JERSEY-2890 Regression - relative URI resolution

Change-Id: I1664dc8a76e4ae650714f597f928e4940db4b4ea

Author: Adam Lindenthal

core-server/src/main/java/org/glassfish/jersey/server/ServerProperties.java

@@ -709,6 +709,28 @@ public final class ServerProperties {
     public static final String SUBRESOURCE_LOCATOR_CACHE_JERSEY_RESOURCE_ENABLED =
             "jersey.config.server.subresource.cache.jersey.resource.enabled";
 
+    /**
+     * If {@code true} then Jersey will resolve relative URIs in the {@code Location} http header against the
+     * request URI according to RFC7231 (new HTTP Specification).
+     *
+     * <p>
+     * This behaviour violates the JAX-RS 2.0 specification (which dates older than RFC7231).
+     * If {@link #LOCATION_HEADER_RELATIVE_URI_RESOLUTION_DISABLED} is set to {@code true}, value of this property is not taken
+     * into account.
+     * </p>
+     *
+     * <p>
+     * The default value is {@code false} (JAX-RS 2.0 compliant).
+     * </p>
+     * <p>
+     * The name of the configuration property is <tt>{@value}</tt>.
+     * </p>
+     *
+     * @since 2.22.1
+     */
+    public static final String LOCATION_HEADER_RELATIVE_URI_RESOLUTION_RFC7231 =
+            "jersey.config.server.headers.location.relative.resolution.rfc7231";
+
     /**
      * If {@code true} then Jersey will not attempt to resolve relative URIs in the {@code Location} http header against the
      * request URI.

core-server/src/main/java/org/glassfish/jersey/server/ServerRuntime.java

@@ -148,7 +148,10 @@ public class ServerRuntime {
 
     private final boolean processResponseErrors;
 
+    /** Do not resolve relative URIs in the {@code Location} header */
     private final boolean disableLocationHeaderRelativeUriResolution;
+    /** Resolve relative URIs according to RFC7231 (not JAX-RS 2.0 compliant */
+    private final boolean rfc7231LocationHeaderRelativeUriResolution;
 
     /*package */ static final ExternalRequestScope<Object> NOOP_EXTERNAL_REQ_SCOPE = new ExternalRequestScope<Object>() {
 
@@ -254,6 +257,10 @@ private ServerRuntime(final Stage<RequestProcessingContext> requestProcessingRoo
         this.disableLocationHeaderRelativeUriResolution = ServerProperties.getValue(configuration.getProperties(),
                 ServerProperties.LOCATION_HEADER_RELATIVE_URI_RESOLUTION_DISABLED,
                 Boolean.FALSE, Boolean.class);
+
+        this.rfc7231LocationHeaderRelativeUriResolution = ServerProperties.getValue(configuration.getProperties(),
+                ServerProperties.LOCATION_HEADER_RELATIVE_URI_RESOLUTION_RFC7231,
+                Boolean.FALSE, Boolean.class);
     }
 
     /**
@@ -302,7 +309,9 @@ public void run() {
                     // set base URI into response builder thread-local variable
                     // for later resolving of relative location URIs
                     if (!disableLocationHeaderRelativeUriResolution) {
-                        OutboundJaxrsResponse.Builder.setBaseUri(request.getRequestUri());
+                        final URI uriToUse =
+                                rfc7231LocationHeaderRelativeUriResolution ? request.getRequestUri() : request.getBaseUri();
+                        OutboundJaxrsResponse.Builder.setBaseUri(uriToUse);
                     }
 
                     final Ref<Endpoint> endpointRef = Refs.emptyRef();
@@ -350,14 +359,17 @@ ScheduledExecutorService getBackgroundScheduler() {
      * @param location location URI; value of the HTTP {@value HttpHeaders#LOCATION} response header.
      * @param headers  mutable map of response headers.
      * @param request  container request.
+     * @param incompatible if set to {@code true}, uri will be resolved against the request uri, not the base uri;
+     *                     this is correct against RFC7231, but does violate the JAX-RS 2.0 specs
      */
     private static void ensureAbsolute(final URI location, final MultivaluedMap<String, Object> headers,
-                                       final ContainerRequest request) {
+                                       final ContainerRequest request, final boolean incompatible) {
         if (location == null || location.isAbsolute()) {
             return;
         }
         // according to RFC7231 (HTTP/1.1), this field can contain one single URI reference
-        headers.putSingle(HttpHeaders.LOCATION, request.getRequestUri().resolve(location));
+        final URI uri = incompatible ? request.getRequestUri() : request.getBaseUri();
+        headers.putSingle(HttpHeaders.LOCATION, uri.resolve(location));
     }
 
     private static class AsyncResponderHolder implements Value<AsyncContext> {
@@ -466,7 +478,8 @@ public void process(final Throwable throwable) {
                     try {
                         response = convertResponse(exceptionResponse);
                         if (!runtime.disableLocationHeaderRelativeUriResolution) {
-                            ensureAbsolute(response.getLocation(), response.getHeaders(), request);
+                            ensureAbsolute(response.getLocation(), response.getHeaders(), request,
+                                    runtime.rfc7231LocationHeaderRelativeUriResolution);
                         }
                         processingContext.monitoringEventBuilder().setContainerResponse(response)
                                 .setResponseSuccessfullyMapped(true);
@@ -659,7 +672,8 @@ private ContainerResponse writeResponse(final ContainerResponse response) {
             final ContainerResponseWriter writer = request.getResponseWriter();
 
