[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] How to prevent a request URI to be converted to its canonical form?
|
Hi,
> We built a RESTful web service on top of Jetty and we don't want
> HTTPChannel to convert URI like "/a/../b" and "/.." into "/b" and "/"
> (or error 400) respectively.
...
> HTTPChannel#onFillable() calls URIUtil.canonicalPath() to convert the
> path.
I was confused -- #onFillable() is a method of HTTPConnection and will
eventually trigger HTTChannel#startRequest().
HTTChannel#startRequest() will call URIUtil.canonicalPath().
> - Extend HttpChannel to override #onFillable()
> - Extend HttpConnection to replace it's private inner class HttpChannelOverHttp
> - Extend HttpConnectionFactory to override #newConnection()
> - Extend nio.NetworkTrafficSelectChannelConnector's to override the
> constructor
I think I want to:
1. Make HttpChannelOverHttp a public class
2. Create a sub-class of HttpChannelOverHttp and override #startRequest()
not to call URIUtil#canonicalPath()
3. Make HttpConnectionFactory#newConnection() to be configurable via
HttpConfiguration so that it will instantiate the sub-class of
HttpChannelOverHttp
1 and 3 will be the changes in jetty-server. 2 will be a part of our
web service application.
> Perhaps we should contribute a patch for
> Jetty to make this conversion configurable via HttpConfiguration?
> (e.g. <Set name="canonicalizeUri">false</Set>)
This configuration thing will beak DefaultHandler if we feed URI like
"/..", so it won't be a good solution.
Thanks,
Tatsuya
--
Tatsuya Kawano (Mr.)
Tokyo, Japan
2013/5/27 Tatsuya Kawano:
> Hello,
>
> I've got a question about jetty-server. What will be a good way to
> make HTTPChannel not to convert a request path to its canonical form?
> We built a RESTful web service on top of Jetty and we don't want
> HTTPChannel to convert URI like "/a/../b" and "/.." into "/b" and "/"
> (or error 400) respectively.
>
> We're currently using Jetty 8.1.x, and will move to Jetty 9 soon. We
> developed a list of handlers and don't use the default handlers like
> ContextHandlerCollection.
>
> I checked the source code of Jetty 9 and found that
> HTTPChannel#onFillable() calls URIUtil.canonicalPath() to convert the
> path.
>
> http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/jetty-server/src/main/java/org/eclipse/jetty/server/HttpChannel.java?h=release-9#n431
>
> We'd prefer not to edit Jetty's source code. But the only way I've
> came up with is to extend of HttpCannel and related classes to
> customize the behavior of #onFillable(). This doesn't seem an elegant
> solution as we'll have to extend all of the following classes:
>
> - Extend HttpChannel to override #onFillable()
> - Extend HttpConnection to replace it's private inner class HttpChannelOverHttp
> - Extend HttpConnectionFactory to override #newConnection()
> - Extend nio.NetworkTrafficSelectChannelConnector's to override the
> constructor
>
> Is there any better way? Perhaps we should contribute a patch for
> Jetty to make this conversion configurable via HttpConfiguration?
> (e.g. <Set name="canonicalizeUri">false</Set>)
>
> Thanks,
> Tatsuya
>
> --
> Tatsuya Kawano (Mr.)
> Tokyo, Japan