new class HttpURLPermission
Andreas Rieber
rieberandreas at gmail.com
Mon Jul 1 01:57:29 PDT 2013
Hi,
i just had a look at the new HttpURLPermission and there might be an
issue in normalizeMethods(). It throws only IllegalArgumentException for
SP and HT, there are a few more illegal characters. Other than that the
method is case-sensitiv. Also the used wild-card '*' is a valid method.
Not a bid deal as it is documented.
-Andreas
Here the related parts from RFC 2616
5.1.1 Method
The Method token indicates the method to be performed on the
resource identified by the Request-URI. The method is case-sensitive.
Method = "OPTIONS" ; Section 9.2
| "GET" ; Section 9.3
| "HEAD" ; Section 9.4
| "POST" ; Section 9.5
| "PUT" ; Section 9.6
| "DELETE" ; Section 9.7
| "TRACE" ; Section 9.8
| "CONNECT" ; Section 9.9
| extension-method
extension-method = token
2.2 Basic Rules
...
CHAR = <any US-ASCII character (octets 0 - 127)>
...
CTL = <any US-ASCII control character
(octets 0 - 31) and DEL (127)>
SP = <US-ASCII SP, space (32)>
HT = <US-ASCII HT, horizontal-tab (9)>
...
token = 1*<any CHAR except CTLs or separators>
separators = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
So a token is:
!#$%&'*+-.0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ^_`abcdefghijklmnopqrstuvwxyz|~
or shorter (grouped digit and alpha):
!#$%&'*+-.[0-9][A-Z]^_`[a-z]|~
More information about the net-dev
mailing list