|Summary:||Http Post requests not handled correctly if there is more than one space between the "POST" and the URL|
|Product:||Tomcat 5||Reporter:||Dick Salisbury <dsalisbury>|
|Component:||Connector:Coyote||Assignee:||Tomcat Developers Mailing List <dev>|
Description Dick Salisbury 2007-06-26 16:57:13 UTC
When a Tomcat based Http listener receives a Soap request with more than one space between the "POST" command and the URL, this error response is returned by Tomcat version 5.5.20, and there is no response at all from other versions (4.0.2 and 5.0): HTTP/1.1 505 HTTP Version Not Supported Server: Apache-Coyote/1.1 Date: Fri, 08 Jun 2007 22:19:07 GMT Connection: close Here is what I mean about there being more than one space between the Post and the URL. In the examples below I leave out the body of the Soap request for simplification. I used the TCPMonitor supplied by the Apache project to capture a Soap request and here is how it is displayed in the monitor (it probably looks completely different on the wire): POST http://C010030S:5599/NXAServer/NextAxiomServer HTTP/1.0 User-Agent: Natural 4.2 Content-Type: text/xml; charset=utf-8 SOAPAction: urn:rpc?path=Training.webMethods.validateUserid Content-Length: 338 Note the four spaces between the "POST" and the URL in the first line. Now here is what the request looks like after removing three of the four spaces: POST http://C010030S:5599/NXAServer/NextAxiomServer HTTP/1.0 User-Agent: Natural 4.2 Content-Type: text/xml; charset=utf-8 SOAPAction: urn:rpc?path=Training.webMethods.validateUserid Content-Length: 338 The request seems to only get handled correctly by the Tomcat HTTP listener when there is one space between the "Post" and the URL. This example is from a Soap request issued by a Natural program running on a Z/OS mainframe. Instead of sending you a complete example to recreate the problem (which would require a mainframe) it would probably be easy to use the Apache TCP Monitor to capture a Soap request from an available test system and then add one of more spaces between the Post and the URL, resend the request in the monitor and see what happens. What I'm trying to do is invoke from Natural on a mainframe (which unfortunately we have no control over) a web service running on webMethods (IntegrationServer version 6.1 which uses Tomcat402B.jar, so that may be version 4.0.2B (?), and JVM 1.4.2_13). No response is returned at all from that version. I then tried to do the same thing with webMethods version 6.5 (which uses Tomcat 5.0 and JVM 1.4.2_07) and still got no response. Then I tried NextAxiom version 22.214.171.124 (which uses Tomcat version 5.5.20) and I at least got a response from it (see the response at the top of this description). I then tried invoking web services that use other Http listeners and found the two I tried handled the Soap request just fine. One example is IBM HTTP Server (version 1.3.8) that is running on a WebSphere server; it handles the request with more than one space just fine (by "fine" I mean it recognized the URL and handed it off to the process at that URL). The other I don't know much about; it was just some remote web service I found on the web (http://www.webserviceX.NET). I have looked through the Apache Tomcat website, documentation and an associate looked through the bug database for version 5, and we can't find anything that addresses this problem. I downloaded the source code, but got lost looking around and decided to ask for some help to find and fix this problem. Or maybe someone has an idea on how to configure the Http listener to handle this better. If this is a bug, I would be more than happy to attempt to fix this myself if someone could point me in the right direction. Thank you very very much for your time and efforts. Dick Salisbury Idaho Power Company email@example.com
Comment 1 Tim Whittington 2007-06-26 17:56:32 UTC
According to the HTTP spec there is one space character between the method and the URL - i.e. your request is invalid HTTP. http://tools.ietf.org/html/rfc1945#page-23 This ticket should probably be marked INVALID, but the error response doesn't look appropriate - the response should probably be a 400 Bad Request.
Comment 2 Dick Salisbury 2007-07-09 07:43:44 UTC
(In reply to comment #1) > According to the HTTP spec there is one space character between the method and > the URL - i.e. your request is invalid HTTP. > http://tools.ietf.org/html/rfc1945#page-23 > This ticket should probably be marked INVALID, but the error response doesn't > look appropriate - the response should probably be a 400 Bad Request. Thank you for pointing me in the right direction. After reading the Http spec I have to agree with you that the Http is invalid. A point could be made that the spec should be followed exactly when sending and be more forgiving when receiving, but that is another issue. I have passed the information you provided to Software AG, who is now looking into making changes to correct the Http on their end (in Natural). Thanks again!
Comment 3 Danny Webb 2007-12-05 10:05:57 UTC
>According to the HTTP spec there is one space character between the method and >the URL - i.e. your request is invalid HTTP. >http://tools.ietf.org/html/rfc1945#page-23 >This ticket should probably be marked INVALID, but the error response doesn't >look appropriate - the response should probably be a 400 Bad Request. It is true that in the RFC the Request line is made up of single spaced elements, but if you look at appendix b (http://tools.ietf.org/html/rfc1945#page-55) it says " Clients should be tolerant in parsing the Status-Line and servers tolerant when parsing the Request-Line. In particular, they should accept any amount of SP or HT characters between fields, even though only a single SP is required. "
Comment 4 DonKiShoot 2008-02-13 01:42:14 UTC
I have same 505 error with Natural 4.2 make a post on a tomcat 5 but after analyse it, i have a different conclusion. This for me doesn't work even if we remove space : POST http://C010030S:5599/NXAServer/NextAxiomServer HTTP/1.0 Tomcat only accept this request : POST /NXAServer/NextAxiomServer HTTP/1.0 Host: C010030S:5599
Comment 5 Mark Thomas 2008-05-19 13:10:23 UTC
I have committed a patch to trunk that makes the parsing of the request line tolerant of multiple SP and/or HT. The patch has been proposed it for 6.0.x and 5.5.x I have also tested the example given in comment #4 and cannot reproduce that issue.
Comment 6 Mark Thomas 2008-06-11 13:04:38 UTC
This patch has been applied to 6.0.x and will be in 6.0.17 onwards.
Comment 7 Mark Thomas 2008-07-30 14:01:40 UTC
This has been fixed in 5.5.x and will be included in 5.5.27 onwards.