CXF
  1. CXF
  2. CXF-2462

CXF REST is not parsing the header value correctly if a comma is specified in a parameter value.

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.3
    • Fix Version/s: 2.2.7, 2.3
    • Component/s: JAX-RS
    • Labels:
      None
    • Environment:

      Ubuntu 9.04, Compaq 6910p, 4GB memory

      Description

      The RFC2616 and RFC822 states that a header is comprised of the following:

      header = [ header-value ] *( "," [ header-value ] )
      header-value = name [ "=" [ value ] ] *( ";" [ param ] )
      param = name [ "=" [ value ] ]
      name = token
      value = token | quoted-string
      token = 1*<any CHAR except CTLs or separators>
      separators = "(" | ")" | "<" | ">" | "@"

      "," ";" ":" "\" <">
      "/" "[" | "]" "?" "="
      " {" | "}

      "

      SP HT
      quoted-string = ( <"> *(qdtext
      quoted-pair ) <"> )
      qdtext = <any TEXT except <">>

      The backslash character ("\") MAY be used as a single-character
      quoting mechanism only within quoted-string and comment constructs.

      quoted-pair = "\" CHAR

      Based on the above, this header should be valid

      xm-my-header : foo,bar,dogs="snoopy,bowzer";cat=garfield

      My REST service defines the method parameter this in its interface as

      @HeaderParam("xm-my-header") List<String> args

      I expected CXF to pass 3 elements into the service:

      [0] foo
      [1] bar
      [2] dogs="snoopy,bowzer"; cat=garfield

      But, this is what CXF passes into the service:

      [0] foo
      [1] bar
      [2] dogs="snoopy
      [3] bowzer";cat=garfield

      CFX is parsing the header value using the comma as a delimiter. But, it is ignoring the fact that the value may be within a quoted-string.

        Activity

        Hide
        Sergey Beryozkin added a comment -

        Hope it is the final fix to the whole header processing story, if a header has a value starting and ending with "\"" then the single value inside the quotes will be returned with quotes being stripped

        Show
        Sergey Beryozkin added a comment - Hope it is the final fix to the whole header processing story, if a header has a value starting and ending with "\"" then the single value inside the quotes will be returned with quotes being stripped
        Hide
        Arnaud Lucas added a comment -

        Hi Sergey,

        We are now using CXF 2.2.6.

        The client provides some custom HTTP headers like
        x-im-my-header: "My API"
        (notice the double quotes around My API_

        However, the web service POJO is getting injected for @HeaderParam("x-im-my-header") with the value My instead of My API or instead of "My API" like it used to.

        I see in HttpHeadersImpl.getHeaderValues(...) that if a value has quotes, it gets parsed using the complex header expression. I am not sure that the value should be parsed at all when quoted at least for custom headers. It may be better if CXF just removes the quotes around the value and unescape any quote characters within the value at least for custom headers.

        Feel free to contact me by email to get more information: arnaud.lucas@ironmountain.com

        Show
        Arnaud Lucas added a comment - Hi Sergey, We are now using CXF 2.2.6. The client provides some custom HTTP headers like x-im-my-header: "My API" (notice the double quotes around My API_ However, the web service POJO is getting injected for @HeaderParam("x-im-my-header") with the value My instead of My API or instead of "My API" like it used to. I see in HttpHeadersImpl.getHeaderValues(...) that if a value has quotes, it gets parsed using the complex header expression. I am not sure that the value should be parsed at all when quoted at least for custom headers. It may be better if CXF just removes the quotes around the value and unescape any quote characters within the value at least for custom headers. Feel free to contact me by email to get more information: arnaud.lucas@ironmountain.com
        Hide
        Sergey Beryozkin added a comment - - edited

        There were a couple of fixes going in...
        Are you using 2.2.5 ?
        Can you post a sample header value and explain what is unexpected in the way the value is retrieved ?

        cheers, Sergey

        Show
        Sergey Beryozkin added a comment - - edited There were a couple of fixes going in... Are you using 2.2.5 ? Can you post a sample header value and explain what is unexpected in the way the value is retrieved ? cheers, Sergey
        Hide
        Arnaud Lucas added a comment -

        The issue is now marked as fixed in 2.2.5. Can you tell me what the fix is and what code was changed to fix the bug? I am seeing some unexpected behavior with header values now.

        Show
        Arnaud Lucas added a comment - The issue is now marked as fixed in 2.2.5. Can you tell me what the fix is and what code was changed to fix the bug? I am seeing some unexpected behavior with header values now.
        Hide
        Sergey Beryozkin added a comment -

        Actually, ignore it please, you can probably just do (as a workaround)

        @HeaderParam("xm-my-header") String arg

        and then parse it manually

        or

        @HeaderParam("xm-my-header") XmlMyHeaderBean

        which will have

        XmlMyHeaderBean(String) constructor and a method

        List<String> getValues()

        but it will be fixed at the runtime level soon

        Show
        Sergey Beryozkin added a comment - Actually, ignore it please, you can probably just do (as a workaround) @HeaderParam("xm-my-header") String arg and then parse it manually or @HeaderParam("xm-my-header") XmlMyHeaderBean which will have XmlMyHeaderBean(String) constructor and a method List<String> getValues() but it will be fixed at the runtime level soon
        Hide
        Sergey Beryozkin added a comment -

        Will try to fix it these weekends, thanks.
        The workaround is to use a CXF specific MessageContext, then context.get(Message.REQUEST_HEADERS) and cast a returned Object to Map<String, List<String>> and then manually parse map.get("xm-my-header").get(0), at the moment the underlying HTTP Request impl will return the whole sequence as a single value

        Show
        Sergey Beryozkin added a comment - Will try to fix it these weekends, thanks. The workaround is to use a CXF specific MessageContext, then context.get(Message.REQUEST_HEADERS) and cast a returned Object to Map<String, List<String>> and then manually parse map.get("xm-my-header").get(0), at the moment the underlying HTTP Request impl will return the whole sequence as a single value

          People

          • Assignee:
            Sergey Beryozkin
            Reporter:
            Jerry Chabot
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development