Search code examples
jax-rswebsphere-libertyopen-liberty

JAX-RS is throwing URISyntaxException on Liberty

I have JAX-RS application that works just fine on Liberty 19.0.0.10. The issue I am having appears to be a bug in Liberty runtime where it'd throw URISyntaxException exception if @PathParam has backslashes. The issue was discovered during security code scans.

  1. I tried to absorb this issue with using pre-matching ContainerRequestFilter but I see the same exception even it's presumably processed before matching any resource.
  2. I tried to use custom exception handler but still see the same error.
  3. Trying to catch the exception inside getinfo function obviously does not work since the error happens before going into the function itself.
  4. Using @Encoded annotation does not make any difference obviously.
[ERROR   ] SRVE0777E: Exception thrown by application class 'java.net.URI.create:863'
java.lang.IllegalArgumentException: Illegal character in path at index 80: https://hotsauce/somepath/uuid/a=\dg=bc
        at java.net.URI.create(URI.java:863)
        at com.ibm.ws.jaxrs20.endpoint.AbstractJaxRsWebEndpoint.getBaseURL(AbstractJaxRsWebEndpoint.java:245)
        at [internal classes]
Caused by: java.net.URISyntaxException: Illegal character in path at index 80: https://hotsauce/somepath/uuid/a=\dg=bc
        at java.net.URI$Parser.fail(URI.java:2859)
        at java.net.URI$Parser.checkChars(URI.java:3032)
        at java.net.URI$Parser.parseHierarchical(URI.java:3116)
        at java.net.URI$Parser.parse(URI.java:3064)
        at java.net.URI.<init>(URI.java:599)
        at java.net.URI.create(URI.java:861)
        ... 2 more

[ERROR   ] SRVE0315E: An exception occurred: java.lang.Throwable: java.lang.IllegalArgumentException: Illegal character in path at index 80: https://hotsauce/somepath/uuid/a=\dg=bc
        at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:5051)
        at [internal classes]
Caused by: java.lang.IllegalArgumentException: Illegal character in path at index 80: https://hotsauce/somepath/uuid/a=\dg=bc
        at java.net.URI.create(URI.java:863)
        at com.ibm.ws.jaxrs20.endpoint.AbstractJaxRsWebEndpoint.getBaseURL(AbstractJaxRsWebEndpoint.java:245)
        ... 1 more
Caused by: java.net.URISyntaxException: Illegal character in path at index 80: https://hotsauce/somepath/uuid/a=\dg=bc
        at java.net.URI$Parser.fail(URI.java:2859)
        at java.net.URI$Parser.checkChars(URI.java:3032)
        at java.net.URI$Parser.parseHierarchical(URI.java:3116)
        at java.net.URI$Parser.parse(URI.java:3064)
        at java.net.URI.<init>(URI.java:599)
        at java.net.URI.create(URI.java:861)
        ... 2 more

This is a sample of the code

@Path("/somepath")
public class MyClass {
    
    @GET
    @Path("/uuid/{UUID}")
    @Produces(MediaType.APPLICATION_JSON)
    public Response getInfo(@PathParam("UUID") String uuid) {
       try {
          // request processing goes here
       } catch (Exception e){
          // URISyntaxException can't be handled here.
       }
    }
}
Solution

  • That stack occurs in 19.0.0.10, but should be fixed in more recent versions - the fix was made in the 19.0.0.11-12 timeframe, so if you can upgrade to a version of 20.0.0.1 or above, that should resolve this issue.