[keycloak-dev] Trailing slash

Sebastian Laskawiec slaskawi at redhat.com
Thu Feb 21 05:59:27 EST 2019

I'm glad you agree with me.

@Hynek Mlnarik <hmlnarik at redhat.com> - The bad news is that I will need to
implement that for the Jetty adapter. I tried to avoid it but it turns out
that SAML tests force me to do this (since most of them use injected url to
construct SAML calls). There is also a good side of it though, all the code
I'm refactoring now will use UriBuilders. So we should never have this kind
of problems again.

On Wed, Feb 20, 2019 at 3:34 PM Stian Thorgersen <sthorger at redhat.com>

> That being said I have no clue why it was added and if it would break
> something to fix it ;)
> On Wed, 20 Feb 2019 at 15:34, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>> That is some strange behaviour and I agree "/path/" is not the same as
>> "/path" so this is an invalid rewrite of the URL.
>> On Wed, 20 Feb 2019 at 14:50, Sebastian Laskawiec <slaskawi at redhat.com>
>> wrote:
>>> Hey guys,
>>> I'm working on migrating Jetty adapters to our base testsuite at the
>>> moment
>>> and I noticed an interesting problem.
>>> The URLProvider is responsible for adjusting injected URLs into the Page
>>> objects. One of the things it does is trimming the trailing slash out, so
>>> that "http://localhost:8280/client-secret-jwt-secure-portal/" becomes "
>>> http://localhost:8280/client-secret-jwt-secure-portal". We depend on
>>> this
>>> functionality a lot in our testsuite when constructing all kind of
>>> assertions that include myPage.getInjectedUrl().toString(). In other
>>> words,
>>> if we inject a URL with a trailing slash, there will be quite a lot of
>>> test
>>> that fail.
>>> Trailing space at the end is not meaningless unfortunately. It is being
>>> used by the container to find proper context. Here's one of the best
>>> explanations I found so far [1].
>>> Jetty enforces trailing slashes for Servlets deployed in the container.
>>> If
>>> you hit a Servlet without a slash (
>>> http://localhost:8280/client-secret-jwt-secure-portal for example), you
>>> will be redirected (with HTTP 302) to a version that has it (
>>> http://localhost:8280/client-secret-jwt-secure-portal/). This of course
>>> breaks some of the tests in our testsuite (since the Resteasy HTTP Engine
>>> doesn't follow redirects by default). It is also worth to mention, that
>>> Arquillian also adds trailing slash at the end of the Servlet context
>>> [2].
>>> So by default, it injects all URLs with trailing space.
>>> My take on this is that we should not trim the trailing slash. Moreover,
>>> we
>>> should never manipulate a raw string representation of a URL. What we
>>> should do instead is to use URI#resolve method if we need to query
>>> sub-contexts. Using URI instead of URL is extremely important when it
>>> comes
>>> to equality (if you're interested more in this, please read [3]).
>>> If you agree with me, I'll go ahead and create a JIRA for it.
>>> Thanks,
>>> Sebastian
>>> [1]
>>> https://stackoverflow.com/questions/37370407/how-to-remove-trailing-slash-from-embedded-jetty-urls/37485104#37485104
>>> [2]
>>> See
>>> org.jboss.arquillian.container.spi.client.protocol.metadata.Servlet#getBaseURIAsString
>>> method
>>> [3] http://blog.markfeeney.com/2010/11/java-uri-vs-url.html
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list