[
https://issues.apache.org/jira/browse/OLINGO-1422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Speckamp updated OLINGO-1422:
---------------------------------
Description:
In some cases the ODataHttpHandlerImpl in server-core tries to determine the
start of the ODataPath (seperating the protocol/host from the odata part) by
String matching a given ContextPath/ServletPath against the raw URI.
If the hostname contains the same String used by the ServletPath as a
substring, the used indexOf() function returns a wrong index (first match wins)
and the URL is split up (and consequently parsed) wrong. A part of the hostname
is mistaken for the start of the ODataPath.
The offending lines are:
*org.apache.olingo.server.core.ODataHttpHandlerImpl:278 ([github
link|https://github.com/apache/olingo-odata4/blob/a1dfb5596b4266f30ae503d3d3e116f269561640/lib/server-core/src/main/java/org/apache/olingo/server/core/ODataHttpHandlerImpl.java#L277])*
*org.apache.olingo.server.core.ODataHttpHandlerImpl:281 ([github
link|https://github.com/apache/olingo-odata4/blob/a1dfb5596b4266f30ae503d3d3e116f269561640/lib/server-core/src/main/java/org/apache/olingo/server/core/ODataHttpHandlerImpl.java#L281])*
This is relevant as it prevents URLs such as "test.demo.org:8080/test/" from
being used when a ContextPath/ServletPath is set (e.g. in Spring environments).
OLingo will always throw anUriParserSyntaxException("Unexpected start of
resource-path segment.") for every request. In Docker environments the host ist
also often given as plaintext, e.g. "demoservice:8081/demo" for a container
named demoservice, which also breaks du to wrong matching
Suggested Fixes:
- Do not rely upon simple String matching with indexOf() for seperating
protocol/host/ContextPath/ServletPath from ODataPath.
was:
In some cases the ODataHttpHandlerImpl in server-core tries to determine the
start of the ODataPath (seperating the protocol/host from the odata part) by
String matching a given ContextPath/ServletPath against the raw URI.
If the hostname contains the same String used by the ServletPath as a
substring, the used indexOf() function returns a wrong index (first match wins)
and the URL is split up (and consequently parsed) wrong. A part of the hostname
is mistaken for the start of the ODataPath.
The offending lines are:
org.apache.olingo.server.core.ODataHttpHandlerImpl:278 ([github
link|https://github.com/apache/olingo-odata4/blob/a1dfb5596b4266f30ae503d3d3e116f269561640/lib/server-core/src/main/java/org/apache/olingo/server/core/ODataHttpHandlerImpl.java#L277])
org.apache.olingo.server.core.ODataHttpHandlerImpl:281 ([github
link|https://github.com/apache/olingo-odata4/blob/a1dfb5596b4266f30ae503d3d3e116f269561640/lib/server-core/src/main/java/org/apache/olingo/server/core/ODataHttpHandlerImpl.java#L281])
This is relevant as it prevents URLs such as "test.demo.org:8080/test/" from
being used when a ContextPath/ServletPath is set (e.g. in Spring environments).
OLingo will always throw anUriParserSyntaxException("Unexpected start of
resource-path segment.") for every request. In Docker environments the host ist
also often given as plaintext, e.g. "demoservice:8081/demo" for a container
named demoservice, which also breaks du to wrong matching
Suggested Fixes:
- Do not rely upon simple String matching with indexOf() for seperating
protocol/host/ContextPath/ServletPath from ODataPath.
> Incorrect URL Parsing in ODataHttpHandlerImpl when given
> ContextPath/ServletPath
> --------------------------------------------------------------------------------
>
> Key: OLINGO-1422
> URL: https://issues.apache.org/jira/browse/OLINGO-1422
> Project: Olingo
> Issue Type: Bug
> Components: odata4-server
> Affects Versions: (Java) V4 4.6.0, (Java) V4 4.7.0, (Java) V4 4.8.0
> Reporter: Jan Speckamp
> Priority: Minor
>
> In some cases the ODataHttpHandlerImpl in server-core tries to determine the
> start of the ODataPath (seperating the protocol/host from the odata part) by
> String matching a given ContextPath/ServletPath against the raw URI.
> If the hostname contains the same String used by the ServletPath as a
> substring, the used indexOf() function returns a wrong index (first match
> wins) and the URL is split up (and consequently parsed) wrong. A part of the
> hostname is mistaken for the start of the ODataPath.
> The offending lines are:
> *org.apache.olingo.server.core.ODataHttpHandlerImpl:278 ([github
> link|https://github.com/apache/olingo-odata4/blob/a1dfb5596b4266f30ae503d3d3e116f269561640/lib/server-core/src/main/java/org/apache/olingo/server/core/ODataHttpHandlerImpl.java#L277])*
> *org.apache.olingo.server.core.ODataHttpHandlerImpl:281 ([github
> link|https://github.com/apache/olingo-odata4/blob/a1dfb5596b4266f30ae503d3d3e116f269561640/lib/server-core/src/main/java/org/apache/olingo/server/core/ODataHttpHandlerImpl.java#L281])*
> This is relevant as it prevents URLs such as "test.demo.org:8080/test/" from
> being used when a ContextPath/ServletPath is set (e.g. in Spring
> environments). OLingo will always throw
> anUriParserSyntaxException("Unexpected start of resource-path segment.") for
> every request. In Docker environments the host ist also often given as
> plaintext, e.g. "demoservice:8081/demo" for a container named demoservice,
> which also breaks du to wrong matching
> Suggested Fixes:
> - Do not rely upon simple String matching with indexOf() for seperating
> protocol/host/ContextPath/ServletPath from ODataPath.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
