Decode the path provided to the request dispatcher by default. The reasoning is:
- the servlet spec is clear (see 9.1.1) that path can include a query string;
- the query string is delimited by '?';
- '?' is a valid character in the path (if it is encoded);
- users may want to use '?'in the path;
- therefore users need to be able to provide an encoded path;
- therefore the RequestDispatcher needs to decode the path.
This change should be transparent unless an application is passing an unencoded % to the request dispatcher which should be fairly rare.
The behaviour is configurable via a Context attribute so the previous behaviour can easily be restored.
git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1754281 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/java/org/apache/catalina/Context.java b/java/org/apache/catalina/Context.java
index 3e16837..3914c6f 100644
--- a/java/org/apache/catalina/Context.java
+++ b/java/org/apache/catalina/Context.java
@@ -1766,4 +1766,26 @@
* @see #setUseRelativeRedirects(boolean)
*/
public boolean getUseRelativeRedirects();
+
+ /**
+ * Are paths used in calls to obtain a request dispatcher expected to be
+ * encoded? This affects both how Tomcat handles calls to obtain a request
+ * dispatcher as well as how Tomcat generates paths used to obtain request
+ * dispatchers internally.
+ *
+ * @param dispatchersUseEncodedPaths {@code true} to use encoded paths,
+ * otherwise {@code false}
+ */
+ public void setDispatchersUseEncodedPaths(boolean dispatchersUseEncodedPaths);
+
+ /**
+ * Are paths used in calls to obtain a request dispatcher expected to be
+ * encoded? This applys to both how Tomcat handles calls to obtain a request
+ * dispatcher as well as how Tomcat generates paths used to obtain request
+ * dispatchers internally.
+ *
+ * @return {@code true} if encoded paths will be used, otherwise
+ * {@code false}
+ */
+ public boolean getDispatchersUseEncodedPaths();
}
diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java
index 297f358..99a319a 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -83,6 +83,7 @@
import org.apache.catalina.core.AsyncContextImpl;
import org.apache.catalina.mapper.MappingData;
import org.apache.catalina.util.ParameterMap;
+import org.apache.catalina.util.URLEncoder;
import org.apache.coyote.ActionCode;
import org.apache.coyote.UpgradeToken;
import org.apache.coyote.http11.upgrade.InternalHttpUpgradeHandler;
@@ -1372,14 +1373,22 @@
int pos = requestPath.lastIndexOf('/');
String relative = null;
- if (pos >= 0) {
- relative = requestPath.substring(0, pos + 1) + path;
+ if (context.getDispatchersUseEncodedPaths()) {
+ if (pos >= 0) {
+ relative = URLEncoder.DEFAULT.encode(
+ requestPath.substring(0, pos + 1), "UTF-8") + path;
+ } else {
+ relative = URLEncoder.DEFAULT.encode(requestPath, "UTF-8") + path;
+ }
} else {
- relative = requestPath + path;
+ if (pos >= 0) {
+ relative = requestPath.substring(0, pos + 1) + path;
+ } else {
+ relative = requestPath + path;
+ }
}
return context.getServletContext().getRequestDispatcher(relative);
-
}
diff --git a/java/org/apache/catalina/core/ApplicationContext.java b/java/org/apache/catalina/core/ApplicationContext.java
index ace90a4..11af41d 100644
--- a/java/org/apache/catalina/core/ApplicationContext.java
+++ b/java/org/apache/catalina/core/ApplicationContext.java
@@ -17,9 +17,11 @@
package org.apache.catalina.core;
import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.URL;
+import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.Collections;
import java.util.EnumSet;
@@ -410,6 +412,26 @@
if (normalizedPath == null)
return (null);
+ if (getContext().getDispatchersUseEncodedPaths()) {
+ // Decode
+ String decodedPath;
+ try {
+ decodedPath = URLDecoder.decode(normalizedPath, "UTF-8");
+ } catch (UnsupportedEncodingException e) {
+ // Impossible
+ return null;
+ }
+
+ // Security check to catch attempts to encode /../ sequences
+ normalizedPath = RequestUtil.normalize(decodedPath);
+ if (!decodedPath.equals(normalizedPath)) {
+ getContext().getLogger().warn(
+ sm.getString("applicationContext.illegalDispatchPath", path),
+ new IllegalArgumentException());
+ return null;
+ }
+ }
+
pos = normalizedPath.length();
// Use the thread local URI and mapping data
diff --git a/java/org/apache/catalina/core/LocalStrings.properties b/java/org/apache/catalina/core/LocalStrings.properties
index 0bbaf26..4b84632 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -22,6 +22,7 @@
applicationContext.addRole.ise=Roles cannot be added to context {0} as the context has been initialised
applicationContext.addServlet.ise=Servlets cannot be added to context {0} as the context has been initialised
applicationContext.attributeEvent=Exception thrown by attributes event listener
+applicationContext.illegalDispatchPath=An application attempted to obtain a request dispatcher with an illegal path [{0}] that was rejected because it contained an encoded directory traversal attempt
applicationContext.invalidFilterName=Unable to add filter definition due to invalid filter name [{0}].
