Thoku Hansen [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi,
Does Tomcat decode a URL-encoded request before evaluating it against
servlet url-patterns?
I have a form whose submit action URL includes the jsessionid like this:
form action=Example.action;jsessionid=196273839CE41F0BFBA445F63D3880EB
method=post
When the form is submitted, the request is going through a kind of proxy
that performs a URL encode before forwarding the request.
When the request is received by Tomcat (v. 6.0.14) it looks like this:
http://foo/Example.action%3Bjsessionid% 3D196273839CE41F0BFBA445F63D3880EB
I have a servlet url-pattern for *.action. It works fine for request
URLs like:
http://foo/Example.action
and also
http://foo/Example.action;jsessionid=196273839CE41F0BFBA445F63D3880EB
But when the re-encoded request URL is encountered (below again), Tomcat
gives a 404 error.
http://foo/Example.action%3Bjsessionid% 3D196273839CE41F0BFBA445F63D3880EB
I do not have any control over the proxy that is doing this re-encoding.
I have two questions:
1. Is the URL encoding that is being done in the above example
appropriate?
No, ';' is a legitimate character in a URL, so by encoding it the proxy is
changing the name of the resource being asked for.
2. Shouldn't Tomcat be URL-decoding this and turning it into its original
form?
No, because with the ';' it is a parameter to the URL, and with %3B it is
just a normal character in the URL (e.g. a file name that happens to have a
';' in it's name).
Hope you can shed some light on this.
Thanks,
T.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]