Class HttpURI
- java.lang.Object
-
- org.eclipse.jetty.http.HttpURI
-
public class HttpURI extends java.lang.Object
Http URI. Parse an HTTP URI from a string or byte array. Given a URIhttp://user@host:port/path;param1/%2e/info;param2?query#fragment
this class will split it into the following optional elements:getScheme()
- http:getAuthority()
- //name@host:portgetHost()
- hostgetPort()
- portgetPath()
- /path;param1/%2e/info;param2getDecodedPath()
- /path/infogetParam()
- param2getQuery()
- querygetFragment()
- fragment
The path part of the URI is provided in both raw form (
getPath()
) and decoded form (getDecodedPath()
), which has: path parameters removed, percent encoded characters expanded and relative segments resolved. This approach is somewhat contrary to RFC3986 which no longer defines path parameters (removed after RFC2396) and specifies that relative segment normalization should take place before percent encoded character expansion. A literal interpretation of the RFC can result in URI paths with ambiguities when viewed as strings. For example, a URI of/foo%2f..%2fbar
is technically a single segment of "/foo/../bar", but could easily be misinterpreted as 3 segments resolving to "/bar" by a file system.Thus this class avoid and/or detects such ambiguities. Furthermore, by decoding characters and removing parameters before relative path normalization, ambiguous paths will be resolved in such a way to be non-standard-but-non-ambiguous to down stream interpretation of the decoded path string. The violations are recorded and available by API such as
hasAmbiguousSegment()
so that requests containing them may be rejected in case the non-standard-but-non-ambiguous interpretations are not satisfactory for a given compliance configuration.Implementations that wish to process ambiguous URI paths must configure the compliance modes to accept them and then perform their own decoding of
getPath()
.If there are multiple path parameters, only the last one is returned by
getParam()
.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static class
HttpURI.State
(package private) static class
HttpURI.Violation
Violations of safe URI interpretations
-
Field Summary
Fields Modifier and Type Field Description private static Trie<java.lang.Boolean>
__ambiguousSegments
private static boolean[]
__unreservedPctEncodedSubDelims
private java.lang.String
_decodedPath
private boolean
_emptySegment
private java.lang.String
_fragment
private java.lang.String
_host
private java.lang.String
_param
private java.lang.String
_path
private int
_port
private java.lang.String
_query
private java.lang.String
_scheme
private java.lang.String
_uri
private java.lang.String
_user
private java.util.EnumSet<HttpURI.Violation>
_violations
-
Constructor Summary
Constructors Constructor Description HttpURI()
HttpURI(java.lang.String uri)
HttpURI(java.lang.String scheme, java.lang.String host, int port, java.lang.String pathQuery)
HttpURI(java.lang.String scheme, java.lang.String host, int port, java.lang.String path, java.lang.String param, java.lang.String query, java.lang.String fragment)
HttpURI(java.net.URI uri)
HttpURI(HttpURI uri)
HttpURI(HttpURI schemeHostPort, HttpURI uri)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description private void
checkSegment(java.lang.String uri, int segment, int end, boolean param)
Check for ambiguous path segments.void
clear()
static HttpURI
createHttpURI(java.lang.String scheme, java.lang.String host, int port, java.lang.String path, java.lang.String param, java.lang.String query, java.lang.String fragment)
Construct a normalized URI.void
decodeQueryTo(MultiMap<java.lang.String> parameters)
void
decodeQueryTo(MultiMap<java.lang.String> parameters, java.lang.String encoding)
void
decodeQueryTo(MultiMap<java.lang.String> parameters, java.nio.charset.Charset encoding)
boolean
equals(java.lang.Object o)
java.lang.String
getAuthority()
java.lang.String
getDecodedPath()
java.lang.String
getFragment()