applicationContext.invalidServletName=Unable to add servlet definition due to invalid servlet name [{0}].
applicationContext.mapping.error=Error during mapping
diff --git a/java/org/apache/catalina/core/StandardContext.java b/java/org/apache/catalina/core/StandardContext.java
index eccc2f0..b51ba78 100644
--- a/java/org/apache/catalina/core/StandardContext.java
+++ b/java/org/apache/catalina/core/StandardContext.java
@@ -806,10 +806,29 @@
private boolean useRelativeRedirects = !Globals.STRICT_SERVLET_COMPLIANCE;
+ private boolean dispatchersUseEncodedPaths = true;
+
// ----------------------------------------------------- Context Properties
@Override
+ public void setDispatchersUseEncodedPaths(boolean dispatchersUseEncodedPaths) {
+ this.dispatchersUseEncodedPaths = dispatchersUseEncodedPaths;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ * <p>
+ * The default value for this implementation is {@code true}.
+ */
+ @Override
+ public boolean getDispatchersUseEncodedPaths() {
+ return dispatchersUseEncodedPaths;
+ }
+
+
+ @Override
public void setUseRelativeRedirects(boolean useRelativeRedirects) {
this.useRelativeRedirects = useRelativeRedirects;
}
diff --git a/java/org/apache/catalina/startup/FailedContext.java b/java/org/apache/catalina/startup/FailedContext.java
index 8f18b8e..f2aab9d 100644
--- a/java/org/apache/catalina/startup/FailedContext.java
+++ b/java/org/apache/catalina/startup/FailedContext.java
@@ -783,4 +783,9 @@
public void setUseRelativeRedirects(boolean useRelativeRedirects) { /* NO-OP */ }
@Override
public boolean getUseRelativeRedirects() { return true; }
+
+ @Override
+ public void setDispatchersUseEncodedPaths(boolean dispatchersUseEncodedPaths) { /* NO-OP */ }
+ @Override
+ public boolean getDispatchersUseEncodedPaths() { return true; }
}
\ No newline at end of file
diff --git a/test/org/apache/catalina/core/TestApplicationContextGetRequestDispatcher.java b/test/org/apache/catalina/core/TestApplicationContextGetRequestDispatcher.java
new file mode 100644
index 0000000..197278d
--- /dev/null
+++ b/test/org/apache/catalina/core/TestApplicationContextGetRequestDispatcher.java
@@ -0,0 +1,504 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collection;
+
+import javax.servlet.AsyncContext;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameters;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Wrapper;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.catalina.startup.TomcatBaseTest;
+import org.apache.catalina.util.URLEncoder;
+import org.apache.tomcat.util.buf.ByteChunk;
+
+@RunWith(value = Parameterized.class)
+public class TestApplicationContextGetRequestDispatcher extends TomcatBaseTest {
+
+ private final boolean useAsync;
+
+ public TestApplicationContextGetRequestDispatcher(boolean useAsync) {
+ this.useAsync = useAsync;
+ }
+
+ @Parameters(name = "{index}: useAsync[{0}]")
+ public static Collection<Object[]> data() {
+ return Arrays.asList(new Object[][]{
+ {Boolean.TRUE},
+ {Boolean.FALSE}
+ });
+ }
+
+ @Test
+ public void testGetRequestDispatcherNullPath01() throws Exception {
+ doTestGetRequestDispatcher(true, "/start", null, null, "/target", DispatcherServlet.NULL);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcherNullPath02() throws Exception {
+ doTestGetRequestDispatcher(false, "/start", null, null, "/target", DispatcherServlet.NULL);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcherOutsideContextRoot01() throws Exception {
+ doTestGetRequestDispatcher(
+ true, "/start", null, "../outside", "/target", DispatcherServlet.NULL);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcherOutsideContextRoot02() throws Exception {
