Rewrite is changing escaped url to not escaped

Splash Forums Rewrite Users Rewrite is changing escaped url to not escaped

This topic contains 10 replies, has 2 voices, and was last updated by  Janario Oliveira 1 year, 3 months ago.

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #27046

    Janario Oliveira
    Participant

    Hi guys,

    I’m doing a redirect from ExternalContext such as:

    String url = "http://janario.com.br/files/dev%2Ffile.png?Expires=1428353769&Key=abcd";
    ExternalContext externalContext = getFacesContext().getExternalContext();
    externalContext.redirect(url);

    But the problem is that in HttpRewriteWrappedResponse.encodeURL, right after create org.ocpsoft.urlbuilder.Address it changes my escaped characterer(%2F) to a character not escaped(/). e.g.
    from: “http://janario.com.br/files/dev%2Ffile.png?Expires=1428353769&Key=abcd”
    to: “http://janario.com.br/files/dev/file.png?Expires=1428353769&Key=abcd”

    To simplify I’ve tested under AddressBuilder.create(URLBuilder.createFrom(s).toURL()).toString() and I saw that Rewrite do a Decoder in AddressBuilderPort.pathEncoded but this lost the original url

    Is there a way to change this behavior?

    #27048

    Hmmm. AddressBuilder basically normalizes the URL. The character / doesn’t have to be escaped in path segments. That’s why AddressBuilder replaces it with /. Why do you want to escape the / character? From my understanding that’s actually not a normalized URL.

    #27049

    Janario Oliveira
    Participant

    To be more specific these links are exported from AWS S3. I have a bucket with some files organized in some folders.
    So I’ve created a component that only generates temp links when the user really want to download some content.

    As I see AddressBuilder should preserve the original path, but I’m not sure if only in redirect from the response

    #27054

    I still don’t understand why you are using %2F instead of /. That’s basically the same thing. But / must not be escaped in path segments. So using / is more correct.

    #27063

    Janario Oliveira
    Participant

    This is not under my control. As I said the links are generated by external api, AWS S3, to them ‘dev/file.png’ is not like an http path but it is as a keyname of a file that’s why they escaped

    AmazonS3 conn = new AmazonS3Client(new BasicAWSCredentials(accessKey, secretKey));
    conn.setEndpoint("s3-zone.amazonaws.com");
    
    String link=conn.generatePresignedUrl(new GeneratePresignedUrlRequest("mybucket", "dev/file.png")).toExternalForm();
    //link is with %2F

    So after redirect it with rewrite, it changes and the link stop to work with an error in “Signature”

    #27065

    Ah, OK. Hmmm. Not sure how to handles this. But I think there is a workaround that may help. Could you try this:

    FacesContext facesContext = FacesContext.getCurrentInstance();
    HttpServletResponse response = (HttpServletResponse) facesContext.getExternalContext().getResponse();
    response.sendRedirect( "...." );
    

    In this case Rewrite doesn’t process the URL which will hopefully fix your problem.

    #27070

    Janario Oliveira
    Participant

    Thanks the workaround works.

    Do you see this as an issue? Should I open it? It would be good to not lost the original url

    #27072

    Great!

    Not sure if this is an issue. Actually I think both URLs (with / and %2F) are technically equivalent. However looks like S3 has a different opinion on this. 😉

    #27073

    Janario Oliveira
    Participant

    I’ve found another case with h:graphicImage.
    <h:graphicImage value=”#{myController.generateAwsTempUrl}” />
    That’s because the renderer(ImageRenderer) delegates to externalContext().encodeResourceURL(requestPath) (in case of my jsf impl, mojarra)
    I’m looking for internal workaround.

    I think Rewrite should preserve the original url. Maybe always leave it escaped in org.ocpsoft.urlbuilder.Address and from redirect creates it as already escaped

    #27074

    As I said earlier using %2F in path segments is always dodgy. There are many cases where something like this is even forbidden.

    Apache httpd for example forbids URLs containing %2F by default:

    http://httpd.apache.org/docs/2.4/mod/core.html#allowencodedslashes

    It is the same for Apache Tomcat. You have to set a system property to allow encoded path separators:

    -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
    

    I think it will be difficult to fix this in the Address class of Rewrite. However, any help with fixing this is welcome.

    In the case of images you should try to render simple HTML img elements instead of using h:graphicImage. This should work fine.

    #27098

    Janario Oliveira
    Participant

    After some more test I looked that we were using an old version of aws-sdk, I upgrade it and it generates url not escaped(without %2f)
    With this everything works ok.

    Thanks for the help Christian

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.

Comments are closed.