tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Berry <>
Subject Re: parameters in URL path segments
Date Tue, 05 Sep 2006 15:29:32 GMT
Bill and others,

I think we fell into agreement regarding how this should work.

What does it take to go about getting this fixed in tomcat? A patch?

	- Is there sufficient agreement from others that the behavior I  
described is desired?

	- Can anybody point me at where I might go about changing this  
behavior, and whether there are any pitfalls I might look out for?

	- Can somebody comment on how a change to this behavior might  
interact with the recent change ( 
l=tomcat-dev&m=115344110306194&w=2) or affect the motivation for that  



On Aug 23, 2006, at 4:05 PM, James Berry wrote:

> Hi Bill,
> On Aug 23, 2006, at 3:35 PM, William A. Rowe, Jr. wrote:
>> James Berry wrote:
>>> What I'm saying is that they should not be treated independently or
>>> differently. They should be treated not as metadata, but as part  
>>> of the
>>> segment.
>> To be 100% clear; this is what Apache httpd does today.  If you  
>> ask for
>> foo.html;v=1 it will open the -file- foo.html;v=1 or fail.  What  
>> jk or
>> tomcat does with the same is up to those components, but httpd has no
>> magic whatsoever which is what you want.  You would like the same of
>> Tomcat.  But...
>> ...this would be valid if /servlet/MyApplication;v=1 invokes the  
>> class
>> MyApplication;v=1
> Yes, I would expect it to invoke the class "MyApplication;v=1". I  
> hadn't considered the other behavior.
>> and not MyApplication with a parameter of v=1.
>> If it invokes the class MyApplication then we can't follow your  
>> philosophy
>> since the permissions were likely to apply to the servlet class  
>> and not
>> to the precise syntax the user called MyApplication with.
> That's not  what I'm asking for. It's an interesting idea, but as  
> you've pointed out, might require significantly more work and  
> thought to get right.
> I'm simply asking that Tomcat not mangle urls that contain  
> parameters. The cases in which I'd be interested in using  
> parameters are below the servlet level (in pathinfo), so invoking  
> servlets with such parameters, while conceivably interesting, is by  
> no means necessary.
> I'd ask that, for now, special case handling of parameters be  
> removed. If at some point in the future support was added to  
> specially parse parameters and pass them into servlets, then I'd  
> assume there would have to be special configuration to enable such  
> behavior. So allowing the more wide open general case behavior that  
> I'm asking for now wouldn't prevent such support in the future, as  
> parameters to servlets would presumably only be parsed if such  
> behavior was enabled.
> Given the present behavior, however, any use of parameters is  
> disallowed, which seems overly restrictive, and certainly prevents  
> a broad range of interesting application for segment parameters.
> James
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message