Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-5463

RequestUtil.getCharset(HttpServletRequest request) Resilience against unsupported Charsets in Request

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 6.11.0
    • 6.14.0, 7.0.0-M1
    • wicket
    • None
    • Tomcat 6.0.37

    Description

      RequestUtil.getCharset(HttpServletRequest request) should not throw java.nio.charset.UnsupportedCharsetException but default to getDefaultCharset() or throw an Exception that leads

      ---- long version:
      crawling our logs, we found the above exception as a result of a weird
      request that set the following headers on a GET request:

      Content-Type: text/html; charset=auto

      I don't know which UserAgent sent that, but it happened and brought the
      following exception on tomcat 6.0.37:

      java.nio.charset.UnsupportedCharsetException: auto
    at java.nio.charset.Charset.forName(Charset.java:543)
    at
org.apache.wicket.protocol.http.RequestUtils.getCharset(RequestUtils.java:195)
    at
org.apache.wicket.protocol.http.servlet.ServletWebRequest.getCharset(ServletWebRequest.java:476)
    at
org.apache.wicket.protocol.http.servlet.ServletWebRequest.getContextRelativeUrl(ServletWebRequest.java:209)
    at
org.apache.wicket.protocol.http.servlet.ServletWebRequest.<init>(ServletWebRequest.java:113)
    at
org.apache.wicket.protocol.http.servlet.ServletWebRequest.<init>(ServletWebRequest.java:83)
    at
org.apache.wicket.protocol.http.WebApplication.newWebRequest(WebApplication.java:448)
    at
org.apache.wicket.protocol.http.WebApplication.createWebRequest(WebApplication.java:493)
    at
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:196)
    at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)

      even though we are not aware of the semantics of the above header, it
      can happen.

      to work around we extended a ServletWebRequest to add

          public Charset getCharset() {
        try {
            return super.getCharset();
        } catch (UnsupportedCharsetException ignore) {
            return getDefaultCharset();
        }
    }

      Now we are wondering, if RequestUtils:

      public static Charset getCharset(HttpServletRequest request)
    {
        Charset charset = null;
        if (request != null)
        {
            String charsetName = request.getCharacterEncoding();
            if (charsetName != null)
            {
                charset = Charset.forName(charsetName);
            }
        }
        if (charset == null)
        {
            charset = getDefaultCharset();
        }
        return charset;
    }

      should be more resilient to weird charsetNames coming from the container
      (like 'auto' in our example) and return the default charset or a better
      Exception that by default is mapped to HTTP StatusCode 406 ?

      Attachments

        Activity

          People

            svenmeier Sven Meier
            uwe.schaefer uwe.schaefer
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: