Add option to encode MultiValueMap of query params

[OrangeDog]

Parameters passed using %-encoding will be double escaped by fromCurrentRequest():

@GetMapping
@ResponseBody
public Map<String, Object> test(@RequestParam MultiValueMap<String, String> params) {
    return Map.of(
            "params", params,
            "uri", ServletUriComponentsBuilder.fromCurrentRequest().toUriString()
    );
}

$ curl http://localhost:8080/?p=*
{"uri":"http://localhost:8080/?p=*","params":{"p":["*"]}}

$ curl http://localhost:8080/?p=%2a
{"uri":"http://localhost:8080/?p=%252a","params":{"p":["*"]}}

Spring Web 5.2.1.RELEASE

[OrangeDog]

Current workaround:

RequestAttributes attributes = RequestContextHolder.currentRequestAttributes();
HttpServletRequest servletRequest = ((ServletRequestAttributes) attributes).getRequest();
WebRequest webRequest = new ServletWebRequest(servletRequest);
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
for (Map.Entry<String, String[]> e : webRequest.getParameterMap().entrySet()) {
    params.addAll(e.getKey(), Arrays.asList(e.getValue()));
}

ServletUriComponentsBuilder.fromRequest(servletRequest).replaceQueryParams(params)

There might be a better way to get the MultiValueMap from the current request.

[rstoyanchev]

The Javadoc for for toUriString() says it is a shortcut for builder.build().encode().toUriString(). However, ServletUriComponentsBuilder was initialized from already encoded components (requestUri, queryString in HttpServletRequest), so it should be builder.build(true).toUriString() instead.

So this is expected behavior. We could improve the Javadoc on ServletUriComponentsBuilder to mention specifically requestUri and queryString and that they're encoded, so be sure to use build(true)..

[OrangeDog]

The greater problem comes when you then use that builder to e.g. add another parameter that will need encoding. It would be better IMO to always create builders with their source parts decoded.

[rstoyanchev]

I see your point but there is ambiguity once a URI component (e.g. path, query) is decoded. For example requestUri="/abc%3Bdef" would decode to "/abc;def" but when encoding such a path you might want the ";" to remain as is in some cases or have it encoded in others so the reserved meaning is either preserved or suppressed. UriComponents does the former but also provides extra options for stricter encoding of URI variables as described in the docs.

Regardless, we can't change how ServletUriComponents#fromRequest works already, and an overloaded variant that does decode won't help much either for the above mentioned reason. I think it's best to rely on UriUtils to encode the extra query params.

Currently there is a method to encode individual query params or a query string. We can add an additional one to encode from a MultValueMap to match the options available in UriComponentsBuilder. So in the end it would look like this:

MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
// add params

ServletUriComponentsBuilder.fromCurrentRequest()
        .queryParams(UriUtils.encodeQueryParams(params))
        .build(true)
        .toUriString();

[spring-projects-issues]

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

[OrangeDog]

@rstoyanchev what feedback are you waiting for?

[rstoyanchev]

I guess the issue bot doesn't react to emojis :), thanks.