-
Notifications
You must be signed in to change notification settings - Fork 40.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
throws IllegalArgumentException when downloading file when filename includes '%' for undertow server #17853
Comments
Thanks for the report. Can you please provide a minimal sample that reproduces the problem? |
any empty springboot (2.1.7.RELEASE) project using embed undertow server.
if i modify URLResource getMetaInfResource(URL resourceJar, String path) into:
compile & run,
it is ok. |
Thanks for the additional details. I cannot reproduce the problem with an empty app that uses Undertow. As far as I can tell, for the problem to occur, there must be at least one jar on the classpath that contains a I'm not sure that we can fix this by solely replacing |
when i add springfox's swagger2 to project, it happens: pom.xml <?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework</groupId>
<artifactId>gs-spring-boot</artifactId>
<version>0.1.0</version>
<dependencyManagement>
<dependencies>
<dependency>
<!-- Import dependency management from Spring Boot -->
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>2.1.7.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-undertow</artifactId>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-core</artifactId>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-servlet</artifactId>
</dependency>
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-models</artifactId>
<version>1.5.20</version>
</dependency>
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-annotations</artifactId>
<version>1.5.20</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-core</artifactId>
<version>2.9.2</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-common</artifactId>
<version>2.9.2</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.9.2</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.9.2</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-spring-web</artifactId>
<version>2.9.2</version>
</dependency>
</dependencies>
<properties>
<java.version>1.8</java.version>
</properties>
<build>
<sourceDirectory>src/main/java</sourceDirectory>
<testSourceDirectory>src/test/java</testSourceDirectory>
<outputDirectory>target/classes</outputDirectory>
<testOutputDirectory>target/test-classes</testOutputDirectory>
<resources>
<resource>
<directory>src/main/resources</directory>
</resource>
</resources>
<testResources>
<testResource>
<directory>src/test/resources</directory>
</testResource>
</testResources>
<directory>./target</directory>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.3.2</version>
<executions>
<execution>
<id>default-compile</id>
<phase>compile</phase>
<goals>
<goal>compile</goal>
</goals>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
<compilerArgs>
<arg>-parameters</arg>
</compilerArgs>
</configuration>
</execution>
<execution>
<id>default-testCompile</id>
<phase>test-compile</phase>
<goals>
<goal>testCompile</goal>
</goals>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</execution>
</executions>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</build>
</project> only two source file: /src/main/java: Application.java: package test;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class Application {
public static void main(String[] args) throws MalformedURLException {
SpringApplication.run(Application.class, args);
}
} HelloController.java: package test;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.RequestMapping;
@RestController
public class HelloController {
@RequestMapping("/")
public String index() {
return "Greetings from Spring Boot!";
}
} |
@aruanruan You you please share a complete project either as a GitHub project that we can clone or an attached zip file. It's then easier for us to make sure we are talking about the same thing. |
I am experiencing the same issue when I have a '%' character that is correctly encoded in a URL for a Rest controller e.g. I also have the springfox-swagger-ui dependency on my classpath. By the time the path is passed to the private URLResource getMetaInfResource(URL resourceJar, String path) {
try {
URL resourceUrl = new URL(resourceJar + "META-INF/resources" + path);
URLResource resource = new URLResource(resourceUrl, path);
if (resource.getContentLength() < 0) {
return null;
}
return resource;
}
catch (MalformedURLException ex) {
return null;
}
}
} The stack trace I get is as follows:
|
@marcusportmann Do you have a sample application that you can share? We're still ideally looking for something that we can clone and run. |
@philwebb I have created a sample application that you can obtain from here: https://github.com/marcusportmann/spring-boot-sample. If you run the SampleApplication class and open the URL http://localhost:8080/swagger-ui.html#/Sample%20API/testUsingGET in your browser you will be able to invoke the rest controller. To produce the error just add a '%' character to the testValue parameter. |
Curiously, Undertow is inconsistent with regards to which characters are decoded before calling |
Undertow's own |
we map url: '/s/com-huawei-dcp-deploy-deploy-service/v1/api/file/download/main/os/mys/larg%25e_1.0.0.zip' to downloading the special file named 'larg%e_1.0.0.zip' ,
but it throws
becuase '%25' is decode to '%', and URLResource use the path '/s/com-huawei-dcp-deploy-deploy-service/v1/api/file/download/main/os/mys/larg%e_1.0.0.zip', the class ParseUtils throws the IllegaglArgumentException when decoding '%e_'
bug is in the class org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory$MetaInfResourcesResourceManager
The text was updated successfully, but these errors were encountered: