Download
Abstract
javax.servlet.httpservletrequest.getrequesturi() might return a decoded value after dispatching
Download Description
PI67942 resolves the following problem:
ERROR DESCRIPTION:
Invoking HttpServletRequest.getRequestURI() returns a decoded
URI if it is invoked after dispatching the request when a
decoded path was passed to
javax.servlet.ServletRequest.getRequestDispatcher(String
path).
LOCAL FIX:
PROBLEM SUMMARY
USERS AFFECTED:
IBM WebSphere Application Server versions
8.5.5 and 9.0, and Websphere Application
Server Liberty users of Web Container.
PROBLEM DESCRIPTION:
Invoking
HttpServletRequest.getRequestURI()
after dispatching the request
incorrectly returns a decoded URI if a
decoded path was passed to
javax.servlet.ServletRequest.getRequest
Dispatcher() or
javax.servlet.AsyncContext.dispatch()
RECOMMENDATION:
None
If a decoded path is used when invoking
ServletRequest.getRequestDispatcher() or one of the
AsyncContext.dispatch() methods,
HttpServletRequest.getRequestURI() returns a decoded URI
instead of an encoded URI after the request has been
dispatched.
The following is an example of this problem:
ServletA:
...
request.getRequestDispatcher("/ServletB/a b").forward();
...
ServletB:
...
String uri = request.getRequestURI();
...
The "uri" variable in ServletB will have the following value:
/ServletB/a b
The getRequestURI() method should return an URL encoded value.
PROBLEM CONCLUSION:
The WebContainer has been modified to return a decoded URI
when invoking HttpServletRequest.getRequestURI() after
dispatching.
A new context parameter needs to be set to true in the
application's web.xml to enable this fix. If this fix is
enabled, the developer must make sure that any invocations to
ServletRequest.getRequestDispatcher() and
AsyncContext.dispatch() are being done using decoded paths as
a parameter:
<context-param>
<param-name>com.ibm.ws.webcontainer.ENCODE_DISPATCHED_REQUEST_UR
I</param-name>
<param-value>true</param-value>
</context-param>
After enabling the fix the "uri" variable in the example above
will have the following value:
/ServletB/a%20b
If an encoded path is used when invoking
ServletRequest.getRequestDispatcher() and
AsyncContext.dispatch() when this fix is enabled the "uri"
variable will have the following value:
/ServletB/a%2520b
This will be considered an application error and can be fixed
by using decoded paths when invoking
ServletRequest.getRequestDispatcher() and
AsyncContext.dispatch().
The fix for this APAR is currently targeted for inclusion in
fix packs 8.5.5.11, 9.0.0.2 and 16.0.0.3. Please refer to the
recommended updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
None
Installation Instructions
Please review the readme.txt for detailed installation instructions.
Technical Support
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24042827