Hi, > We built a RESTful web service on top of Jetty and we don't want > HTTPChannel to convert URI like "/a/../b" and "/.." into "/b" and "/" > (or error 400) respectively.
... > HTTPChannel#onFillable() calls URIUtil.canonicalPath() to convert the > path. I was confused -- #onFillable() is a method of HTTPConnection and will eventually trigger HTTChannel#startRequest(). HTTChannel#startRequest() will call URIUtil.canonicalPath(). > - Extend HttpChannel to override #onFillable() > - Extend HttpConnection to replace it's private inner class > HttpChannelOverHttp > - Extend HttpConnectionFactory to override #newConnection() > - Extend nio.NetworkTrafficSelectChannelConnector's to override the > constructor I think I want to: 1. Make HttpChannelOverHttp a public class 2. Create a sub-class of HttpChannelOverHttp and override #startRequest() not to call URIUtil#canonicalPath() 3. Make HttpConnectionFactory#newConnection() to be configurable via HttpConfiguration so that it will instantiate the sub-class of HttpChannelOverHttp 1 and 3 will be the changes in jetty-server. 2 will be a part of our web service application. > Perhaps we should contribute a patch for > Jetty to make this conversion configurable via HttpConfiguration? > (e.g. <Set name="canonicalizeUri">false</Set>) This configuration thing will beak DefaultHandler if we feed URI like "/..", so it won't be a good solution. Thanks, Tatsuya -- Tatsuya Kawano (Mr.) Tokyo, Japan 2013/5/27 Tatsuya Kawano: > Hello, > > I've got a question about jetty-server. What will be a good way to > make HTTPChannel not to convert a request path to its canonical form? > We built a RESTful web service on top of Jetty and we don't want > HTTPChannel to convert URI like "/a/../b" and "/.." into "/b" and "/" > (or error 400) respectively. > > We're currently using Jetty 8.1.x, and will move to Jetty 9 soon. We > developed a list of handlers and don't use the default handlers like > ContextHandlerCollection. > > I checked the source code of Jetty 9 and found that > HTTPChannel#onFillable() calls URIUtil.canonicalPath() to convert the > path. > > http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/jetty-server/src/main/java/org/eclipse/jetty/server/HttpChannel.java?h=release-9#n431 > > We'd prefer not to edit Jetty's source code. But the only way I've > came up with is to extend of HttpCannel and related classes to > customize the behavior of #onFillable(). This doesn't seem an elegant > solution as we'll have to extend all of the following classes: > > - Extend HttpChannel to override #onFillable() > - Extend HttpConnection to replace it's private inner class > HttpChannelOverHttp > - Extend HttpConnectionFactory to override #newConnection() > - Extend nio.NetworkTrafficSelectChannelConnector's to override the > constructor > > Is there any better way? Perhaps we should contribute a patch for > Jetty to make this conversion configurable via HttpConfiguration? > (e.g. <Set name="canonicalizeUri">false</Set>) > > Thanks, > Tatsuya > > -- > Tatsuya Kawano (Mr.) > Tokyo, Japan _______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