+ doTestGetRequestDispatcher(
+ false, "/start", null, "../outside", "/target", DispatcherServlet.NULL);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcherEncodedTraversal() throws Exception {
+ doTestGetRequestDispatcher(
+ true, "/prefix/start", null, "%2E%2E/target", "/target", DispatcherServlet.NULL);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcherTraversal01() throws Exception {
+ doTestGetRequestDispatcher(
+ true, "/prefix/start", null, "../target", "/target", TargetServlet.OK);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcherTraversal02() throws Exception {
+ doTestGetRequestDispatcher(
+ false, "/prefix/start", null, "../target", "/target", TargetServlet.OK);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcherTraversal03() throws Exception {
+ doTestGetRequestDispatcher(
+ true, "/prefix/start", null, "../target?a=b", "/target", TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcherTraversal04() throws Exception {
+ doTestGetRequestDispatcher(
+ false, "/prefix/start", null, "../target?a=b", "/target", TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcherTraversal05() throws Exception {
+ doTestGetRequestDispatcher(
+ true, "/prefix/start", "a=b", "../target", "/target", TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcherTraversal06() throws Exception {
+ doTestGetRequestDispatcher(
+ false, "/prefix/start", "a=b", "../target", "/target", TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher01() throws Exception {
+ doTestGetRequestDispatcher(
+ true, "/prefix/start", null, "target", "/prefix/target", TargetServlet.OK);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher02() throws Exception {
+ doTestGetRequestDispatcher(
+ false, "/prefix/start", null, "target", "/prefix/target", TargetServlet.OK);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher03() throws Exception {
+ doTestGetRequestDispatcher(true, "/prefix/start", null, "target?a=b", "/prefix/target",
+ TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher04() throws Exception {
+ doTestGetRequestDispatcher(false, "/prefix/start", null, "target?a=b", "/prefix/target",
+ TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher05() throws Exception {
+ doTestGetRequestDispatcher(true, "/prefix/start", "a=b", "target", "/prefix/target",
+ TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher06() throws Exception {
+ doTestGetRequestDispatcher(false, "/prefix/start", "a=b", "target", "/prefix/target",
+ TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher11() throws Exception {
+ doTestGetRequestDispatcher(true, "/aa%3Fbb%3Dcc/start", null, "target",
+ "/aa%3Fbb%3Dcc/target", TargetServlet.OK);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher12() throws Exception {
+ // Expected to fail because when the RD processes this as unencoded it
+ // sees /aa?bb=cc/target which it thinks is a query string. This is why
+ // Tomcat encodes by default.
+ doTestGetRequestDispatcher(false, "/aa%3Fbb%3Dcc/start", null, "target",
+ "/aa%3Fbb%3Dcc/target", Default404Servlet.DEFAULT_404);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher13() throws Exception {
+ doTestGetRequestDispatcher(true, "/aa%3Fbb%3Dcc/start", null, "target?a=b",
+ "/aa%3Fbb%3Dcc/target", TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher14() throws Exception {
+ // Expected to fail because when the RD processes this as unencoded it
+ // sees /aa?bb=cc/target which it thinks is a query string. This is why
+ // Tomcat encodes by default.
