Re: [servlet-dev] Path Parameters

[Raymond Augé <raymond.auge@xxxxxxxxxxx>]

Hey folks,

Not being familiar with the construct of path parameters the way they are discussed here, I was reminded of this conversation when having first stumbled on a portion of the JAX-RS specification I was not familiar with, which defines the concept of @MatrixParam [1], noting these as not being well defined in the spec (which i find troubling in and of itself), I was forced to google around and found some Red Hat Fuse documentation [2] about them and they seemed to be defined as you've discussed here (i.e. /monstersforhire/japan;type=daikaiju/flying;wingspan=40).

I'm not sure it brings significant value to the discussion other than to warn that at least one downstream spec seems to require this construct.

Cheers and good luck (always interesting to lurk on these interesting conversations.)

- Ray

[1] https://eclipse-ee4j.github.io/jaxrs-api/apidocs/3.0.0/jakarta/ws/rs/MatrixParam.html

[2] https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/html/apache_cxf_development_guide/restparameters

On Wed, Feb 17, 2021 at 8:00 AM Greg Wilkins <gregw@xxxxxxxxxxx> wrote:

On Wed, 17 Feb 2021 at 13:47, Mark Thomas <markt@xxxxxxxxxx> wrote:

On 17/02/2021 12:16, Greg Wilkins wrote:

> However, that is not compliant with RFC 3986 which says that
> normalization should happen before decoding.

Where does it say that? I just looked through all the references to
normalization and couldn't find it.

I think it says so in 2.4 https://tools.ietf.org/html/rfc3986#section-2.4 which says:

   When a URI is dereferenced, the components and subcomponents
   significant to the scheme-specific dereferencing process (if any)
   must be parsed and separated before the percent-encoded octets within
   those components can be safely decoded, as otherwise the data may be
   mistaken for component delimiters.  The only exception is for
   percent-encoded octets corresponding to characters in the unreserved
   set, which can be decoded at any time. 

>  That is all fine if you
> remember the segment boundaries so that segments like "%2e%2e", "%2f"
> and "..;" would be seen as decoded segments after normalization of "..",
> "/" and "..".

My reading of section 2.2 is that reserved characters should not be %nn
decoded prior to normalization.

Exactly, so if we decode %2f or %2e%2e after normalization we end up with a string that if normalized again could be wrong.

Now if our implementations are consistent with their algorithms, this will not be a problem.  But if we give an application a path that contains

.. or a / that is a segment not a divider, then it is ambiguous and that application can rightly get confused... or just give that path back to

the container and the container will normalize again and get confused.

 

I think the Servlet spec is the place to be more explicit about this.
This has been on my radar for a while:

https://github.com/eclipse-ee4j/servlet-api/issues/18

Good one.  I'll note a summary of this email there.

 

--

Greg Wilkins <gregw@xxxxxxxxxxx> CTO http://webtide.com

_______________________________________________
servlet-dev mailing list
servlet-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/servlet-dev

--

Raymond Augé (@rotty3000)

Senior Software Architect Liferay, Inc. (@Liferay)

OSGi Fellow