Philip Zampino created KNOX-3180:
------------------------------------

             Summary: Improve conditions for applying UrlEncodedFormRequest 
wrapper
                 Key: KNOX-3180
                 URL: https://issues.apache.org/jira/browse/KNOX-3180
             Project: Apache Knox
          Issue Type: Improvement
          Components: Server
            Reporter: Philip Zampino
            Assignee: Philip Zampino


The fix for KNOX-3179 introduced some conditional logic in 
UrlEncodedFormRequest to accommodate params in the request body. It seems the 
intention of  the UrlEncodedFormRequest wrapper is for proxying cases, and only 
applied based on the "x-www-form-urlencoded" content type. However, when Knox 
itself is the terminus, and the API includes form data, we end up with an 
unusual situation. It seems like perhaps we should only be employing 
UrlEncodedFormRequest when the content type is "x-www-form-urlencoded" AND Knox 
is proxying. When Knox is providing the API itself, this restriction is not 
necessary and this extension need not be applied. 

I think we can modify [the condition for applying the 
wrapper|https://github.com/apache/knox/blob/e58d5e4a2d10910a298708400ce9afca0690b5b8/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java#L192]
 to include a check for the service being requested.

Something like
{code:java}
(UrlEncodedFormRequest.isUrlEncodedForm(servletRequest) && 
!KNOX_SERVICES.contains(chain.getResourceRole()))
                  ? new UrlEncodedFormRequest((HttpServletRequest) 
servletRequest)
                  : servletRequest {code}
where KNOX_SERVICES is a constant collection of Knox-provided API service roles.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to