+ doTestGetRequestDispatcher(false, "/aa%3Fbb%3Dcc/start", null, "target?a=b",
+ "/aa%3Fbb%3Dcc/target", Default404Servlet.DEFAULT_404);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher15() throws Exception {
+ doTestGetRequestDispatcher(true, "/aa%3Fbb%3Dcc/start", "a=b", "target",
+ "/aa%3Fbb%3Dcc/target", TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher16() throws Exception {
+ // Expected to fail because when the RD processes this as unencoded it
+ // sees /aa?bb=cc/target which it thinks is a query string. This is why
+ // Tomcat encodes by default.
+ doTestGetRequestDispatcher(false, "/aa%3Fbb%3Dcc/start", "a=b", "target",
+ "/aa%3Fbb%3Dcc/target", Default404Servlet.DEFAULT_404);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher21() throws Exception {
+ doTestGetRequestDispatcher(true, "/aa%3Dbb%3Dcc/start", null, "target",
+ "/aa%3Dbb%3Dcc/target", TargetServlet.OK);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher22() throws Exception {
+ doTestGetRequestDispatcher(false, "/aa%3Dbb%3Dcc/start", null, "target",
+ "/aa%3Dbb%3Dcc/target", TargetServlet.OK);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher23() throws Exception {
+ doTestGetRequestDispatcher(true, "/aa%3Dbb%3Dcc/start", null, "target?a=b",
+ "/aa%3Dbb%3Dcc/target", TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher24() throws Exception {
+ doTestGetRequestDispatcher(false, "/aa%3Dbb%3Dcc/start", null, "target?a=b",
+ "/aa%3Dbb%3Dcc/target", TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher25() throws Exception {
+ doTestGetRequestDispatcher(true, "/aa%3Dbb%3Dcc/start", "a=b", "target",
+ "/aa%3Dbb%3Dcc/target", TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher26() throws Exception {
+ doTestGetRequestDispatcher(false, "/aa%3Dbb%3Dcc/start", "a=b", "target",
+ "/aa%3Dbb%3Dcc/target", TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher31() throws Exception {
+ doTestGetRequestDispatcher(true, "/prefix/start", null, "aa%3Fbb%3Dcc",
+ "/prefix/aa%3Fbb%3Dcc", TargetServlet.OK);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher32() throws Exception {
+ doTestGetRequestDispatcher(false, "/prefix/start", null, "aa%3Fbb%3Dcc",
+ "/prefix/aa%3Fbb%3Dcc", Default404Servlet.DEFAULT_404);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher33() throws Exception {
+ doTestGetRequestDispatcher(true, "/prefix/start", null, "aa%3Fbb%3Dcc?a=b",
+ "/prefix/aa%3Fbb%3Dcc", TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher34() throws Exception {
+ doTestGetRequestDispatcher(false, "/prefix/start", null, "aa%3Fbb%3Dcc?a=b",
+ "/prefix/aa%3Fbb%3Dcc", Default404Servlet.DEFAULT_404);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher35() throws Exception {
+ doTestGetRequestDispatcher(true, "/prefix/start", "a=b", "aa%3Fbb%3Dcc",
+ "/prefix/aa%3Fbb%3Dcc", TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher36() throws Exception {
+ doTestGetRequestDispatcher(false, "/prefix/start", "a=b", "aa%3Fbb%3Dcc",
+ "/prefix/aa%3Fbb%3Dcc", Default404Servlet.DEFAULT_404);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher41() throws Exception {
+ doTestGetRequestDispatcher(true, "/prefix/start", null, "aa%3Fbb%3Dcc",
+ "/prefix/aa%253Fbb%253Dcc", Default404Servlet.DEFAULT_404);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher42() throws Exception {
+ doTestGetRequestDispatcher(false, "/prefix/start", null, "aa%3Fbb%3Dcc",
+ "/prefix/aa%253Fbb%253Dcc", TargetServlet.OK);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher43() throws Exception {
+ doTestGetRequestDispatcher(true, "/prefix/start", null, "aa%3Fbb%3Dcc?a=b",
+ "/prefix/aa%253Fbb%253Dcc", Default404Servlet.DEFAULT_404);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher44() throws Exception {
+ doTestGetRequestDispatcher(false, "/prefix/start", null, "aa%3Fbb%3Dcc?a=b",
