[WICKET-5202] Page redirects can fail when using url encoding - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 6.8.0
Fix Version/s: 6.9.0, 1.5.11, 7.0.0-M1
Component/s: wicket
Labels:
None
Environment:
Linux, Tomcat 7.0.39, JDK 1.7.0

Description

When url encoding is used instead of cookies for session management, some redirections do not work in Wicket 6.8.0. The problem appears to be in UrlRenderer.renderRelativeUrl, which returns the (invalid) relative URL:

"..//demo/app;jsessionid=0BFE4703434CFF7BEBAE5CBF6C60B15F"

when passed the URL:

"http://localhost:8080/demo/app;jsessionid=0BFE4703434CFF7BEBAE5CBF6C60B15F"

and when the UrlRenderer's base URL is:

"wicket/page?1-1.ILinkListener-link"

This is because the removeCommonPrefixes method tries to compare segments between the encoded target URL and a URL parsed from

(URLRenderer line 319):
Url commonPrefix = Url.parse(request.getContextPath() + request.getFilterPath());

This second URL does not contain the ;jsessionid=... suffix and the removeCommonPrefixes method doesn't remove prefixes properly. The problem doesn't occur when using cookies for session management, of course.

This issue is new between Wicket version 6.2.0 and 6.8.0. When deployed into a servlet container using url-encoding for session management, the following app works under Wicket 6.2.0 but fails (because of redirecting to an invalid URL) under Wicket 6.8.0:

// ------------------------
// App.java
import org.apache.wicket.protocol.http.WebApplication;
import org.apache.wicket.Page;

public class App extends WebApplication {
@Override
public Class<? extends Page> getHomePage()

{ return A.class; }

}

// ------------------------
// A.java
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.link.Link;

public class A extends WebPage {
public A() {
add(new Link<Object>("link") {
@Override
public void onClick()

{ setResponsePage(B.class); }

});
}
}

// ------------------------
// B.java
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.link.Link;

public class B extends WebPage {
public B() {
add(new Link<Object>("link") {
@Override
public void onClick()

{ setResponsePage(A.class); }

});
}
}

// ------------------------

Clicking the link on the home page A will successfully navigate to page B. Clicking the link on page B should navigate to page A. Under Wicket 6.2.0, or Wicket 6.8.0 with cookies, it works. With Wicket 6.8.0 and url-encoding, it tries to redirect to an incorrect URL like

http://localhost:8080/demo/app//demo/app;jsessionid=0BFE4703434CFF7BEBAE5CBF6C60B15F

which fails (note the double slash and repeated context/filter in the URL).

It is possible to configure Tomcat to use url encoding instead of cookies for session management by editing the conf/context.xml file within the Tomcat installation and making the root element of that file read:

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

jira5202.tgz
27/May/13 10:53
6 kB
James Gifford

Issue Links

is duplicated by

WICKET-5193 UrlRenderer appends './' also to URLs that start with '/'

Resolved

Activity

People

Assignee:: Martin Tzvetanov Grigorov

Reporter:: James Gifford

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 24/May/13 12:36

Updated:: 27/May/13 15:24

Resolved:: 27/May/13 13:42