invalid pathinfo computation in ServletDefinition

[gissuebot]

From mathieu.barcikowski on February 02, 2011 08:25:01

When a path end up with ";" params (for example, http://server/servlet/path;jsessionid=xxxxxx the getPathInfo method in the doService method return "/path;jsessionid=xxxxxx" instead of "/path".

It's not consistent with the way jetty (for example) treat this particular case), jetty discard the ";jsessionid=xxxxxx" part when computing the pathinfo.

This difference leads to a problem when using the blazeds MessageBrokerServlet managed by servlet extension, because it using servletpath+pathinfo to retrieve the amf endpoint, and thus it don't retrieve the endpoint.

How To reproduce :

• configure a MessageBrokerServlet in a ServletModule (serving "/messagebroker/*" for example)
• configure an endpoint in the blazeds side (for example "http://{server.name}:{server.port}/{context.root}/messagebroker/amf/
• now start the server and try to access endpoint :    http://server/context/messagebroker/amf return a HTTP status 200    http://server/context/messagebroker/amf;jsessionid=112121 return a HTTP status 404

Original issue: http://code.google.com/p/google-guice/issues/detail?id=599

[gissuebot]

From sberlin on February 21, 2011 17:45:59

(No comment was entered for this change.)

Labels: Extension-Servlet

[gissuebot]

From jeff.ichnowski on May 19, 2011 07:18:01

I can confirm that this issue is present in Tomcat 7 as well.  The issue is arising in my case when I use HttpServletResponse.encodeRedirecURL(...) for a redirect.  The servlet container appends ";jsessionid=..." to the path when cookies are disabled.  I have:

serve("/home").with(HomeServlet.class);

And similarly:

"/home" returns HTTP status 200 "/home;jsessionid=..." returns HTTP status 404

When I log the request information in a filter on "/*", I get:

pathInf=null, requestURI=/myapp/home;jsessionid=0F68C5757FC82AE5CAD909594A628839, servletPath=/home, contextPath=/myapp

[gissuebot]

From philip.j.r.jones on June 03, 2011 14:41:14

Using Guice 3.0, guice-servlet 3.0 I am experiencing the same problem with Jetty (maven-jetty-plugin 6.1.26)

I achieved a very "hacky" fix by adding additional paths in my servlet module, e.g.

server ("/home", "/home;*") .with (homeServlet.class);

However the problem does not stop there. I am using a very simple Servlet / JSP architecture - forwarding to JSPs fails if cookies are turned off and the jsessionid is appended.  For example, forwarding to /WEB-INF/jsp/homePage.jsp throws an exception:

"WARN:org.apache.jasper.servlet.JspServlet:PWC6117: File "/path/to/webapp/home;NF/jsp/homePage.jsp" not foundnull"

Something really bizarre has happened to the path to the JSP...

This is a bit of a killer at the moment.

Looks similar to https://code.google.com/p/google-guice/issues/detail?id=372

[gissuebot]

From sberlin on October 16, 2011 09:40:44

Is this the same issue as 372?  If so, please comment & I'll collapse the issues and everyone can comment in one place.

[gissuebot]

From jeff.ichnowski on October 17, 2011 09:10:41

I do not believe this is the same issue as 372.  This issue is related to handling of ";" in request URIs, specifically the common case of ";jsessionid=...".  372 appears to be related to compiled jsp processing being broken.

[ftaffelt]

i run into this on guice 4.1 so this is already present. is there any work on this issue?