[
https://jira.jboss.org/browse/JBWEB-181?page=com.atlassian.jira.plugin.sy...
]
Mike Millson commented on JBWEB-181:
------------------------------------
Test case:
1) Deploy the attached JSessionId.war.
2) Request the default home page as follows:
curl
http://localhost:8080/JSessionId/
3) Output should show that the /Home context does not have the jsessionid rewritten into
it:
/Home: /Home <br />
<p />
Home: Home;jsessionid=84938A7D12FF6CC04E6ED9FB5E085F48 <br />
<p />
-: -;jsessionid=84938A7D12FF6CC04E6ED9FB5E085F48 <br />
<p />
test:
http://localhost:8080/JSessionId/Home;jsessionid=84938A7D12FF6CC04E6ED9FB...
<br />
<p />
test2:
http://localhost:8080/Home <br />
4) Restart JBoss setting the following environment variable:
-Dorg.apache.catalina.connector.Response.REWRITE_CONTEXT_CHECK=false
5) Request the default home page as follows:
curl
http://localhost:8080/JSessionId/
6) Output should show that the /Home context does have the jsessionid rewritten into it:
/Home: /Home;jsessionid=81613F61B22173E7A571ED11ECF2C0A3 <br />
<p />
Home: Home;jsessionid=81613F61B22173E7A571ED11ECF2C0A3 <br />
<p />
-: -;jsessionid=81613F61B22173E7A571ED11ECF2C0A3 <br />
<p />
test:
http://localhost:8080/JSessionId/Home;jsessionid=81613F61B22173E7A571ED11...
<br />
<p />
test2:
http://localhost:8080/Home;jsessionid=81613F61B22173E7A571ED11ECF2C0A3 <br /
Allow rewriting URLs for other contexts
---------------------------------------
Key: JBWEB-181
URL:
https://jira.jboss.org/browse/JBWEB-181
Project: JBoss Web
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Core
Affects Versions: JBossWeb-3.0.0.Beta7
Reporter: Mike Millson
Assignee: Remy Maucherat
Fix For: JBossWeb-3.0.0.Beta8
Attachments: JBWEB-181.patch, JSessionId.war.tar.gz
Line 1537 of o.a.c.c.Response.doIsEncodeable()[1] checks that the URL context matches the
webapp context:
if ((file == null) || !file.startsWith(contextPath))
return (false);
There are use cases where a URL would need to be rewritten but not be the same context as
the webapp. In addition, Weblogic apparently does not make this check, so it is an issue
migrating from Weblogic.
Can we remove this check, or add a flag where it can be configured to be removed?
[
1]http://viewvc.jboss.org/cgi-bin/viewvc.cgi/jbossweb/branches/2.1.x/java...
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira