• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

Bad Request?

 
Bartender
Posts: 1829
17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello all,

I am passing this URL: "http://localhost:8080/services/getWeeksFromDate/2%2F25%2F2020" and it's coming up with this error:

<body>
<h1>HTTP Status 400 – Bad Request</h1>


Type Status Report


Message Invalid URI: noSlash


Description The server cannot or will not process the request due to something that is perceived to be a
client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).




<h3>Apache Tomcat/9.0.7</h3>
</body>

Even though I'm URL Encoding the date, it's never making it to the method.

If I pass "Hello" instead of the encoded date above, it works OK.

In the actual method, I'm just trying to return the string passed in -- no processing while I try to figure this out.

Nothing helpful in the Tomcat log. Can't debug since this happens outside method code.

Would appreciate any suggestions.

Thanks,

- mike
 
Saloon Keeper
Posts: 13248
291
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Show us the (annotated) controller class header and the (annotated) method signature and tell us what framework you're using and how you've configured your servlet.
 
Mike London
Bartender
Posts: 1829
17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your reply.

It's not annotated. Using the cool "SparkJava" framework (sparkjava.com) which has much less "ceremony" over Spring (which I use also).

For testing, all I'm doing is this:



The syntax is correct as I've been using it for years. There's something about this encoded date I'm missing, however.

Also strange ... but if I use the exact same code in a standalone sparkJava framework (run by JAR and not WAR in Tomcat), then the code works.

---

The servlet is configured like this (very vanilla):

<!DOCTYPE web-app PUBLIC <br /> "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" <br /> "http://java.sun.com/dtd/web-app_2_3.dtd" >

<web-app>
 <!-- some options -->
 <filter>
   <filter-name>SparkFilter</filter-name>
   <filter-class>spark.servlet.SparkFilter</filter-class>
   <init-param>
     <param-name>applicationClass</param-name>
     <param-value>Application</param-value>
   </init-param>
 </filter>

 <filter-mapping>
   <filter-name>SparkFilter</filter-name>
   <url-pattern>/*</url-pattern>
 </filter-mapping>
</web-app>

Not sure this helps.

-- mike
 
Marshal
Posts: 3649
516
Android Eclipse IDE TypeScript Redhat MicroProfile Quarkus Java Linux
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is a Tomcat System Property org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH which related to dealing with %2F and %5F encodings.  I'm not sure if your problem is related to that or not.
 
Stephan van Hulst
Saloon Keeper
Posts: 13248
291
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It appears Tomcat does not allow encoded slashes by default. You can allow it by setting the ALLOW_ENCODED_SLASH system property.

https://tomcat.apache.org/tomcat-9.0-doc/config/systemprops.html#Security

[edit]

It turns out Ron was much faster.
 
Mike London
Bartender
Posts: 1829
17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Wow, thanks.

Well, at least I have a different error.

I put the property setting in catalina.properties

org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true

Now, I'm getting a 404 error.

http://localhost:8080/services/getWeeksFromDate/2%2F25%2F2020

-----------

<html>

<body>
<h2>404 Not found</h2>
</body>

</html>


---

Some progress at least.

-- mike
 
Ron McLeod
Marshal
Posts: 3649
516
Android Eclipse IDE TypeScript Redhat MicroProfile Quarkus Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think by enabling ALLOW_ENCODED_SLASH, the encoded slashes are not now being interpreted as path delimiters.

I am not familiar with the Spark framework, but with JAX-RS you would use the following syntax to include everything after getWeeksFromDate as parameter data:
    @Path("/getWeeksFromDate/{date : .*}")
 
Mike London
Bartender
Posts: 1829
17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ron McLeod wrote:I think by enabling ALLOW_ENCODED_SLASH, the encoded slashes are not now being interpreted as path delimiters.

I am not familiar with the Spark framework, but with JAX-RS you would use the following syntax to include everything after getWeeksFromDate as parameter data:
    @Path("/getWeeksFromDate/{date : .*}")



I agree that seems to be happening with that Tomcat setting.  If I pass "2" as the date, I get to the method and get the expected error. But, if I pass "2%2F25%2F2020", then I get the 404 error -- meaning there's no such method signature. What you posit must be what's going on.

I need to disable this tomcat setting (was hoping it was the solution) and figure some other way to encode the date. Possibly Base64Encode or something.

Regarding the syntax, yes, SparkJava has totally different syntax. Check out this cool little framework.

This problem definitely seems to be a tomcat issue since running the same code, as I mentioned above, in a standalone SparkJava app (JAR instead of WAR) works fine.

Really strange.

Thanks Ron.

- mike
 
Mike London
Bartender
Posts: 1829
17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Workaround:

Changing encoding on client side to Base64 was a workable alternative.

New code:


Works OK.

As I recall, Tomcat works OK if you POST the URLEncoded date. The problem appears to be in a GET.

Appreciate all the replies.

- mike
 
Ron McLeod
Marshal
Posts: 3649
516
Android Eclipse IDE TypeScript Redhat MicroProfile Quarkus Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Mike London wrote:Changing encoding on client side to Base64 was a workable alternative.


I would have picked ISO 8601 date-only format to form the URL as: /getWeeksFromDate/2020-02-25

It has the side benefit of being human-readable.
 
Mike London
Bartender
Posts: 1829
17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ron McLeod wrote:

Mike London wrote:Changing encoding on client side to Base64 was a workable alternative.


I would have picked ISO 8601 date-only format to form the URL as: /getWeeksFromDate/2020-02-25

It has the side benefit of being human-readable.



Yes, absolutely. No argument.

However, in this case, and implicit in this service was the need to pass a date as common in the third party application.

Thanks again, Ron.

-- mike
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic