The "#" character has a specific meaning in URLs. So if you want to treat it as an ordinary character, you have to URL-escape it.
However it's not your servlet which has to do the URL-escaping, it's whoever generated the request in the first place. Perhaps somebody clicked on a link which you generated, which had that "#" character in it? If that's the case then you should URL-escape the parameter values when you generate that link. Anyway the first thing to do is to find out where that request came from and how the URL was generated there.
posted 7 years ago
Paul Clapham wrote: Anyway the first thing to do is to find out where that request came from and how the URL was generated there.
Therein lies the issue.
The request originates from Facebook.
This issue is happening in the servlet that is defined as the redirect_uri in our facebook oauth dialog. When a user successfully authenticates, facebook looks up the request_uri (my servlet), and issues a GET request.
The string with the '#' in it, is what is contained in the code=xxx key/value pair of the request. I need this code to then grab an access_token for subsequent Oauth calls.
Actually, *anything* after the '#' (uri fragment) is ignored by the request, even additional key/value pairs.
I'll try taking this up with FB directly if there's no easy workaround via Tomcat and the HttpRequest object.