java.lang.String
getHost()
java.lang.String
getParam()
Get a URI path parameter.java.lang.String
getPath()
The parsed Path.java.lang.String
getPathQuery()
int
getPort()
java.lang.String
getQuery()
java.lang.String
getScheme()
java.lang.String
getUser()
boolean
hasAmbiguousEmptySegment()
boolean
hasAmbiguousEncoding()
boolean
hasAmbiguousParameter()
boolean
hasAmbiguousSegment()
boolean
hasAmbiguousSeparator()
private boolean
hasAuthority()
int
hashCode()
boolean
hasQuery()
boolean
hasUtf16Encoding()
(package private) boolean
hasViolation(HttpURI.Violation violation)
boolean
hasViolations()
boolean
isAbsolute()
boolean
isAmbiguous()
private static boolean
isDigit(char c)
private static boolean
isHexDigit(char c)
private boolean
isPathValidForAuthority(java.lang.String path)
private static boolean
isSubDelim(char c)
private static boolean
isUnreserved(char c)
(package private) static boolean
isUnreservedPctEncodedOrSubDelim(char c)
void
parse(java.lang.String uri)
void
parse(java.lang.String uri, int offset, int length)
private void
parse(HttpURI.State state, java.lang.String uri, int offset, int end)
void
parseConnect(java.lang.String uri)
Deprecated.void
parseRequestTarget(java.lang.String method, java.lang.String uri)
Parse according to https://tools.ietf.org/html/rfc7230#section-5.3void
setAuthority(java.lang.String host, int port)
void
setParam(java.lang.String param)
void
setPath(java.lang.String path)
void
setPathQuery(java.lang.String pathQuery)
void
setQuery(java.lang.String query)
void
setScheme(java.lang.String scheme)
java.lang.String
toString()
java.net.URI
toURI()
-
-
-
Field Detail
-
__ambiguousSegments
private static final Trie<java.lang.Boolean> __ambiguousSegments
-
__unreservedPctEncodedSubDelims
private static final boolean[] __unreservedPctEncodedSubDelims
-
_scheme
private java.lang.String _scheme
-
_user
private java.lang.String _user
-
_host
private java.lang.String _host
-
_port
private int _port
-
_path
private java.lang.String _path
-
_param
private java.lang.String _param
-
_query
private java.lang.String _query
-
_fragment
private java.lang.String _fragment
-
_uri
private java.lang.String _uri
-
_decodedPath
private java.lang.String _decodedPath
-
_violations
private final java.util.EnumSet<HttpURI.Violation> _violations
-
_emptySegment
private boolean _emptySegment
-
-
Constructor Detail
-
HttpURI
public HttpURI()
-
HttpURI
public HttpURI(java.lang.String scheme, java.lang.String host, int port, java.lang.String path, java.lang.String param, java.lang.String query, java.lang.String fragment)
-
HttpURI
public HttpURI(HttpURI uri)
-
HttpURI
public HttpURI(java.lang.String uri)
-
HttpURI
public HttpURI(java.net.URI uri)
-
HttpURI
public HttpURI(java.lang.String scheme, java.lang.String host, int port, java.lang.String pathQuery)
-
-
Method Detail
-
isDigit
private static boolean isDigit(char c)
-
isHexDigit
private static boolean isHexDigit(char c)
-
isUnreserved
private static boolean isUnreserved(char c)
-
isSubDelim
private static boolean isSubDelim(char c)
-
isUnreservedPctEncodedOrSubDelim
static boolean isUnreservedPctEncodedOrSubDelim(char c)
-
createHttpURI
public static HttpURI createHttpURI(java.lang.String scheme, java.lang.String host, int port, java.lang.String path, java.lang.String param, java.lang.String query, java.lang.String fragment)
Construct a normalized URI. Port is not set if it is the default port.- Parameters:
scheme
- the URI schemehost
- the URI hoseport
- the URI portpath
- the URI pathparam
- the URI paramquery
- the URI queryfragment
- the URI fragment- Returns:
- the normalized URI
-
clear
public void clear()
-
parse
public void parse(java.lang.String uri)
-
parseRequestTarget
public void parseRequestTarget(java.lang.String method, java.lang.String uri)
Parse according to https://tools.ietf.org/html/rfc7230#section-5.3- Parameters:
method
- the request methoduri
- the request uri
-
parseConnect
@Deprecated public void parseConnect(java.lang.String uri)
Deprecated.
-
parse
public void parse(java.lang.String uri, int offset, int length)
-
parse
private void parse(HttpURI.State state, java.lang.String uri, int offset, int end)
-
checkSegment
private void checkSegment(java.lang.String uri, int segment, int end, boolean param)
Check for ambiguous path segments. An ambiguous path segment is one that is perhaps technically legal, but is considered undesirable to handle due to possible ambiguity. Examples include segments like '..;', '%2e', '%2e%2e' etc.- Parameters:
uri
- The URI stringsegment
- The inclusive starting index of the segment (excluding any '/')end
- The exclusive end index of the segment
-
hasAmbiguousSegment
public boolean hasAmbiguousSegment()
- Returns:
- True if the URI has a possibly ambiguous segment like '..;' or '%2e%2e'
-
hasAmbiguousEmptySegment
public boolean hasAmbiguousEmptySegment()
- Returns:
- True if the URI empty segment that is ambiguous like '//' or '/;param/'.
-
hasAmbiguousSeparator
public boolean hasAmbiguousSeparator()
- Returns:
- True if the URI has a possibly ambiguous separator of %2f
-
hasAmbiguousParameter
public boolean hasAmbiguousParameter()
- Returns:
- True if the URI has a possibly ambiguous path parameter like '..;'
-
hasAmbiguousEncoding
public boolean hasAmbiguousEncoding()
- Returns:
- True if the URI has an encoded '%' character.
-
isAmbiguous
public boolean isAmbiguous()
- Returns:
- True if the URI has either an
hasAmbiguousSegment()
orhasAmbiguousEmptySegment()
orhasAmbiguousSeparator()
orhasAmbiguousParameter()
-
hasViolations
public boolean hasViolations()
- Returns:
- True if the URI has any Violations.
-
hasViolation
boolean hasViolation(HttpURI.Violation violation)
-
hasUtf16Encoding
public boolean hasUtf16Encoding()
- Returns:
- True if the URI encodes UTF-16 characters with '%u'.
-
getScheme
public java.lang.String getScheme()
-
getHost
public java.lang.String getHost()
-
getPort
public int getPort()
-
getPath
public java.lang.String getPath()
The parsed Path.- Returns:
- the path as parsed on valid URI. null for invalid URI.
-
getDecodedPath
public java.lang.String getDecodedPath()
- Returns:
- The decoded canonical path.
- See Also:
URIUtil.canonicalPath(String)
-
getParam
public java.lang.String getParam()
Get a URI path parameter. Multiple and in segment parameters are ignored and only the last trailing parameter is returned.- Returns:
- The last path parameter or null
-
setParam
public void setParam(java.lang.String param)
-
getQuery
public java.lang.String getQuery()
-
hasQuery
public boolean hasQuery()
-
getFragment
public java.lang.String getFragment()
-
decodeQueryTo
public void decodeQueryTo(MultiMap<java.lang.String> parameters)
-
decodeQueryTo
public void decodeQueryTo(MultiMap<java.lang.String> parameters, java.lang.String encoding) throws java.io.UnsupportedEncodingException
- Throws:
java.io.UnsupportedEncodingException
-
decodeQueryTo
public void decodeQueryTo(MultiMap<java.lang.String> parameters, java.nio.charset.Charset encoding) throws java.io.UnsupportedEncodingException
- Throws:
java.io.UnsupportedEncodingException
-
isAbsolute
public boolean isAbsolute()
-
toString
public java.lang.String toString()
- Overrides:
toString
in classjava.lang.Object
-
equals
public boolean equals(java.lang.Object o)
- Overrides:
equals
in classjava.lang.Object
-
hashCode
public int hashCode()
- Overrides:
hashCode
in classjava.lang.Object
-
setScheme
public void setScheme(java.lang.String scheme)
-
setAuthority
public void setAuthority(java.lang.String host, int port)
- Parameters:
host
- the hostport
- the port
-
isPathValidForAuthority
private boolean isPathValidForAuthority(java.lang.String path)
-
setPath
public void setPath(java.lang.String path)
- Parameters:
path
- the path
-
setPathQuery
public void setPathQuery(java.lang.String pathQuery)
-
hasAuthority
private boolean hasAuthority()
-
setQuery
public void setQuery(java.lang.String query)
-
toURI
public java.net.URI toURI() throws java.net.URISyntaxException
- Throws:
java.net.URISyntaxException
-
getPathQuery
public java.lang.String getPathQuery()
-
getAuthority
public java.lang.String getAuthority()
-
getUser
public java.lang.String getUser()
-
-