cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-5577) WebApplicationException thrown w/JSESSIONID as a path parameter
Date Tue, 25 Feb 2014 13:00:22 GMT

    [ https://issues.apache.org/jira/browse/CXF-5577?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13911539#comment-13911539
] 

Sergey Beryozkin commented on CXF-5577:
---------------------------------------

It is a strange issue, took me a time to figure out what is going on.

Basically, what happens, when you have "/people/;a=b", is that a method with a "/{id}/" also
catches it.
So we start with "/people/;a=b" at the class level, the match produces a final "/;a=b" and
as it happens, this matches two methods, one with "/", another one with "/{id}/" cleanly,
the latter is preferred because it has a template var which has the ";a=b" value.

I think there's some weakness in the way the specification recommends building the template
expressions, it should probably explicitly disallow ";" characters (something I will raise
separately) but for now if you do "/{id:(\d)+}" then it will work correctly.

So in the end it is not a CXF issue,; it is to do with the JAX-RS template handling being
too open with respect to ";"

Thanks, Sergey


> WebApplicationException thrown w/JSESSIONID as a path parameter
> ---------------------------------------------------------------
>
>                 Key: CXF-5577
>                 URL: https://issues.apache.org/jira/browse/CXF-5577
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 2.6.13, 2.7.10
>            Reporter: Terence Kent
>              Labels: jax-rs, jsessionid
>         Attachments: bug-cxf-routing-jsessionid.zip
>
>
> (This issue was originally posted as a question to users@cxf.apache.org here: http://cxf.547215.n5.nabble.com/JAX-RS-issue-in-2-6-13-w-JSESSIONID-as-a-path-parameter-td5740381.html)
> Including a JSESSIONID path parameter will break REST paths which end with a forward
slash. For example, the path:
> <proto>://<host:port>/api/people/;JESSIONID=xxx
> Will result in a WebApplicationException being thrown. If the path does not end with
a forward slash, everything works as expected.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message