cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-4207) CXF interprets URL-encoded slashes in PathParam prior to method dispatch
Date Tue, 27 Mar 2012 14:56:25 GMT

    [ https://issues.apache.org/jira/browse/CXF-4207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13239532#comment-13239532
] 

Sergey Beryozkin commented on CXF-4207:
---------------------------------------

Tomcat definitely blocks encoded forward or backward slashes by default.
Try system properties:
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true

ex, I can get %2F passed to the demo service after setting the 1st property.
Please confirm CXF works as expected
                
> CXF interprets URL-encoded slashes in PathParam prior to method dispatch
> ------------------------------------------------------------------------
>
>                 Key: CXF-4207
>                 URL: https://issues.apache.org/jira/browse/CXF-4207
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 2.4.2, 2.5.3
>            Reporter: Matt Parker
>
> For a method which handles, for example, "@Path(/rest/{value})": if either a forward
or backward slash is encoded and provided as part of "{value}", CXF will interpret the encoded
slash as a URI separator, rather than as a part of "{value}".
> For example, "GET /rest/my%5Cvalue" will be interpreted as "GET /rest/my\value" prior
to dispatching, and will then fail with a 404, rather than passing "my\value" to the method
handling the "/rest/{value}" URI.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message