+ "/prefix/aa%253Fbb%253Dcc", TargetServlet.OK + "a=b");
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher45() throws Exception {
+ doTestGetRequestDispatcher(true, "/prefix/start", "a=b", "aa%3Fbb%3Dcc",
+ "/prefix/aa%253Fbb%253Dcc", Default404Servlet.DEFAULT_404);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher46() throws Exception {
+ doTestGetRequestDispatcher(false, "/prefix/start", "a=b", "aa%3Fbb%3Dcc",
+ "/prefix/aa%253Fbb%253Dcc", TargetServlet.OK + "a=b");
+ }
+
+
+ private void doTestGetRequestDispatcher(boolean useEncodedDispatchPaths, String startPath,
+ String startQueryString, String dispatchPath, String targetPath, String expectedBody)
+ throws Exception {
+
+ // Setup Tomcat instance
+ Tomcat tomcat = getTomcatInstance();
+
+ // No file system docBase required
+ Context ctx = tomcat.addContext("/test", null);
+ ctx.setDispatchersUseEncodedPaths(useEncodedDispatchPaths);
+
+ // Add a default servlet to return 404 for not found resources
+ Tomcat.addServlet(ctx, "Default", new Default404Servlet());
+ ctx.addServletMapping("/*", "Default");
+
+ // Add a target servlet to dispatch to
+ Tomcat.addServlet(ctx, "target", new TargetServlet());
+ // Note: This will decode the provided path
+ ctx.addServletMapping(targetPath, "target");
+
+ if (useAsync) {
+ Wrapper w = Tomcat.addServlet(
+ ctx, "rd", new AsyncDispatcherServlet(dispatchPath, useEncodedDispatchPaths));
+ w.setAsyncSupported(true);
+ } else {
+ Tomcat.addServlet(ctx, "rd", new DispatcherServlet(dispatchPath));
+ }
+ // Note: This will decode the provided path
+ ctx.addServletMapping(startPath, "rd");
+
+ tomcat.start();
+
+ StringBuilder url = new StringBuilder("http://localhost:");
+ url.append(getPort());
+ url.append("/test");
+ url.append(startPath);
+ if (startQueryString != null) {
+ url.append('?');
+ url.append(startQueryString);
+ }
+
+ ByteChunk bc = getUrl(url.toString());
+ String body = bc.toString();
+
+ Assert.assertEquals(expectedBody, body);
+ }
+
+
+ private static class Default404Servlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+ private static final String DEFAULT_404 = "DEFAULT-404";
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ resp.setContentType("text/plain");
+ resp.setCharacterEncoding("UTF-8");
+ resp.getWriter().print(DEFAULT_404);
+ resp.setStatus(404);
+ }
+ }
+
+
+ private static class DispatcherServlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+ private static final String NULL = "RD-NULL";
+
+ private final String dispatchPath;
+
+ public DispatcherServlet(String dispatchPath) {
+ this.dispatchPath = dispatchPath;
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ RequestDispatcher rd = req.getRequestDispatcher(dispatchPath);
+ if (rd == null) {
+ resp.setContentType("text/plain");
+ resp.setCharacterEncoding("UTF-8");
+ resp.getWriter().print(NULL);
+ } else {
+ rd.forward(req, resp);
+ }
+ }
+ }
+
+
+ private static class TargetServlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+ private static final String OK = "OK";
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ resp.setContentType("text/plain");
+ resp.setCharacterEncoding("UTF-8");
+ resp.getWriter().print(OK);
+ String qs = req.getQueryString();
+ if (qs != null) {
+ resp.getWriter().print(qs);
+ }
+ }
+ }
+
+
+ private static class AsyncDispatcherServlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+ private static final String NULL = "RD-NULL";
+
+ private final String dispatchPath;
+ private final boolean encodePath;
+
+ public AsyncDispatcherServlet(String dispatchPath, boolean encodePath) {
+ this.dispatchPath = dispatchPath;
+ this.encodePath = encodePath;
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ AsyncContext ac = req.startAsync();
+ // Quick and dirty. Sufficient for this test but ignores lots of
+ // edge cases.
