6.18.1 Overview of URI decode functionality
The URI decode functionality is used for decoding the URL-encoded strings included in the servlet path of request URIs and in the additional path information of Application Server. However, the context path is not decoded.
To execute a Web application that does not use decoded URIs, you must not use the URI decode functionality or you must manage at the Web application machine.
The following is the description of "Servlet APIs affected when URI decode functionality is used", "Functionality using decoded strings", "Character code used for decoding", and "Execution procedure for decoding and normalizing character strings":
- Organization of this subsection
(1) Servlet APIs affected when using the URI decode functionality
For using the URI decode functionality, a decoded URI is considered as a return value in the following methods of the javax.servlet.http.HttpServletRequest interface:
-
getPathInfo method
-
getPathTranslated method
-
getServletPath method
However, in the getRequestURI and getRequestURL methods, a non-decoded URL is considered as a return value.
(2) Functionality using decoded strings
For using the URI decode functionality, the decoded strings are used in the following processes:
-
Matching with URL pattern of servlets and JSPs
-
Matching with default mapping
-
Matching with static contents
-
Matching with URL pattern of filter
-
Matching with the <error-page> tag of web.xml or with the errPage attribute of the page directive of JSPs
-
Matching with URL pattern for restricting access
-
Determining URL for login authentication
-
Forward and include request
-
Matching with URL pattern for HTTP response compression filter
-
Matching with URL pattern to control the number of concurrently executed threads in the URL group
However, the context path is not decoded and is handled as the original string, so the value "404 Not Found" is considered as a return value, when the context path does not match with the context root.
The matching for the decoded character string is not performed in the following functionality of Application Server:
-
Error page customization functionality of the in-process HTTP server
-
Request distribution functionality by redirecting the in-process HTTP server
(3) Character code used for decoding
For using the URI decode functionality, the character code used for decoding is UTF-8.
(4) Execution procedure for decoding and normalizing character strings
URLs used in the matching processes after decoding are normalized in the request URIs sent from clients.