IBM Support

PI67942: HttpServletRequest.getRequestURI() might return a decoded value after dispatching

Download


Abstract

javax.servlet.httpservletrequest.getrequesturi() might return a decoded value after dispatching

Download Description

PI67942 resolves the following problem:

ERROR DESCRIPTION:
Invoking HttpServletRequest.getRequestURI() returns a decoded
URI if it is invoked after dispatching the request when a
decoded path was passed to
javax.servlet.ServletRequest.getRequestDispatcher(String
path).

LOCAL FIX:

PROBLEM SUMMARY

USERS AFFECTED:
IBM WebSphere Application Server versions
8.5.5 and 9.0, and Websphere Application
Server Liberty users of Web Container.

PROBLEM DESCRIPTION:
Invoking
HttpServletRequest.getRequestURI()
after dispatching the request
incorrectly returns a decoded URI if a
decoded path was passed to
javax.servlet.ServletRequest.getRequest
Dispatcher() or
javax.servlet.AsyncContext.dispatch()

RECOMMENDATION:
None

If a decoded path is used when invoking
ServletRequest.getRequestDispatcher() or one of the
AsyncContext.dispatch() methods,
HttpServletRequest.getRequestURI() returns a decoded URI
instead of an encoded URI after the request has been
dispatched.
The following is an example of this problem:
ServletA:
...
request.getRequestDispatcher("/ServletB/a b").forward();
...
ServletB:
...
String uri = request.getRequestURI();
...
The "uri" variable in ServletB will have the following value:
/ServletB/a b
The getRequestURI() method should return an URL encoded value.

PROBLEM CONCLUSION:
The WebContainer has been modified to return a decoded URI
when invoking HttpServletRequest.getRequestURI() after
dispatching.

A new context parameter needs to be set to true in the
application's web.xml to enable this fix. If this fix is
enabled, the developer must make sure that any invocations to
ServletRequest.getRequestDispatcher() and
AsyncContext.dispatch() are being done using decoded paths as
a parameter:

<context-param>

<param-name>com.ibm.ws.webcontainer.ENCODE_DISPATCHED_REQUEST_UR
I</param-name>
<param-value>true</param-value>
</context-param>

After enabling the fix the "uri" variable in the example above
will have the following value:

/ServletB/a%20b

If an encoded path is used when invoking
ServletRequest.getRequestDispatcher() and
AsyncContext.dispatch() when this fix is enabled the "uri"
variable will have the following value:

/ServletB/a%2520b

This will be considered an application error and can be fixed
by using decoded paths when invoking
ServletRequest.getRequestDispatcher() and
AsyncContext.dispatch().

The fix for this APAR is currently targeted for inclusion in
fix packs 8.5.5.11, 9.0.0.2 and 16.0.0.3. Please refer to the
recommended updates page for delivery information:

http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"V85 Readme","INLang":"US English","INSize":"6162","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI67942/8.5.5.10/readme.txt"}]
On
[{"DNLabel":"8.5.5.10-WS-WAS-IFPI67942","DNDate":"09-26-2016","DNLang":"US English","DNSize":"422322","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.10-WS-WAS-IFPI67942&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF022","label":"OS X"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.10","Edition":"Advanced;Base;Enterprise;Express;Network Deployment;Single Server","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24042827

Page Feedback