Seems reasonable to me. I don't know why we would need to double encode
the %3A and it actually seems like it might cause some problems.
Joe
David Jencks wrote:
There's a new MR for the jacc spec and one of the changes is related to
something we've already tried to solve for dealing with the pluto
console urls which sometimes have colons in them for instance when a
jdbc url is in a query parameter in the url..
Here's the text of the spec change:
The name of the permission checked in a transport or pre-dispatch
decision must
be the unqualified request URI minus the context path. All colon characters
occurring within the name must be represented using escaped encoding1.
Here's our current code:
static String encodeColons(HttpServletRequest request) {
String result = request.getServletPath() +
(request.getPathInfo() == null ? "" : request.getPathInfo());
if (result.indexOf("%3A") > -1) result =
result.replaceAll("%3A", "%3A%3A");
if (result.indexOf(":") > -1) result = result.replaceAll(":",
"%3A");
return result;
}
I think that we are being over-enthusiastic and should leave out the
doubling of a pre-encoded colon:
static String encodeColons(HttpServletRequest request) {
String result = request.getServletPath() +
(request.getPathInfo() == null ? "" : request.getPathInfo());
if (result.indexOf(":") > -1) result = result.replaceAll(":",
"%3A");
return result;
}
Does this seem right?
thanks
david jencks
