PQ75239: GETREQUESTURI METHOD DECODES THE URI

 Fixes are available

PQ85432; 5.0.x, 5.1.0.3: HTTP connection is not closed in event of an IO excepti
5.1.0.5: WebSphere Application Server Express 5.1 Cumulative Fix 5
5.0.2.7: WebSphere Application Server Express 5.0.2 Cumulative Fix 7
5.0.2.12: WebSphere Application Server 5.0.2 Cumulative Fix 12
5.0.2.13: WebSphere Application Server 5.0.2 Cumulative Fix 13
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for AIX
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for Solaris
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for HP-UX
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for Windows
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for Linux
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for Windows
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for Solaris
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for AIX
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for Linux
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for HP-UX
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for HP-UX
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for AIX
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for Solaris
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for Windows
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for Linux
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for AIX
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for HP-UX
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Linux
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Windows
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Solaris
5.0.2.8: WebSphere Application Server V5.0.2 Cumulative Fix 8
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for HP-UX
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for AIX
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Solaris
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Windows
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Linux
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Windows
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Solaris
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for HP-UX
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Linux
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for AIX



APAR status
Closed as program error.

Error description
The getRequestURI method on an HttpServletRequest method returns
a decoded URI; however, the servlet specification states that
the URI string should not be decoded.

For example, if a user types

http://myhost:9080/testWeb/One%2FTwo+three
into a browser, when our servlet gets control, we expect the
getRequestURI() method to return:
/testWeb/One%2FTwo+three
What we get instead is:
/testWeb/One/Two+three
(The encoded '%2F' has been decoded to '/')

This problem has been reported internally in defect 161694.
Local fix
Currently there is no work around available.
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server developers      *
*                 using the servlet API.                       *
****************************************************************
* PROBLEM DESCRIPTION: The implementation of                   *
*                      request.getRequestURI() will decode the *
*                      URI from the HTTP request.              *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When the getRequestURI() method is called upon an HTTP request,
all escape sequences ( %xx ) are decoded using HTTPUtils.
This behaviour deviates from the servlet API specification.
Problem conclusion
The code was modified to postpone decoding the URI until the
dispatchByURI() method is called.  This is done so the
getRequestURI() method will always return the original URI from
an HTTP request.
Temporary fix
fix posted already.
Comments
APAR information
APAR number PQ75239
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-06-13
Closed date 2003-09-12
Last modified date 2004-06-15

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
WEBENG          

SRLS

Fix information

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ75239
IBM Group: Software Group
Modified date: Jun 15, 2004