hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philippe Mouawad <philippe.moua...@gmail.com>
Subject Re: Handling of redirects in HttpClient
Date Wed, 07 Aug 2013 08:54:18 GMT
Hello Oleg,
In the example Url contained too much garbage to see if all issues were
fixed.

You can see whole context here:
- https://issues.apache.org/bugzilla/show_bug.cgi?id=54482

It seems encoding  of these characters is not mandatory although rfc says
it's better to encode.
So this could be considered as a bug ?


We will be fixing this when jmeter controls redirection but when we
delegate to implementation (hc) we will need to implement a custom redirect
strategy as you suggested.
Thanks for help.
Regards
Philippe

On Wednesday, August 7, 2013, Oleg Kalnichevski wrote:

> On Wed, 2013-08-07 at 09:41 +0200, Philippe Mouawad wrote:
> > Hello Oleg,
> > Sorry it's not clear.
> > Using Httpclient, we call this jsp which ad you can see does a
> redirection
> > with unsafz characters in url, redirection fails with the mentionned
> > exception.
> > This is due to the way hc4 impl builds a Uri from it not checking for
> > unsafe characters.
> >
>
> The redirect sent by the origin server is meant to contain a well formed
> location URI. The redirect URI is not meant to contain invalid
> characters in the first place. It is not a job of a HTTP agent to guess
> as to what a particular location is supposed to mean.
>
> > my question is , is this fine or not ?
> >
>
> Garbage in, garbage out. I personally think it is perfectly reasonable
> to reject such redirects. One can, however, override the default
> behavior of HttpClient by using a custom RedirectStrategy
> implementation.
>
> Oleg
>
>
> > Thanks
> > Regards
> > Philippe
> > On Wednesday, August 7, 2013, Oleg Kalnichevski wrote:
> >
> > > On Tue, 2013-08-06 at 22:58 +0200, Philippe Mouawad wrote:
> > > > Hello,
> > > >
> > > > We have an issue with redirection handling in HttpClient 4.2.5
> > > > We have a JSP that contains the following code:
> > > >
> > > > <%@ page session="false"  contentType="text/html"  buffer="8kb" %>
> > > > <html>
> > > > <body>
> > > >
> > > > <%
> > > > response.sendRedirect("http://localhost:8080/?[]!@#$%^&*()");
> > > > %>
> > > >
> > > > </body>
> > > > </html>
> > > >
> > > >
> > > > As you can see it contains unsafe characters.
> > > >
> > > > It fails with:
> > > > Caused by: org.apache.http.ProtocolException: Invalid redirect URI:
> > > > http://localhost:8080/?[]!@#$%^&*()
> > > >     at
> > > >
> > >
> org.apache.http.impl.client.DefaultRedirectStrategy.createLocationURI(DefaultRedirectStrategy.java:197)
> > > >     at
> > > >
> > >
> org.apache.http.impl.client.DefaultRedirectStrategy.getLocationURI(DefaultRedirectStrategy.java:148)
> > > >     at
> > > >
> > >
> org.apache.http.impl.client.DefaultRedirectStrategy.getRedirect(DefaultRedirectStrategy.java:217)
> > > >     at
> > > >
> > >
> org.apache.http.impl.client.DefaultRequestDirector.handleResponse(DefaultRequestDirector.java:1105)
> > > >     at
> > > >
> > >
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:548)
> > > >     at
> > > >
> > >
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
> > > >     ... 9 more
> > > > Caused by: java.net.URISyntaxException: Malformed escape pair at
> index
> > > 29:
> > > > http://localhost:8080/?[]!@#$%^&*()
> > > >     at java.net.URI$Parser.fail(URI.java:2810)
> > > >     at java.net.URI$Parser.scanEscape(URI.java:2940)
> > > >     at java.net.URI$Parser.scan(URI.java:2963)
> > > >     at java.net.URI$Parser.checkChars(URI.java:2981)
> > > >     at java.net.URI$Parser.parse(URI.java:3029)
> > > >     at java.net.URI.<init>(URI.java:577)
> > > >     at
> > > >
> > >
> org.apache.http.impl.client.DefaultRedirectStrategy.createLocationURI(DefaultRedirectStrategy.java:195)
> > > >     ... 14 more
> > > >
> > > > It succeeds with Java Implementation.
> > > >
> > >
> > > Philippe,
> > >
> > > I am not sure I understand your question (if it is a question).
> > >
> > > Oleg
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org<javascript:;>
> <javascript:;>
> > > For additional commands, e-mail: httpclient-users-help@hc.apache.org<javascript:;>
> <javascript:;>
> > >
> > >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org<javascript:;>
> For additional commands, e-mail: httpclient-users-help@hc.apache.org<javascript:;>
>
>

-- 
Cordialement.
Philippe Mouawad.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message