Mark Hale created SHIRO-509:
-------------------------------
Summary: WebUtils.decodeAndCleanUriString incorrectly handles
matrix parameters
Key: SHIRO-509
URL: https://issues.apache.org/jira/browse/SHIRO-509
Project: Shiro
Issue Type: Bug
Components: Web
Affects Versions: 1.2.2
Environment: Webapp deployment in Jetty
Reporter: Mark Hale
If I config a web filter (say anon) for a path /**/public and make a request to
/mystuff;filter=toys/prices/public the filter is not triggered because
WebUtils.decodeAndCleanUriString() removes everything after the ';' (so it only
tries to match on /mystuff). The fix is to change
int semicolonIndex = uri.indexOf(';');
to
int lastSlash = uri.lastIndexOf('/');
int semicolonIndex = uri.lastIndexOf(';');
if(semicolonIndex > lastSlash) then drop trailing matrix params. So that matrix
params in parent path segments are left intact.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
