Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong HttpServletMapping used on INCLUDE in UrlPathHelper.skipServletPathDetermination #26216

Closed
bergander opened this issue Dec 4, 2020 · 4 comments
Closed

Wrong HttpServletMapping used on INCLUDE in UrlPathHelper.skipServletPathDetermination #26216

bergander opened this issue Dec 4, 2020 · 4 comments
Assignees
@rstoyanchev
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: bug A general bug
Milestone
5.3.2

Comments

@bergander
Copy link
Contributor

Affects: 5.3.1

In UrlPathHelper.skipServletPathDetermination() the servlet mapping from the request is used. But if the request is processing an include then the mapping in the request is for the original path. The servlet mapping for the include is in the request attribute RequestDispatcher.INCLUDE_MAPPING ("javax.servlet.include.mapping").

So that method uses the wrong servlet mapping and therefore in some cases return the wrong result. And I'm guessing the same goes for when there's a forward, but that I haven't verified. Then the servlet mapping is in RequestDispatcher.FORWARD_MAPPING.

Or is this an issue with the container? In my case I use tomcat 9.0.39.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Dec 4, 2020
@rstoyanchev
Copy link
Contributor

Mainly we check it isn't a PATH mapping (e.g. "/path/*"). That's the more problematic case where the Servlet path prefix needs to be determined and stripped. Presumably on a given server, mapping by path prefix is either used or not. Can you provide more details for a more specific case?

@rstoyanchev rstoyanchev added in: web Issues in web modules (web, webmvc, webflux, websocket) status: waiting-for-feedback We need additional information before we can continue labels Dec 4, 2020
@bergander
Copy link
Contributor Author

Let me give you some more background on the issue.

If you have a jsp page with an include tag which includes the result of a spring controller method, then it will fail when using spring-framework 5.3.1. In 5.2.10.RELEASE it works just fine.

And the reason for the failure is that when processing the include it's still in the context of the request for the jsp file. So the servlet mapping of the request will contain the servlet mapping for the jsp which usually is EXTENSION (*.jsp). But the include path might be of type PATH and then the UrlPathHelper.skipServletPathDetermination() will return the wrong result for the include and therefore generate a NoHandlerFoundException.

I've attached a sample war project which demonstrates the problem: spring-example.zip. In index.jsp there's an include tag which includes the result of a spring controller (/spring/example). But that include fails with a NoHandlerFoundException. But if I go directly to that url I'll get the result without any NoHandlerFoundException.

To solve this issue the correct servlet mapping must be used in UrlPathHelper.skipServletPathDetermination(). And the servlet mapping for the include is in the request attribute javax.servlet.include.mapping according to Servlet 4 spec (chapter 9.3.1).

And the same problem might affect forwards, but I haven't investigated that. But then then servlet mapping is in javax.servlet.forward.mapping.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Dec 7, 2020
@rstoyanchev rstoyanchev self-assigned this Dec 7, 2020
@rstoyanchev rstoyanchev added this to the 5.3.2 milestone Dec 7, 2020
@rstoyanchev rstoyanchev added type: bug A general bug and removed status: feedback-provided Feedback has been provided status: waiting-for-triage An issue we've not yet triaged or decided on labels Dec 7, 2020
@rstoyanchev
Copy link
Contributor

Thanks for the sample and extra detail. So in your case, the request starts with a JSP page that includes a request to a Servlet mapped by prefix, and on an include the Servlet container returns original request details by default. For forward it's the other way around, with the Servlet container returning current request details by default. Hence I think only include is affected.

@bergander
Copy link
Contributor Author

@rstoyanchev A big thanks for the quick response and fix! I can confirm that it resolves my issue.

@sync-by-unito sync-by-unito bot mentioned this issue Dec 10, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rstoyanchev rstoyanchev

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: bug A general bug
Projects
None yet
Milestone
5.3.2
Development

No branches or pull requests
3 participants
@rstoyanchev @bergander @spring-projects-issues