RFR: 8272758: Improve HttpServer to avoid partial file name matches while mapping request path to context path [v2]
Daniel Fuchs
dfuchs at openjdk.org
Thu Jan 29 15:02:42 UTC 2026
On Wed, 21 Jan 2026 12:21:42 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:
>> Currently `HttpServer` allows matching a request path `/foobar` to context path `/foo`. Replace this surprising behaviour with a safer approach by requiring exact *path prefix matches*.
>>
>>
>> | Request path
>> Context +------+-------+----------+---------
>> path | /foo | /foo/ | /foo/bar | /foobar
>> ---------+------+-------+----------+---------
>> / | Y | Y | Y | Y
>> /foo/ | N | Y | Y | N
>
> Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:
>
> Add property to switch between prefix matching schemes
src/jdk.httpserver/share/classes/module-info.java line 110:
> 108: *
> 109: * The path matching scheme used to route requests to context handlers.
> 110: * Following list of values are allowed by this property.</p>
Suggestion:
* The property can be configured with one of the following values:</p>
src/jdk.httpserver/share/classes/module-info.java line 120:
> 118: * but not {@code /foobar}.</dd>
> 119: * <dt>{@code stringPrefix}</dt>
> 120: * <dd>Request path string must begin with the context path string. For
Suggestion:
* <dd>The request path string must begin with the context path string. For
test/jdk/com/sun/net/httpserver/ContextPathMatcherPathPrefixTest.java line 52:
> 50:
> 51: /*
> 52: * @test id=withProperty
Suggestion:
* @test id=withPathPrefix
test/jdk/com/sun/net/httpserver/ContextPathMatcherPathPrefixTest.java line 72:
> 70: * ${test.main.class}
> 71: */
> 72:
Could we simply have another test comment to test with `-Dsun.net.httpserver.pathMatcher=stringPrefix` instead of having a separate test class?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29264#discussion_r2742049052
PR Review Comment: https://git.openjdk.org/jdk/pull/29264#discussion_r2742053310
PR Review Comment: https://git.openjdk.org/jdk/pull/29264#discussion_r2742059613
PR Review Comment: https://git.openjdk.org/jdk/pull/29264#discussion_r2742064650
More information about the net-dev
mailing list