Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-509

WebUtils.decodeAndCleanUriString incorrectly handles matrix parameters

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.2.2
    • Fix Version/s: None
    • Component/s: Web
    • Labels:
      None
    • Environment:
      Webapp deployment in Jetty

      Description

      If I config a web filter (say anon) for a path /**/public and make a request to /mystuff;filter=toys/prices/public the filter is not triggered because WebUtils.decodeAndCleanUriString() removes everything after the ';' (so it only tries to match on /mystuff). The fix is to change
      int semicolonIndex = uri.indexOf(';');
      to
      int lastSlash = uri.lastIndexOf('/');
      int semicolonIndex = uri.lastIndexOf(';');
      if(semicolonIndex > lastSlash) then drop trailing matrix params. So that matrix params in parent path segments are left intact.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mjhale Mark Hale

              Dates

              • Created:
                Updated:

                Issue deployment