Fix empty URLs handling in ResourceUrlEncodingFilter

bclozel · bclozel · commit 51c941ca11e3 · 2015-05-13T14:38:54.000+02:00
Prior to this commit, the ResourceUrlEncodingFilter would fail with a
StringIndexOutOfBoundsException when:

* the current request has a servlet context
* the URL to encode is relative and is shorter than the context value

This change defensively checks for those lengths and delegates to the
parent implementation if necessary.

Issue: SPR-13018
diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/ResourceUrlEncodingFilter.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/ResourceUrlEncodingFilter.java
@@ -73,10 +73,15 @@ public String encodeURL(String url) {
 				return super.encodeURL(url);
 			}
 			initIndexLookupPath(resourceUrlProvider);
-			String prefix = url.substring(0, this.indexLookupPath);
-			String lookupPath = url.substring(this.indexLookupPath);
-			lookupPath = resourceUrlProvider.getForLookupPath(lookupPath);
-			return (lookupPath != null ? super.encodeURL(prefix + lookupPath) : super.encodeURL(url));
+			if(url.length() >= this.indexLookupPath) {
+				String prefix = url.substring(0, this.indexLookupPath);
+				String lookupPath = url.substring(this.indexLookupPath);
+				lookupPath = resourceUrlProvider.getForLookupPath(lookupPath);
+				if (lookupPath != null) {
+					return super.encodeURL(prefix + lookupPath);
+				}
+			}
+			return super.encodeURL(url);
 		}
 
 		private ResourceUrlProvider getResourceUrlProvider() {
diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/resource/ResourceUrlEncodingFilterTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/resource/ResourceUrlEncodingFilterTests.java
@@ -89,6 +89,23 @@ public void doFilter(ServletRequest request, ServletResponse response) throws IO
 		});
 	}
 
+	// SPR-13018
+	@Test
+	public void encodeEmptyURLWithContext() throws Exception {
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/context/foo");
+		request.setContextPath("/context");
+		request.setAttribute(ResourceUrlProviderExposingInterceptor.RESOURCE_URL_PROVIDER_ATTR, this.resourceUrlProvider);
+		MockHttpServletResponse response = new MockHttpServletResponse();
+
+		this.filter.doFilterInternal(request, response, new FilterChain() {
+			@Override
+			public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
+				String result = ((HttpServletResponse)response).encodeURL("?foo=1");
+				assertEquals("?foo=1", result);
+			}
+		});
+	}
+
 	protected ResourceUrlProvider createResourceUrlProvider(List<ResourceResolver> resolvers) {
 		ResourceHttpRequestHandler handler = new ResourceHttpRequestHandler();
 		handler.setLocations(Arrays.asList(new ClassPathResource("test/", getClass())));
