[
https://issues.apache.org/jira/browse/TAP5-1803?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13175751#comment-13175751
]
David Canteros commented on TAP5-1803:
--------------------------------------
Of course. At my job we have a set of tools which have one common login page.
The login page is a tool itself (not developed in tapestry) and after the
login, users can see icons with links to all the other tools. All those icons
and links are automatically generated (reading data from a database) and they
look like this:
http://190.168.0.1/tool_name/login?key=diXmpfiW1uk*1w21wCIi*21312423*w
The "key" value is encryped and has some information that the destination tool
has to unencrypt and validate. All links have the same format and all tools
have the same "interface" so I canĀ“t change this behaviour, i can't control the
encryted format. It is an environment restriction, thus I have to receive this
data in my tapestry tool usign @ActivationRequestParameter (I found this in the
mail list, i dont kwown if ther are other way).
Last thursday I updated the tapestry version to 5.3.1 and my tools started to
throw IllegalArgumentException when the users clicked on the link.
It was very harder to me found the cause, but with some help from the user list
I discovered that the key value contains "asterisks" and they are
consider "unsafe" by the URLEncoder (which I guess makes the process of
encode). The problem is that URLEncoderImpl considers that asterisk is unsafe,
and some standars say otherwise (same thing happens to the other characters
mentioned ).The solution could be to encode the variable in the first tool, but
it should not know about it (should be enough follow the standard URLs).
I copied the exception below:
[ERROR] AppModule.CustomRequestExceptionHandler Unexpected runtime exception:
Input string 'diXmpfiW1uk*1w21wCIi*21312423*w' is not valid; the character '*'
at position 12 is not valid. (Track ID: 1324576808506)
org.apache.tapestry5.runtime.ComponentEventException: Input string
'diXmpfiW1uk*1w21wCIi*21312423*w' is not valid; the character '*' at position
12 is not valid.
at
org.apache.tapestry5.internal.structure.ComponentPageElementImpl.processEventTriggering(ComponentPageElementImpl.java:1130)
at
org.apache.tapestry5.internal.structure.ComponentPageElementImpl.access$3200(ComponentPageElementImpl.java:61)
at
org.apache.tapestry5.internal.structure.ComponentPageElementImpl$5.invoke(ComponentPageElementImpl.java:1051)
at
org.apache.tapestry5.internal.structure.ComponentPageElementImpl$5.invoke(ComponentPageElementImpl.java:1048)
at
org.apache.tapestry5.ioc.internal.OperationTrackerImpl.invoke(OperationTrackerImpl.java:74)
at
org.apache.tapestry5.ioc.internal.PerThreadOperationTracker.invoke(PerThreadOperationTracker.java:87)
at
org.apache.tapestry5.ioc.internal.RegistryImpl.invoke(RegistryImpl.java:1121)
at
org.apache.tapestry5.internal.structure.ComponentPageElementResourcesImpl.invoke(ComponentPageElementResourcesImpl.java:146)
at
org.apache.tapestry5.internal.structure.ComponentPageElementImpl.triggerContextEvent(ComponentPageElementImpl.java:1047)
at
org.apache.tapestry5.internal.structure.InternalComponentResourcesImpl.triggerContextEvent(InternalComponentResourcesImpl.java:302)
at
org.apache.tapestry5.internal.services.PageActivatorImpl.activatePage(PageActivatorImpl.java:34)
at $PageActivator_7f2c9a23350.activatePage(Unknown Source)
at
org.apache.tapestry5.internal.services.PageRenderRequestHandlerImpl.handle(PageRenderRequestHandlerImpl.java:57)
at
org.apache.tapestry5.services.TapestryModule$37.handle(TapestryModule.java:2207)
at $PageRenderRequestHandler_7f2c9a23351.handle(Unknown Source)
at $PageRenderRequestHandler_7f2c9a2334a.handle(Unknown Source)
at
org.apache.tapestry5.internal.services.ComponentRequestHandlerTerminator.handlePageRender(ComponentRequestHandlerTerminator.java:48)
at
org.apache.tapestry5.services.InitializeActivePageName.handlePageRender(InitializeActivePageName.java:47)
at $ComponentRequestHandler_7f2c9a2334b.handlePageRender(Unknown Source)
at
org.tynamo.security.SecurityComponentRequestFilter.handlePageRender(SecurityComponentRequestFilter.java:50)
at $ComponentRequestFilter_7f2c9a23348.handlePageRender(Unknown Source)
at $ComponentRequestHandler_7f2c9a2334b.handlePageRender(Unknown Source)
at $ComponentRequestHandler_7f2c9a23311.handlePageRender(Unknown Source)
at
org.apache.tapestry5.internal.services.PageRenderDispatcher.dispatch(PageRenderDispatcher.java:45)
at $Dispatcher_7f2c9a23314.dispatch(Unknown Source)
at $Dispatcher_7f2c9a2330e.dispatch(Unknown Source)
at
org.apache.tapestry5.services.TapestryModule$RequestHandlerTerminator.service(TapestryModule.java:302)
at
org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:26)
at $RequestHandler_7f2c9a2330f.service(Unknown Source)
at
org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:902)
at $RequestHandler_7f2c9a2330f.service(Unknown Source)
at
org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:892)
at $RequestHandler_7f2c9a2330f.service(Unknown Source)
at
org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:90)
at $RequestHandler_7f2c9a2330f.service(Unknown Source)
at ultimate.pricetool.services.AppModule$1.service(AppModule.java:433)
