Philip Zampino created KNOX-3180:
------------------------------------
Summary: Improve conditions for applying UrlEncodedFormRequest
wrapper
Key: KNOX-3180
URL: https://issues.apache.org/jira/browse/KNOX-3180
Project: Apache Knox
Issue Type: Improvement
Components: Server
Reporter: Philip Zampino
Assignee: Philip Zampino
The fix for KNOX-3179 introduced some conditional logic in
UrlEncodedFormRequest to accommodate params in the request body. It seems the
intention of the UrlEncodedFormRequest wrapper is for proxying cases, and only
applied based on the "x-www-form-urlencoded" content type. However, when Knox
itself is the terminus, and the API includes form data, we end up with an
unusual situation. It seems like perhaps we should only be employing
UrlEncodedFormRequest when the content type is "x-www-form-urlencoded" AND Knox
is proxying. When Knox is providing the API itself, this restriction is not
necessary and this extension need not be applied.
I think we can modify [the condition for applying the
wrapper|https://github.com/apache/knox/blob/e58d5e4a2d10910a298708400ce9afca0690b5b8/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java#L192]
to include a check for the service being requested.
Something like
{code:java}
(UrlEncodedFormRequest.isUrlEncodedForm(servletRequest) &&
!KNOX_SERVICES.contains(chain.getResourceRole()))
? new UrlEncodedFormRequest((HttpServletRequest)
servletRequest)
: servletRequest {code}
where KNOX_SERVICES is a constant collection of Knox-provided API service roles.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
