diff options
| author | Artur Signell <artur@vaadin.com> | 2015-05-28 09:01:20 +0300 |
|---|---|---|
| committer | Vaadin Code Review <review@vaadin.com> | 2015-06-05 13:03:56 +0000 |
| commit | 7c48ad2b38cbbdc2877ae106a7c2dfbcae512f3b (patch) | |
| tree | 85049f6bf430d2ec2edab3440f16474dee22f4ff /server | |
| parent | 7adec3cd86956fde2fe3670ed4b0eef97bbb0904 (diff) | |
| download | vaadin-framework-7c48ad2b38cbbdc2877ae106a7c2dfbcae512f3b.tar.gz vaadin-framework-7c48ad2b38cbbdc2877ae106a7c2dfbcae512f3b.zip | |
Better error reporting when server has invalid URL encoding (#17948)
Change-Id: I7a85a9d93e51de353e74bc08dd81a1779f94ba14
Diffstat (limited to 'server')
| -rw-r--r-- | server/src/com/vaadin/server/ConnectorResourceHandler.java | 36 |
1 files changed, 31 insertions, 5 deletions
diff --git a/server/src/com/vaadin/server/ConnectorResourceHandler.java b/server/src/com/vaadin/server/ConnectorResourceHandler.java index 6c486a2d65..8715134773 100644 --- a/server/src/com/vaadin/server/ConnectorResourceHandler.java +++ b/server/src/com/vaadin/server/ConnectorResourceHandler.java @@ -30,10 +30,11 @@ import com.vaadin.util.CurrentInstance; public class ConnectorResourceHandler implements RequestHandler { // APP/connector/[uiid]/[cid]/[filename.xyz] + private static final String CONNECTOR_RESOURCE_PREFIX = "/" + + ApplicationConstants.APP_PATH + "/" + + ConnectorResource.CONNECTOR_PATH + "/"; private static final Pattern CONNECTOR_RESOURCE_PATTERN = Pattern - .compile("^/?" + ApplicationConstants.APP_PATH + '/' - + ConnectorResource.CONNECTOR_PATH + '/' - + "(\\d+)/(\\d+)/(.*)"); + .compile("^" + CONNECTOR_RESOURCE_PREFIX + "(\\d+)/(\\d+)/(.*)"); private static Logger getLogger() { return Logger.getLogger(ConnectorResourceHandler.class.getName()); @@ -44,12 +45,18 @@ public class ConnectorResourceHandler implements RequestHandler { public boolean handleRequest(VaadinSession session, VaadinRequest request, VaadinResponse response) throws IOException { String requestPath = request.getPathInfo(); - if (requestPath == null) { + if (requestPath == null + || !requestPath.startsWith(CONNECTOR_RESOURCE_PREFIX)) { return false; } Matcher matcher = CONNECTOR_RESOURCE_PATTERN.matcher(requestPath); if (!matcher.matches()) { - return false; + // This is a connector resource request based on the prefix but the + // pattern did not match + warnAboutInvalidURLEncoding(requestPath); + response.sendError(HttpServletResponse.SC_NOT_FOUND, + "Connector resource not found"); + return true; } String uiId = matcher.group(1); String cid = matcher.group(2); @@ -102,6 +109,25 @@ public class ConnectorResourceHandler implements RequestHandler { return true; } + private boolean loggedDecodingWarning = false; + + private void warnAboutInvalidURLEncoding(String requestPath) { + if (requestPath.contains("\n") || requestPath.indexOf(0x85) != -1) { + // What, path info should not contain a new line or UTF-8 Next Line + // (NEL) character, but it does in + // Tomcat 7 with default configuration in some cases (URL is encoded + // by the browser as UTF-8 and decoded as ISO-8859-1 by Tomcat) + + if (!loggedDecodingWarning) { + loggedDecodingWarning = true; + getLogger() + .warning( + "Request path contains a new line character. This typically means that the server is incorrectly configured to use something else than UTF-8 for URL decoding (requestPath: " + + requestPath + ")"); + } + } + } + private static boolean error(VaadinRequest request, VaadinResponse response, String logMessage) throws IOException { getLogger().log(Level.WARNING, logMessage); |