cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Ma <mail2ji...@gmail.com>
Subject Re: Need for normalization? (Re: svn commit: r980880 - in /cxf/trunk/tools/common/src)
Date Sun, 01 Aug 2010 09:12:48 GMT
On Sat, Jul 31, 2010 at 7:52 PM, Benson Margulies <bimargulies@gmail.com> wrote:
> To chime in: it's a really, really, bad idea for non-file URLs, as it
> can violate stringprep.
Why do you say that ?  Can you explain it more with a example ? ;-)

>
> For file URLs, it is an attempt to deal, with non-NFC (or NFKC)
> strings in the URL failing to match the file system. However, file
> system normalization is platform-dependendent. Linux does none at all,
> for example. So it's not safe in general.

Actually what I add is just a  URI.normalize().
>From the java doc , URI.normalize() just removes the ".." and "."
segment and it does not implement whole normalization in RFC 2396.

---java doc------
"public URI normalize()

    Normalizes this URI's path.

    If this URI is opaque, or if its path is already in normal form,
then this URI is returned. Otherwise a new URI is constructed that is
identical to this URI except that its path is computed by normalizing
this URI's path in a manner consistent with RFC 2396, section 5.2,
step 6, sub-steps c through f; that is:

       1. All "." segments are removed.
       2. If a ".." segment is preceded by a non-".." segment then
both of these segments are removed. This step is repeated until it is
no longer applicable.
       3.If the path is relative, and if its first segment contains a
colon character (':'), then a "." segment is prepended. This prevents
a relative URI with a path such as "a:b/c/d" from later being
re-parsed as an opaque URI with a scheme of "a" and a scheme-specific
part of "b/c/d". (Deviation from RFC 2396)

    A normalized path will begin with one or more ".." segments if
there were insufficient non-".." segments preceding them to allow
their removal. A normalized path will begin with a "." segment if one
was inserted by step 3 above. Otherwise, a normalized path will not
contain any "." or ".." segments.

    Returns:
        A URI equivalent to this URI, but whose path is in normal form
-------------------------

I tested it on Fedora and the URI
"file:/home/jimma/tmp/test/../../arg" is normalized to
"file:/home/jimma/arg". So it works on Linux.

Did I miss or misunderstand something  else?

Cheers
Jim


>
>
> On Fri, Jul 30, 2010 at 9:50 PM, Glen Mazza <glen.mazza@gmail.com> wrote:
>> May I ask why this normalization is helpful (instead of just using the
>> intended file path to being with)?
>> Does this affect just internal CXF use or external usage by users of CXF?
>>  If the latter, the potential problem I see is that not all URI's are file
>> paths and, even if they were, I'm not sure that you can safely normalize in
>> a platform-independent manner.
>>
>> Glen
>>
>> ema@apache.org wrote:
>>>
>>> Author: ema
>>> Date: Fri Jul 30 16:07:40 2010
>>> New Revision: 980880
>>>
>>> URL: http://svn.apache.org/viewvc?rev=980880&view=rev
>>> Log:
>>> [CXF-2918]:normalize the url like file:/home/cxf/org/apache/../../cxf in
>>> URIParserUtil.getAbsoluteURL()
>>>
>>> Modified:
>>>
>>>  cxf/trunk/tools/common/src/main/java/org/apache/cxf/tools/util/URIParserUtil.java
>>>
>>>  cxf/trunk/tools/common/src/test/java/org/apache/cxf/tools/util/URIParserUtilTest.java
>>>
>>> Modified:
>>> cxf/trunk/tools/common/src/main/java/org/apache/cxf/tools/util/URIParserUtil.java
>>> URL:
>>> http://svn.apache.org/viewvc/cxf/trunk/tools/common/src/main/java/org/apache/cxf/tools/util/URIParserUtil.java?rev=980880&r1=980879&r2=980880&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> cxf/trunk/tools/common/src/main/java/org/apache/cxf/tools/util/URIParserUtil.java
>>> (original)
>>> +++
>>> cxf/trunk/tools/common/src/main/java/org/apache/cxf/tools/util/URIParserUtil.java
>>> Fri Jul 30 16:07:40 2010
>>> @@ -248,18 +248,15 @@ public final class URIParserUtil {
>>>     }
>>>     public static String normalize(final String uri) {
>>>         URL url = null;
>>> +        String result = null;
>>>         try {
>>>             url = new URL(uri);
>>> -            return escapeChars(url.toString().replace("\\", "/"));
>>> +            result =
>>> escapeChars(url.toURI().normalize().toString().replace("\\", "/"));
>>>
>>
>>
>>
>

Mime
View raw message