at $RequestFilter_7f2c9a2330b.service(Unknown Source)
at $RequestHandler_7f2c9a2330f.service(Unknown Source)
at $RequestHandler_7f2c9a23300.service(Unknown Source)
at
org.apache.tapestry5.services.TapestryModule$HttpServletRequestHandlerTerminator.service(TapestryModule.java:253)
at org.apache.tapestry5.internal.gzip.GZipFilter.service(GZipFilter.java:53)
at $HttpServletRequestHandler_7f2c9a23302.service(Unknown Source)
at
org.apache.tapestry5.upload.internal.services.MultipartServletRequestFilter.service(MultipartServletRequestFilter.java:44)
at $HttpServletRequestHandler_7f2c9a23302.service(Unknown Source)
at
org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
at $HttpServletRequestFilter_7f2c9a232fe.service(Unknown Source)
at $HttpServletRequestHandler_7f2c9a23302.service(Unknown Source)
at
org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
at $HttpServletRequestHandler_7f2c9a23302.service(Unknown Source)
at
org.tynamo.security.services.impl.SecurityConfiguration$2.call(SecurityConfiguration.java:104)
at
org.tynamo.security.services.impl.SecurityConfiguration$2.call(SecurityConfiguration.java:102)
at
org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at
org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at
org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:376)
at
org.tynamo.security.services.impl.SecurityConfiguration.service(SecurityConfiguration.java:102)
at $HttpServletRequestFilter_7f2c9a232fd.service(Unknown Source)
at $HttpServletRequestHandler_7f2c9a23302.service(Unknown Source)
at $HttpServletRequestHandler_7f2c9a232fb.service(Unknown Source)
at org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:476)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:517)
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:247)
at
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:149)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)
at org.eclipse.jetty.server.Server.handle(Server.java:346)
at
org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)
at
org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1048)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:601)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)
at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)
at java.lang.Thread.run(Thread.java:662)
Caused by: org.apache.tapestry5.ioc.internal.OperationException: Input string
'diXmpfiW1uk*1w21wCIi*21312423*w' is not valid; the character '*' at position
12 is not valid.
at
org.apache.tapestry5.ioc.internal.OperationTrackerImpl.logAndRethrow(OperationTrackerImpl.java:121)
at
org.apache.tapestry5.ioc.internal.OperationTrackerImpl.invoke(OperationTrackerImpl.java:88)
at
org.apache.tapestry5.ioc.internal.PerThreadOperationTracker.invoke(PerThreadOperationTracker.java:87)
at
org.apache.tapestry5.ioc.internal.RegistryImpl.invoke(RegistryImpl.java:1121)
at
org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl$TransformationSupportImpl$1.advise(ComponentInstantiatorSourceImpl.java:439)
at
org.apache.tapestry5.internal.plastic.AbstractMethodInvocation.proceed(AbstractMethodInvocation.java:86)
at ultimate.pricetool.pages.Login.dispatchComponentEvent(Login.java)
at
org.apache.tapestry5.internal.structure.ComponentPageElementImpl.dispatchEvent(ComponentPageElementImpl.java:923)
at
org.apache.tapestry5.internal.structure.ComponentPageElementImpl.processEventTriggering(ComponentPageElementImpl.java:1106)
... 81 more
Caused by: java.lang.IllegalArgumentException: Input string
'diXmpfiW1uk*1w21wCIi*21312423*w' is not valid; the character '*' at position
12 is not valid.
at
org.apache.tapestry5.internal.services.URLEncoderImpl.decode(URLEncoderImpl.java:144)
at $URLEncoder_7f2c9a23336.decode(Unknown Source)
at
org.apache.tapestry5.internal.transform.ActivationRequestParameterWorker$2.handleEvent(ActivationRequestParameterWorker.java:128)
at
org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl$TransformationSupportImpl$1$1.invoke(ComponentInstantiatorSourceImpl.java:443)
at
org.apache.tapestry5.ioc.internal.OperationTrackerImpl.invoke(OperationTrackerImpl.java:74)
... 88 more
> URL encoding in ActivationRequestParameter is very strict
> ---------------------------------------------------------
>
> Key: TAP5-1803
> URL: https://issues.apache.org/jira/browse/TAP5-1803
> Project: Tapestry 5
> Issue Type: Bug
> Components: tapestry-core
> Affects Versions: 5.3.1
> Reporter: David Canteros
> Labels: @ActivationRequestParameter, InvalidaArgumenteException,
> URLEncoder,
>
> The URLEncoder that perform the URL encoding process does not include the
> following "unreserved characters" :
> ! ~ * ' ( )
> (see rfc2396 Uniform Resource Identifiers (URI): Generic Syntax, item 2.3)
>
> Because the fix of TAP5-1768, from v5.3.1 the @ActivationRequestParameter
> requires this enconding, which becomes incompatible with the standard.
> Thus, any URL which contains those symbols will throw an
> InvalidaArgumenteException. Tapestry should consider that the
> ActivationRequestParameter is a standar way of parameter sending, and the
> parameters sent in this way probably not have the "strict" coding process of
> the URLEncoder.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