             if (!runtime.disableLocationHeaderRelativeUriResolution) {
-                ServerRuntime.ensureAbsolute(response.getLocation(), response.getHeaders(), response.getRequestContext());
+                ServerRuntime.ensureAbsolute(response.getLocation(), response.getHeaders(), response.getRequestContext(),
+                        runtime.rfc7231LocationHeaderRelativeUriResolution);
             }
 
             if (!response.hasEntity()) {
@@ -682,7 +696,7 @@ private ContainerResponse writeResponse(final ContainerResponse response) {
                     public OutputStream getOutputStream(final int contentLength) throws IOException {
                         if (!runtime.disableLocationHeaderRelativeUriResolution) {
                             ServerRuntime.ensureAbsolute(response.getLocation(), response.getHeaders(),
-                                    response.getRequestContext());
+                                    response.getRequestContext(), runtime.rfc7231LocationHeaderRelativeUriResolution);
                         }
                         final OutputStream outputStream = writer.writeResponseStatusAndHeaders(contentLength, response);
                         return isHead ? null : outputStream;
@@ -914,7 +928,8 @@ public void run() {
                                 (response instanceof Response) ? (Response) response : Response.ok(response).build();
                         if (!responder.runtime.disableLocationHeaderRelativeUriResolution) {
                             ServerRuntime.ensureAbsolute(jaxrsResponse.getLocation(), jaxrsResponse.getHeaders(),
-                                    responder.processingContext.request());
+                                    responder.processingContext.request(),
+                                    responder.runtime.rfc7231LocationHeaderRelativeUriResolution);
                         }
                         responder.process(new ContainerResponse(responder.processingContext.request(), jaxrsResponse));
                     } catch (final Throwable t) {

docs/src/main/docbook/jersey.ent

@@ -497,6 +497,7 @@
 <!ENTITY jersey.server.ServerProperties.WADL_FEATURE_DISABLE "<link xlink:href='&jersey.javadoc.uri.prefix;/server/ServerProperties.html#WADL_FEATURE_DISABLE'>ServerProperties.WADL_FEATURE_DISABLE</link>" >
 <!ENTITY jersey.server.ServerProperties.WADL_GENERATOR_CONFIG "<link xlink:href='&jersey.javadoc.uri.prefix;/server/ServerProperties.html#WADL_GENERATOR_CONFIG'>ServerProperties.WADL_GENERATOR_CONFIG</link>" >
 <!ENTITY jersey.server.ServerProperties.LOCATION_HEADER_RELATIVE_URI_RESOLUTION_DISABLED "<link xlink:href='&jersey.javadoc.uri.prefix;/server/ServerProperties.html#LOCATION_HEADER_RELATIVE_URI_RESOLUTION_DISABLED'>ServerProperties.LOCATION_HEADER_RELATIVE_URI_RESOLUTION_DISABLED</link>" >
+<!ENTITY jersey.server.ServerProperties.LOCATION_HEADER_RELATIVE_URI_RESOLUTION_RFC7231 "<link xlink:href='&jersey.javadoc.uri.prefix;/server/ServerProperties.html#LOCATION_HEADER_RELATIVE_URI_RESOLUTION_RFC7231'>ServerProperties.LOCATION_HEADER_RELATIVE_URI_RESOLUTION_RFC7231</link>" >
 <!ENTITY jersey.server.Uri "<link xlink:href='&jersey.javadoc.uri.prefix;/server/Uri.html'>Uri</link>">
 <!ENTITY jersey.server.UriConnegFilter "<link xlink:href='&jersey.javadoc.uri.prefix;/server/filter/UriConnegFilter.html'>UriConnegFilter</link>">
 <!ENTITY jersey.server.WadlFeature "<link xlink:href='&jersey.javadoc.uri.prefix;/server/wadl/WadlFeature.html'>WadlFeature</link>">

docs/src/main/docbook/migration.xml

@@ -78,6 +78,26 @@
         </section>
     </section>
 
+    <section xml:id="mig-2.22.1">
+        <title>Migrating from Jersey 2.22 to 2.22.1</title>
+        <section xml:id="mig-2.22.1-breaking-changes">
+            <title>Breaking Changes</title>
+            <para>
+                Last version contained a change in relative URI resolution in the location header. Even though the change
+                was fixing the discrepancy between the real behaviour and RFC7231, it also caused JAX-RS spec incompatibility
+                in some cases. Furthermore, there was no way to preserve backwards compatibility.
+            </para>
+            <para>
+                Therefore, the default behaviour was rollbacked and a new configuration property was introduced to switch
+                to the RFC7231 compliant
+                behaviour: &jersey.server.ServerProperties.LOCATION_HEADER_RELATIVE_URI_RESOLUTION_RFC7231;. Also,
+                the possibility to switch the URI resolution completely off remains with the
+                &jersey.server.ServerProperties.LOCATION_HEADER_RELATIVE_URI_RESOLUTION_DISABLED; disabled switch. Both
+                properties are false by default.
+            </para>
+        </section>
+    </section>
+
     <section xml:id="mig-2.22">
         <title>Migrating from Jersey 2.21 to 2.22</title>
         <section xml:id="mig-2.22-breaking-changes">

examples/server-sent-events/src/main/java/org/glassfish/jersey/examples/sse/DomainResource.java

@@ -80,7 +80,7 @@ public Response post(@DefaultValue("0") @QueryParam("testSources") int testSourc
 
         Executors.newSingleThreadExecutor().execute(process);
 
-        final URI processIdUri = UriBuilder.fromUri("process/{id}").build(process.getId());
+        final URI processIdUri = UriBuilder.fromResource(DomainResource.class).path("process/{id}").build(process.getId());
         return Response.created(processIdUri).build();
     }