Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 80818 invoked from network); 6 Oct 2008 20:40:12 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Oct 2008 20:40:12 -0000 Received: (qmail 6505 invoked by uid 500); 6 Oct 2008 20:40:10 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 6449 invoked by uid 500); 6 Oct 2008 20:40:10 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 6438 invoked by uid 99); 6 Oct 2008 20:40:09 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Oct 2008 13:40:09 -0700 X-ASF-Spam-Status: No, hits=0.1 required=10.0 tests=DNS_FROM_SECURITYSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [209.86.89.65] (HELO elasmtp-kukur.atl.sa.earthlink.net) (209.86.89.65) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Oct 2008 20:38:54 +0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=iv7OMQODXbWKUo/Gy3/bu6mfWtpV/lIkstmaphrd/ROoLrvJS2vwvJZSpU4MEo21; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP; Received: from [129.33.49.251] (helo=tetra.raleigh.ibm.com) by elasmtp-kukur.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from ) id 1KmwrF-0007GR-LI for dev@geronimo.apache.org; Mon, 06 Oct 2008 16:39:09 -0400 Message-ID: <48EA776D.9080802@earthlink.net> Date: Mon, 06 Oct 2008 16:39:09 -0400 From: Joe Bohn User-Agent: Thunderbird 2.0.0.17 (Macintosh/20080914) MIME-Version: 1.0 To: dev@geronimo.apache.org Subject: Re: URL encoding of colons in web permissions References: <0527BC9C-16AF-4734-AC17-AAB1DBAEA2EB@yahoo.com> In-Reply-To: <0527BC9C-16AF-4734-AC17-AAB1DBAEA2EB@yahoo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-ELNK-Trace: c408501814fc19611aa676d7e74259b7b3291a7d08dfec7931d71df4d2ef852a7dd6fef2f9fed4c7350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 129.33.49.251 X-Virus-Checked: Checked by ClamAV on apache.org Seems reasonable to me. I don't know why we would need to double encode the %3A and it actually seems like it might cause some problems. Joe David Jencks wrote: > There's a new MR for the jacc spec and one of the changes is related to > something we've already tried to solve for dealing with the pluto > console urls which sometimes have colons in them for instance when a > jdbc url is in a query parameter in the url.. > > > Here's the text of the spec change: > > The name of the permission checked in a transport or pre-dispatch > decision must > be the unqualified request URI minus the context path. All colon characters > occurring within the name must be represented using escaped encoding1. > > > Here's our current code: > > static String encodeColons(HttpServletRequest request) { > String result = request.getServletPath() + > (request.getPathInfo() == null ? "" : request.getPathInfo()); > > if (result.indexOf("%3A") > -1) result = > result.replaceAll("%3A", "%3A%3A"); > if (result.indexOf(":") > -1) result = result.replaceAll(":", > "%3A"); > > return result; > } > > > I think that we are being over-enthusiastic and should leave out the > doubling of a pre-encoded colon: > > static String encodeColons(HttpServletRequest request) { > String result = request.getServletPath() + > (request.getPathInfo() == null ? "" : request.getPathInfo()); > > if (result.indexOf(":") > -1) result = result.replaceAll(":", > "%3A"); > > return result; > } > > > Does this seem right? > > thanks > david jencks >