[Bug 57559] New: Decoded Request URI used for Asynchronous dispatch

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=57559

            Bug ID: 57559
           Summary: Decoded Request URI used for Asynchronous dispatch
           Product: Tomcat 7
           Version: 7.0.53
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: cg.throwa...@mailinator.com

Overview:

In a scenario where an original request contains part of the URI
percent-encoded (e.g. /context/foo/%24/bar), when the request is put into
asynchronous mode using ServletRequest.startAsync() and then dispatched using
the no-argument AsyncContext.dispatch() method, the dispatch is incorrectly
made to a percent-decoded URI (e.g. /context/foo/$/bar), not the original
request URI.

Steps to Reproduce:

Consider the following servlet:
https://gist.github.com/anonymous/957122b45ae656a5e8f1
It puts a request into asynchronous mode using ServletRequest.startAsync() and
immediately dispatches it using the no-argument AsyncContext.dispatch() method.
When the asynchronous dispatch takes place, the request URI is written to the
response.

1) Compile and deploy the servlet to http://localhost:8080/context
2) Visit http://localhost:8080/context/foo/%24/bar (or any similar
percent-encoded URI) in your browser

Actual Results:

The printed-out request URI is /context/foo/$/bar (i.e. the request has been
dispatched to /context/foo/$/bar, a percent-decoded version of the original
URI)

Expected Results:

The printed-out request URI is /context/foo/%24/bar (i.e. the request should be
dispatched to /context/foo/%24/bar, the original URI)

Additional Information:

The Java Servlet 3.0 Specification says: "The dispatch method takes no
argument. It uses the original URI as the path. If the AsyncContext was
initialized via the startAsync(ServletRequest, ServletResponse) and the request
passed is an instance of HttpServletRequest, then the dispatch is to the URI
returned by HttpServletRequest.getRequestURI(). Otherwise the dispatch is to
the URI of the request when it was last dispatched by the container."

It seems clear that the dispatch should be to the original request URI as
obtained from HttpServletRequest.getRequestURI(), and the Javadoc of
HttpServletRequest.getRequestURI() states that "The web container does not
decode this String." Therefore, it seems the asynchronous dispatch should not
be made to a percent-decoded version of the original URI, but to the original
URI as-is.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org