[
https://issues.apache.org/jira/browse/SLING-559?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12608440#action_12608440
]
Felix Meschberger commented on SLING-559:
-----------------------------------------
Further inspection yielded yet another issue: The
SlingMainServlet.handleSecurity method implements API of the OSGi HttpContext.
This method is called by the OSGi HttpService _before_ calling into the actual
servlet registered for that HttpContext. This allows for security checks before
hitting the servlet.
If now during handleSecurity handling a request parameter is retrieved, the
ParameterSupport handling of setting the request character encoding has no
effect. In addtion, what makes the situation even worse, is that Jetty uses a
separate character encoding do decode the query parameters. This character
encoding may be set by using a Jetty specific method on the ServletRequest or
-- fortunately -- by setting a request attribute.
To come around these two problems, the following solution will be implemented:
(1) The SlingMainServlet.handleSecurity method passes a request wrapper, which
makes use of the ParameterSupport class.
(2) The ParameterSupport instance is available by calling the
ParameterSupport.getInstance(ServletRequest) method. This method is the only
way to get at a ParameterSupport instance for a given request. This enables
sharing a single ParameterSupport instance accross the request.
(3) When getting the ParameterSupport instance the Jetty specific request
attribute -- org.mortbay.jetty.Request.queryEncoding -- is set to ISO-8859-1 to
try to enforce identity decoding of the request query.
These steps combined allow for the following:
* ParameterSupport is the only thing used inside Sling to access parameters
* ParameterSupport is set as early as possible
> Request parameter re-encoding does not work
> -------------------------------------------
>
> Key: SLING-559
> URL: https://issues.apache.org/jira/browse/SLING-559
> Project: Sling
> Issue Type: Bug
> Components: Engine
> Affects Versions: Engine 2.0.2
> Reporter: Tobias Bocanegra
> Assignee: Felix Meschberger
>
> Issue SLING-508 introduced a smart way to re-encode request parameters, if
> they are sent in a different encoding that the default.
> imo there is a bug that causes this functionality to fail:
> in ParameterSupport.getContainerParameters(....) new
> ContainerRequestParameter are generated with the respective encoding. but the
> constructor does never call setEncoding() and the re-encode is never
> performed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
