Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Content-Type value is unexpectedly changed by Jetty9


Our authentication mechanism is already used by many user.
Our service is REST application, and users are access by own application. 
If auth mechanism is changed,  they must change  them application.
I didn't want to  forcing them to pay cost, in our own reason.

If this option is provided, we and our users are so happy.

 I understand that optimization is needed for high performance. 
But providing feature in the servlet spec has importance in compatibility.
This feature may be better to provide optional.

//Michitaka Terada

2013/8/8 Greg Wilkins <gregw@xxxxxxxxxxx>
The issue is that Jetty avoids creating a lot of garbage by looking up such common strings in a StringTrie directly from the bytes received.

I will look at making this optional, but for your authentication mechanism I would think it is very delicate if it is relying on case insensitive fields being case sensitive.    While the servlet spec does imply that we should return the exact characters, there is nothing stopping a proxy or any other intermediary rewriting headers to semantically equivalent ones.   Indeed you may even go via a binary protocol (AJP13 or SPDY) that tokenises headers and thus also changes their case.

Is it possible for you yo make your mechanism do lower case conversions before calculating any hash values on case insensitive data?


On 31 July 2013 12:29, てらだみつるつよし <terrada3@xxxxxxxxx> wrote:

I'm in trouble about the "Content-Type" .

I used a recent version Jetty, that version is 8.1.11.v20130520. Now, I'm trying to migrate my application to version 9.0.4.v20130625.

In version 8, Content-Type value is not changed by Jetty.

set by client : application/x-www-form-urlencoded; charset=utf-8

HttpServletRequest.getHeade("Content-Type") : application/x-www-form-urlencoded; charset=utf-8

But in version 9.0.4.v20130625, "Content-Type" value is changed by Jetty.

set by client : application/x-www-form-urlencoded; charset=utf-8

HttpServletRequest.getHeade("Content-Type") : application/x-www-form-urlencoded; charset=UTF-8

A charset value is changed(utf -> UTF).

I use this value to calculate a hash value for authentication mechanism.
This changing of a Content-Type value makes difference between a value calculated in client and that in server, so authentication is failed.

I cannot  judge that this is a specification or a bug.
Have anybody tips or options to avoid this charset changing?


jetty-users mailing list

Greg Wilkins <gregw@xxxxxxxxxxx>
Developer advice and support from the Jetty & CometD experts.
Intalio, the modern way to build business applications.

jetty-users mailing list

Back to the top