+ String target = null;
+ if (dispatchPath != null) {
+ target = req.getServletPath();
+ int lastSlash = target.lastIndexOf('/');
+ target = target.substring(0, lastSlash + 1);
+ if (encodePath) {
+ target = URLEncoder.DEFAULT.encode(target, "UTF-8");
+ }
+ target += dispatchPath;
+ }
+ try {
+ ac.dispatch(target);
+ } catch (UnsupportedOperationException uoe) {
+ ac.complete();
+ resp.setContentType("text/plain");
+ resp.setCharacterEncoding("UTF-8");
+ resp.getWriter().print(NULL);
+ }
+ }
+ }
+}
diff --git a/test/org/apache/catalina/core/TestAsyncContextImpl.java b/test/org/apache/catalina/core/TestAsyncContextImpl.java
index c28adb9..2b7f252 100644
--- a/test/org/apache/catalina/core/TestAsyncContextImpl.java
+++ b/test/org/apache/catalina/core/TestAsyncContextImpl.java
@@ -2591,4 +2591,10 @@
}
}
}
+
+
+ @Test
+ public void testAsyncDispatchEncoding() throws Exception {
+
+ }
}
diff --git a/test/org/apache/tomcat/unittest/TesterContext.java b/test/org/apache/tomcat/unittest/TesterContext.java
index 41f327a..6c39f7a 100644
--- a/test/org/apache/tomcat/unittest/TesterContext.java
+++ b/test/org/apache/tomcat/unittest/TesterContext.java
@@ -1246,4 +1246,9 @@
public void setUseRelativeRedirects(boolean useRelativeRedirects) { /* NO-OP */ }
@Override
public boolean getUseRelativeRedirects() { return true; }
+
+ @Override
+ public void setDispatchersUseEncodedPaths(boolean dispatchersUseEncodedPaths) { /* NO-OP */ }
+ @Override
+ public boolean getDispatchersUseEncodedPaths() { return true; }
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 94b2c58..31f6299 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -62,6 +62,12 @@
Compatibility with rewrite from httpd for non existing headers.
(jfclere)
</fix>
+ <fix>
+ By default, treat paths used to obtain a request dispatcher as encoded.
+ This behaviour can be changed per web application via the
+ <code>dispatchersUseEncodedPaths</code> attribute of the Context.
+ (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
diff --git a/webapps/docs/config/context.xml b/webapps/docs/config/context.xml
index 6c3ebef..7ec6444 100644
--- a/webapps/docs/config/context.xml
+++ b/webapps/docs/config/context.xml
@@ -334,6 +334,14 @@
sufficient.</p>
</attribute>
+ <attribute name="dispatchersUseEncodedPaths" required="false">
+ <p>Controls whether paths used in calls to obtain a request dispatcher
+ ares expected to be encoded. This affects both how Tomcat handles calls
+ to obtain a request dispatcher as well as how Tomcat generates paths
+ used to obtain request dispatchers internally. If not specified, the
+ default value of <code>true</code> is used.</p>
+ </attribute>
+
<attribute name="failCtxIfServletStartFails" required="false">
<p>Set to <code>true</code> to have the context fail its startup if any
servlet that has load-on-startup >=0 fails its own startup.</p>
