Bug 42750 - Http Post requests not handled correctly if there is more than one space between the "POST" and the URL
Http Post requests not handled correctly if there is more than one space betw...
Status: RESOLVED FIXED
Product: Tomcat 5
Classification: Unclassified
Component: Connector:Coyote
5.5.20
PC Windows XP
: P3 normal (vote)
: ---
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2007-06-26 16:57 UTC by Dick Salisbury
Modified: 2008-07-30 14:01 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dick Salisbury 2007-06-26 16:57:13 UTC
When a Tomcat based Http listener receives a Soap request with more than one 
space between the "POST" command and the URL, this error response is returned 
by Tomcat version 5.5.20, and there is no response at all from other versions 
(4.0.2 and 5.0):

HTTP/1.1 505 HTTP Version Not Supported
Server: Apache-Coyote/1.1
Date: Fri, 08 Jun 2007 22:19:07 GMT
Connection: close

Here is what I mean about there being more than one space between the Post and 
the URL.  In the examples below I leave out the body of the Soap request for 
simplification.  I used the TCPMonitor supplied by the Apache project to 
capture a Soap request and here is how it is displayed in the monitor (it 
probably looks completely different on the wire):

POST    http://C010030S:5599/NXAServer/NextAxiomServer HTTP/1.0

User-Agent: Natural 4.2
Content-Type: text/xml; charset=utf-8
SOAPAction: urn:rpc?path=Training.webMethods.validateUserid
Content-Length: 338

Note the four spaces between the "POST" and the URL in the first line.  Now 
here is what the request looks like after removing three of the four spaces:

POST http://C010030S:5599/NXAServer/NextAxiomServer HTTP/1.0
User-Agent: Natural 4.2
Content-Type: text/xml; charset=utf-8
SOAPAction: urn:rpc?path=Training.webMethods.validateUserid
Content-Length: 338

The request seems to only get handled correctly by the Tomcat HTTP listener 
when there is one space between the "Post" and the URL.  

This example is from a Soap request issued by a Natural program running on a 
Z/OS mainframe.  Instead of sending you a complete example to recreate the 
problem (which would require a mainframe) it would probably be easy to use the 
Apache TCP Monitor to capture a Soap request from an available test system and 
then add one of more spaces between the Post and the URL, resend the request 
in the monitor and see what happens.  

What I'm trying to do is invoke from Natural on a mainframe (which 
unfortunately we have no control over) a web service running on webMethods 
(IntegrationServer version 6.1 which uses Tomcat402B.jar, so that may be 
version 4.0.2B (?), and JVM 1.4.2_13). No response is returned at all from 
that version.  I then tried to do the same thing with webMethods version 6.5 
(which uses Tomcat 5.0 and JVM 1.4.2_07) and still got no response.  Then I 
tried NextAxiom version 6.5.2.0 (which uses Tomcat version 5.5.20) and I at 
least got a response from it (see the response at the top of this 
description).  I then tried invoking web services that use other Http 
listeners and found the two I tried handled the Soap request just fine.  One 
example is IBM HTTP Server (version 1.3.8) that is running on a WebSphere 
server; it handles the request with more than one space just fine (by "fine" I 
mean it recognized the URL and handed it off to the process at that URL).  The 
other I don't know much about; it was just some remote web service I found on 
the web (http://www.webserviceX.NET).

I have looked through the Apache Tomcat website, documentation and an 
associate looked through the bug database for version 5, and we can't find 
anything that addresses this problem.  I downloaded the source code, but got 
lost looking around and decided to ask for some help to find and fix this 
problem.  Or maybe someone has an idea on how to configure the Http listener 
to handle this better.

If this is a bug, I would be more than happy to attempt to fix this myself if 
someone could point me in the right direction.

Thank you very very much for your time and efforts.

Dick Salisbury
Idaho Power Company
dsalisbury@idahopower.com
Comment 1 Tim Whittington 2007-06-26 17:56:32 UTC
According to the HTTP spec there is one space character between the method and
the URL - i.e. your request is invalid HTTP.
http://tools.ietf.org/html/rfc1945#page-23

This ticket should probably be marked INVALID, but the error response doesn't
look appropriate - the response should probably be a 400 Bad Request.
Comment 2 Dick Salisbury 2007-07-09 07:43:44 UTC
(In reply to comment #1)
> According to the HTTP spec there is one space character between the method 
and
> the URL - i.e. your request is invalid HTTP.
> http://tools.ietf.org/html/rfc1945#page-23
> This ticket should probably be marked INVALID, but the error response doesn't
> look appropriate - the response should probably be a 400 Bad Request.

Thank you for pointing me in the right direction. After reading the Http spec 
I have to agree with you that the Http is invalid. A point could be made that 
the spec should be followed exactly when sending and be more forgiving when 
receiving, but that is another issue.  I have passed the information you 
provided to Software AG, who is now looking into making changes to correct the 
Http on their end (in Natural).  Thanks again!
Comment 3 Danny Webb 2007-12-05 10:05:57 UTC
>According to the HTTP spec there is one space character between the method and
>the URL - i.e. your request is invalid HTTP.
>http://tools.ietf.org/html/rfc1945#page-23

>This ticket should probably be marked INVALID, but the error response doesn't
>look appropriate - the response should probably be a 400 Bad Request.

It is true that in the RFC the Request line is made up of single spaced
elements, but if you look at appendix b
(http://tools.ietf.org/html/rfc1945#page-55) it says 
"   Clients should be tolerant in parsing the Status-Line and servers
   tolerant when parsing the Request-Line. In particular, they should
   accept any amount of SP or HT characters between fields, even though
   only a single SP is required.
"
Comment 4 DonKiShoot 2008-02-13 01:42:14 UTC
I have same 505 error with Natural 4.2 make a post on a tomcat 5 but after
analyse it, i have a different conclusion.

This for me doesn't work even if we remove space :

POST http://C010030S:5599/NXAServer/NextAxiomServer HTTP/1.0

Tomcat only accept this request :

POST /NXAServer/NextAxiomServer HTTP/1.0
Host: C010030S:5599
Comment 5 Mark Thomas 2008-05-19 13:10:23 UTC
I have committed a patch to trunk that makes the parsing of the request line tolerant of multiple SP and/or HT. The patch has been proposed it for 6.0.x and 5.5.x

I have also tested the example given in comment #4 and cannot reproduce that issue.
Comment 6 Mark Thomas 2008-06-11 13:04:38 UTC
This patch has been applied to 6.0.x and will be in 6.0.17 onwards.
Comment 7 Mark Thomas 2008-07-30 14:01:40 UTC
This has been fixed in 5.5.x and will be included in 5.5.27 onwards.