What's the Difference Between Getrequesturi and Getpathinfo Methods in Httpservletrequest

What's the difference between getRequestURI and getPathInfo methods in HttpServletRequest?

getPathInfo() gives the extra path information after the URI, used to access your Servlet, where as getRequestURI() gives the complete URI.

I would have thought they would be different, given a Servlet must be configured with its own URI pattern in the first place; I don't think I've ever served a Servlet from root (/).

For example if Servlet 'Foo' is mapped to URI '/foo' then I would have thought the URI:

/foo/path/to/resource

Would result in:

RequestURI = /foo/path/to/resource

and

PathInfo = /path/to/resource

How to get request URI without context path?

If you're inside a front contoller servlet which is mapped on a prefix pattern such as /foo/*, then you can just use HttpServletRequest#getPathInfo().

String pathInfo = request.getPathInfo();
// ...

Assuming that the servlet in your example is mapped on /secure/*, then this will return /users which would be the information of sole interest inside a typical front controller servlet.

If the servlet is however mapped on a suffix pattern such as *.foo (your URL examples however does not indicate that this is the case), or when you're actually inside a filter (when the to-be-invoked servlet is not necessarily determined yet, so getPathInfo() could return null), then your best bet is to substring the request URI yourself based on the context path's length using the usual String method:

HttpServletRequest request = (HttpServletRequest) req;
String path = request.getRequestURI().substring(request.getContextPath().length());
// ...

HttpServletRequest to complete URL

The HttpServletRequest has the following methods:

• getRequestURL() - returns the part of the full URL before query string separator character ?
• getQueryString() - returns the part of the full URL after query string separator character ?

So, to get the full URL, just do:

public static String getFullURL(HttpServletRequest request) {
    StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString());
    String queryString = request.getQueryString();

    if (queryString == null) {
        return requestURL.toString();
    } else {
        return requestURL.append('?').append(queryString).toString();
    }
}

Get beautified URL from HttpServletRequest

When the servlet based URL rewrite engine uses under the covers RequestDispatcher#forward() to forward an incoming friendly-URL request to the desired resource, then you can use request.getAttribute(RequestDispatcher.FORWARD_REQUEST_URI) to find out the original request URI.

String originalRequestURI = request.getAttribute(RequestDispatcher.FORWARD_REQUEST_URI);

As you're already using OmniFaces, you can use Servlets#getRequestURI() to automatically detect it and return it when present, else fall back to the default HttpServletRequest#getRequestURI().

String requestURI = Servlets.getRequestURI(request);

Java Reading Undecoded URL from Servlet

There is a fundamental difference between '%2F' and '/', both for the browser and the server.

The HttpServletRequest specification says (without any logic, AFAICT):

• getContextPath: not decoded
• getPathInfo: decoded
• getPathTranslated: not decoded
• getQueryString: not decoded
• getRequestURI: not decoded
• getServletPath: decoded

The result of getPathInfo() should be decoded, but the result of getRequestURI() must not be decoded. If it is, your Servlet container is breaking the spec (as Wouter Coekaerts and Francois Gravel correctly pointed out). Which Tomcat version are you running?

Making matters even more confusing, current Tomcat versions reject paths that contain encodings of certain special characters, for security reasons.

Getting unescaped servlet path from a HttpRequest object

Have a look at HttpServletRequest's getRequestURI() and getRequestURL() methods.

If you need to remove context and servlet mappings, look at getContextPath() and getServletPath().

getRequestURI issue in getting the request from the user

If I correctly understand, your css and js files are relative to the servlet path (/register) which is uncommon. If they were directly at the root of your web application, you won't have this problem. You header should then be :

<head>
        <title>Health Center</title>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <link href="/css/style.css" rel="stylesheet" type="text/css" />
        <script type="text/javascript" src="/js/jquery-1.3.2.min.js"></script>
        <script type="text/javascript" src="/js/script.js"></script>
        <script type="text/javascript" src="/js/cufon-yui.js"></script>
        <script type="text/javascript" src="/js/arial.js"></script>
        <script type="text/javascript" src="/js/cuf_run.js"></script>
</head>

If it is acceptable in your app, only first line INFO: /register/family would be intercepted by your servlet, because the others won't start with /register.

HttpServletRequest getRequestURI in SpringBoot

These should already be blocked as they contain path traversal. They are not valid request.

Curl is modifying them before sending to spring just like browser does. You could use --path-as-is flag to instruct curl to send the url as is.

Something like

curl --path-as-is localhost:7080/./

Once you do this you should get internal server error with the RequestedRejectedException.

There is open jira to change this to 400 by default - https://github.com/spring-projects/spring-security/issues/7568

---

Related Topics