[ https://issues.apache.org/jira/browse/FELIX-5093?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Xavier Fournet updated FELIX-5093: ---------------------------------- Description: The HttpServletRequest.getRequestURI must return the URI without processing % escaping. Since version 3.1.0 this processing is done, so the returned value is incorrect. For exemple this can lead to error in Apache Shiro when it try to unescape % of an URI. See the attached jar for a bundle that can be used to reproduce the problem: * load the bundle * with a browser go on http://localhost:8080/requesturibug/test%2Ftest%25test With HTTP Jetty < 3.0.0 it prints: {noformat} Request URI: /requesturibug/test%2Ftest%25test (org.apache.felix.http.base.internal.handler.ServletHandlerRequest) Wrapped URI: /requesturibug/test%2Ftest%25test (org.apache.felix.http.base.internal.dispatch.FilterPipeline$FilterRequestWrapper) Wrapped URI: /requesturibug/test%2Ftest%25test (org.apache.felix.http.base.internal.DispatcherServlet$AttributeEventRequest) Wrapped URI: /requesturibug/test%2Ftest%25test (org.eclipse.jetty.server.Request) {noformat} => request URI is ok With HTTP Jetty 3.1.0 or 3.1.2 it prints: {noformat} Request URI: /requesturibug/test/test%test (org.apache.felix.http.base.internal.dispatch.ServletRequestWrapper) Wrapped URI: /requesturibug/test%2Ftest%25test (org.eclipse.jetty.server.Request) {noformat} => request URI is wrong while the underlying request URI returned by Jetty itself is correct was: The HttpServletRequest.getRequestURI must return the URI without processing % escaping. Since version 3.1.0 this processing is done, so the returned value is incorrect. For exemple this can lead to error in Apache Shiro when it try to unescape % of an URI. See the attached jar for a bundle that can be used to reproduce the problem: * load the bundle * with a browser go on http://localhost:8080/requesturibug/test%2Ftest%25test With HTTP Jetty < 3.0.0 it prints: {noformat} Request URI: /requesturibug/test%2Ftest%25test (org.apache.felix.http.base.internal.handler.ServletHandlerRequest) Wrapped URI: /requesturibug/test%2Ftest%25test (org.apache.felix.http.base.internal.dispatch.FilterPipeline$FilterRequestWrapper) Wrapped URI: /requesturibug/test%2Ftest%25test (org.apache.felix.http.base.internal.DispatcherServlet$AttributeEventRequest) Wrapped URI: /requesturibug/test%2Ftest%25test (org.eclipse.jetty.server.Request) {noformat} => request URI is ok With HTTP Jetty 3.0.0 or 3.0.2 it prints: {noformat} Request URI: /requesturibug/test/test%test (org.apache.felix.http.base.internal.dispatch.ServletRequestWrapper) Wrapped URI: /requesturibug/test%2Ftest%25test (org.eclipse.jetty.server.Request) {noformat} => request URI is wrong while the underlying request URI returned by Jetty itself is correct > HttpServletRequest.getRequestURI is broken for escaped char in URL since 3.1.0 > ------------------------------------------------------------------------------ > > Key: FELIX-5093 > URL: https://issues.apache.org/jira/browse/FELIX-5093 > Project: Felix > Issue Type: Bug > Components: HTTP Service > Affects Versions: http.jetty-3.1.0, http.jetty-3.1.2 > Reporter: Xavier Fournet > Priority: Blocker > > The HttpServletRequest.getRequestURI must return the URI without processing % > escaping. Since version 3.1.0 this processing is done, so the returned value > is incorrect. For exemple this can lead to error in Apache Shiro when it try > to unescape % of an URI. > See the attached jar for a bundle that can be used to reproduce the problem: > * load the bundle > * with a browser go on http://localhost:8080/requesturibug/test%2Ftest%25test > With HTTP Jetty < 3.0.0 it prints: > {noformat} > Request URI: /requesturibug/test%2Ftest%25test > (org.apache.felix.http.base.internal.handler.ServletHandlerRequest) > Wrapped URI: /requesturibug/test%2Ftest%25test > (org.apache.felix.http.base.internal.dispatch.FilterPipeline$FilterRequestWrapper) > Wrapped URI: /requesturibug/test%2Ftest%25test > (org.apache.felix.http.base.internal.DispatcherServlet$AttributeEventRequest) > Wrapped URI: /requesturibug/test%2Ftest%25test > (org.eclipse.jetty.server.Request) > {noformat} > => request URI is ok > With HTTP Jetty 3.1.0 or 3.1.2 it prints: > {noformat} > Request URI: /requesturibug/test/test%test > (org.apache.felix.http.base.internal.dispatch.ServletRequestWrapper) > Wrapped URI: /requesturibug/test%2Ftest%25test > (org.eclipse.jetty.server.Request) > {noformat} > => request URI is wrong while the underlying request URI returned by Jetty > itself is correct -- This message was sent by Atlassian JIRA (v6.3.4#6332)