shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Hale (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SHIRO-509) WebUtils.decodeAndCleanUriString incorrectly handles matrix parameters
Date Thu, 10 Jul 2014 14:16:05 GMT
Mark Hale created SHIRO-509:
-------------------------------

             Summary: WebUtils.decodeAndCleanUriString incorrectly handles matrix parameters
                 Key: SHIRO-509
                 URL: https://issues.apache.org/jira/browse/SHIRO-509
             Project: Shiro
          Issue Type: Bug
          Components: Web
    Affects Versions: 1.2.2
         Environment: Webapp deployment in Jetty
            Reporter: Mark Hale


If I config a web filter (say anon) for a path /**/public and make a request to /mystuff;filter=toys/prices/public
the filter is not triggered because WebUtils.decodeAndCleanUriString() removes everything
after the ';' (so it only tries to match on /mystuff). The fix is to change
        int semicolonIndex = uri.indexOf(';');
to
        int lastSlash = uri.lastIndexOf('/');
        int semicolonIndex = uri.lastIndexOf(';');
if(semicolonIndex > lastSlash) then drop trailing matrix params. So that matrix params
in parent path segments are left intact.




--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message