NettyHttpHelper class which exists in both the netty and netty4
components.

Not sure the best place to put unit tests for this?

> Http4 component removes trailing slashes from http requests (producer)
> ----------------------------------------------------------------------
>
>                 Key: CAMEL-9281
>                 URL: https://issues.apache.org/jira/browse/CAMEL-9281
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-http, camel-http4
>    Affects Versions: 2.15.4
>            Reporter: Edward Welch
>
> I have created a scenario which seems to exploit a bug in the HttpHelper createURL method.
> My use case:
> Using http4 component in an http proxy with bridgeEndpoint true
> Send a request such as http://somesite/contextpath
> Request is forwarded by my proxy to a tomcat server.  Tomcat will reply with a 302 and
a new Location of http://somesite/contextpath/ as this is a built in behavior of tomcat to
redirect the caller to the contextpath INCLUDING the trailing slash
> I have http client configured with httpClient.redirectsEnabled=false
> Therefore the 302 is sent back through my proxy to the caller.
> The caller then makes the call to http://somesite/contextpath/
> This is where the problem occurs,  within the createUrl method:
> {code}
>         String path = exchange.getIn().getHeader(Exchange.HTTP_PATH, String.class);
>         // NOW the HTTP_PATH is just related path, we don't need to trim it
>         if (path != null) {
>             if (path.startsWith("/")) {
>                 path = path.substring(1);
>             }
>             if (path.length() > 0) {
>                 // make sure that there is exactly one "/" between HTTP_URI and
>                 // HTTP_PATH
>                 if (!uri.endsWith("/")) {
>                     uri = uri + "/";
>                 }
>                 uri = uri.concat(path);
>             }
>         }
> {code}
> When the second request is made with the trailing slash, the string "path" is / (just
a single forward slash)
> This hits the first conditional and results in true, which the following substring then
removes this slash.
> Now path.length() is not > 0 so the second conditional evaluates false.
> And we end up with a uri returned that no longer has the trailing slash.
> This is sent to Tomcat, Tomcat then promptly returns another 302 and a redirect loop
is created.
> I think the intent of this block of code is to combine the uri and path and make sure
there isn't a duplicate forward slash?
> So the simplest fix I can suggest would be something like
> {code}
>         String path = exchange.getIn().getHeader(Exchange.HTTP_PATH, String.class);
>         // NOW the HTTP_PATH is just related path, we don't need to trim it
>         if (path != null && ! path.equals("/")) {
>             if (path.startsWith("/")) {
>                 path = path.substring(1);
>             }
>             if (path.length() > 0) {
>                 // make sure that there is exactly one "/" between HTTP_URI and
>                 // HTTP_PATH
>                 if (!uri.endsWith("/")) {
>                     uri = uri + "/";
>                 }
>                 uri = uri.concat(path);
>             }
>         }
> {code}
> Where we would just check for this case explicitly with:
> if (path != null && ! path.equals("/")) {
> Thoughts?
> I could probably put together a PR and add some test cases



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message