Java从Servlet读取未解码的URL [英] Java Reading Undecoded URL from Servlet
问题描述
我们假设我有像'=&?/;#+%'这样的字符串作为我网址的一部分,让我们这样说:
example.com/servletPath/someOtherPath/myString/something.html?a=b&c=d#asdf
其中myString是上面的字符串。我编码了关键部分,因此URL看起来像
example.com/servletPath/someOtherPath/%3D%26%3F%2F %3B%23%2B%25 / something.html?a = b& c = d#asdf
到目前为止一切顺利。
当我在servlet中并且我读取任何 request.getRequestURI()时, request.getRequestURL()或 request.getPathInfo(),返回的值已经被解码,所以我得到像
$ b
someOtherPath / =&?/;#+%/ something.html?a = b& c = d#asdf
我无法区分真正的特殊字符和编码字符。
我通过完全禁止上面的字符解决了特殊问题,这在这种情况下有效,但我仍然想知道是否有办法在servlet类中获取未解码的URL。 / p>
另一个编辑:当我昨晚遇到这个问题时,我太累了,不知道发生了什么事,这是更奇怪!我有servlet映射,比如/ servletPath / *之后我可以放任何我想要的东西并根据路径的其余部分得到我的servlet响应,除了当路径中有%2F时。在那种情况下,请求永远不会访问servlet ,我得到404!如果我把'/'代替%2F它可以正常工作。我正在Linux上运行Java 1.6.0-04上的Tomcat 6.0.14。
两者之间存在根本区别%2F'和'/',用于浏览器和服务器。
HttpServletRequest规范说(没有任何逻辑,AFAICT):
- getContextPath:未解码
- getPathInfo:已解码
- getPathTranslated:未解码
- getQueryString:未解码
- getRequestURI:未解码
- getServletPath:已解码
getPathInfo()的结果应解码,但getRequestURI()的结果不得解码。如果是这样,你的Servlet容器就违反了规范(正如Wouter Coekaerts和Francois Gravel正确指出的那样)。您正在运行哪个Tomcat版本?
使问题更加令人困惑,当前的Tomcat版本拒绝包含某些特殊字符编码的路径,出于安全原因。
Let's presume that I have string like '=&?/;#+%' to be a part of my URL, let's say like this:
example.com/servletPath/someOtherPath/myString/something.html?a=b&c=d#asdf
where myString is the above string. I've encoded critical part so URL looks like
example.com/servletPath/someOtherPath/%3D%26%3F%2F%3B%23%2B%25/something.html?a=b&c=d#asdf
So far so good.
When I'm in the servlet and I read any of request.getRequestURI(), request.getRequestURL() or request.getPathInfo(), returned value is already decoded, so I get strilng like
someOtherPath/=&?/;#+%/something.html?a=b&c=d#asdf
and I can't differentiate between real special characters and encoded ones.
I've solved particular problem by banning above chars altogether, which works in this situation, but I still wonder is there any way to get undecoded URL in servlet class.
YET ANOTHER EDIT: When I've hit this problem last evening I was too tired to notice what is really going on, which is even more bizarre! I have servlet mapped on, say /servletPath/* after that I can put whatever I want and get my servlet responding depending on the rest of a path, except when there is %2F in the path. In that case request never hits the servlet, and I get 404! If i put '/' instead of %2F it works OK. I'm running Tomcat 6.0.14 on Java 1.6.0-04 on Linux.
There is a fundamental difference between '%2F' and '/', both for the browser and the server.
The HttpServletRequest specification says (without any logic, AFAICT):
- getContextPath: not decoded
- getPathInfo: decoded
- getPathTranslated: not decoded
- getQueryString: not decoded
- getRequestURI: not decoded
- getServletPath: decoded
The result of getPathInfo() should be decoded, but the result of getRequestURI() must not be decoded. If it is, your Servlet container is breaking the spec (as Wouter Coekaerts and Francois Gravel correctly pointed out). Which Tomcat version are you running?
Making matters even more confusing, current Tomcat versions reject paths that contain encodings of certain special characters, for security reasons.
这篇关于Java从Servlet读取未解码的URL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
