ansaurus

Question

Java Reading Undecoded URL from Servlet

Answer 1

A:

If there's a %2F in the decoded url, it means the encoded url contained %252F.

Since %2F is / Why not just split on "\/" and not worry about URL encoding?

R. Bemrose 2009-06-08 17:58:15

Answer 2

A:

It seems like you are trying to do something RESTy (use Jersey). Can's you just parse off the leading and trailing parts of the URL to get the data you are looking for?

url.substring(startLength, url.length - endLength);

stevedbrown 2009-06-08 20:51:51

nope, I've got param1/param2/param3 and they are all of unknown length.

Slartibartfast 2009-06-08 21:12:00

Answer 3

+1 A:

According to the Javadoc, getRequestURI should not decode the string. On the other hand, getServletPath return a decoded string. I tested this locally using Jetty and it behaves as described in the doc.

So there might be something else at play in your situation since the behavior you're describing doesn't match the Sun documentation.

Francois Gravel 2009-06-09 11:19:29

You are partially right. When I have some UTF-8 character it stays undecoded, but spetial characters arent. I'm working on Tomcat.

Slartibartfast 2009-06-09 11:48:13

Answer 4

A:

You should not have to make a difference between an encoded and not encoded character in the path part of the URL. There is no character inside the path that can have a special meaning in a URL. E.g. '%2F' must be interpreted the same as '/', and a browser accessing such a URL is free to replace one by the other as it sees fit. Making a difference between them is breaking the standard of how URLs are encoded.

In the complete URL, you do want to make a difference:

To see where the path part ends. Because a ? encoded in the path should not be seen as the end.
Inside the query String. Because part of the value of a parameter could contain '&' or '=',...

But Java already deals fine with that. You can use:

getPathInfo() which returns only the path part, decoded (the encoding must not matter anyways)
getParameter(String) to access parts of the query part

Now, if you really want to do your own parsing of the URL, you can use

getQueryString() which returns the query part, not decoded, so you can parse that yourself
if you want to go further and do the splitting of path and query too: getRequestURI() which gives you the full URL, not decoded. If that one gives the URL decoded as you claim, then that means there is a bug in the servlet implementation you're using.

Wouter Coekaerts 2009-06-09 11:36:04

So it was my bad that I've thought that there is difference between / and %2F, while by standard there isn't. As I've said, I've skip the problem by eliminating characters before they hit url encoding part, which is I guess only standard compilant way.

Slartibartfast 2009-06-09 12:16:03

Answer 5

+3 A:

The first answer by Wouter Coekaerts is wrong, and R. Bemrose reiterates his mistake. There is a fundamental difference between '%2F' and '/', both for the browser and the server.

The HttpServletRequest specification says (without any logic, AFAICT):

getContextPath: not decoded
getPathInfo: decoded
getPathTranslated: not decoded
getQueryString: not decoded
getRequestURI: not decoded
getServletPath: decoded

The result of getPathInfo() should be decoded, but the result of getRequestURI() must not be decoded. If it is, your Servlet container is breaking the spec (as Wouter Coekaerts and Francois Gravel correctly pointed out). Which Tomcat version are you running?

Making matters even more confusing, current Tomcat versions reject paths that contain encodings of certain special characters, for security reasons.

Christopher Sahnwaldt 2009-06-30 16:08:36

ansaurus

tags:

views:

answers:

Java Reading Undecoded URL from Servlet

related questions