Bug 61185 - AsynContext.dispatch() does not use encoded URI
Summary: AsynContext.dispatch() does not use encoded URI
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 8
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 8.5.x-trunk
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-14 01:01 UTC by Rossen Stoyanchev
Modified: 2017-06-18 19:45 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rossen Stoyanchev 2017-06-14 01:01:18 UTC
From the Servlet spec says:

"If the AsyncContext was initialized via the startAsync(ServletRequest, ServletResponse) and the request passed is an instance of HttpServletRequest , then the dispatch is to the URI returned by HttpServletRequest.getRequestURI()"

However AsyncContextImpl uses the servletPath:
https://github.com/apache/tomcat/blob/9af8708d7ea3817df47f34146a6ff802d96980fa/java/org/apache/catalina/core/AsyncContextImpl.java#L156-L163

So given a URL with an encoded slash (and UDecoder.ALLOW_ENCODED_SLASH=true):
/foo/vv%2F1234/add/2

The dispatch ends up going to:
/foo/vv/1234/add/2
Comment 1 Mark Thomas 2017-06-18 19:45:23 UTC
Thanks for the report.

Fixed in:
- trunk for 9.0.0.M22 onwards
- 8.5.x for 8.5.16 onwards
- 8.0.x for 8.0.45 onwards
- 7.0.x for 7.0.79 onwards