Uploaded image for project: 'Kogito'
  1. Kogito
  2. KOGITO-3996

RFC 3986 section 3.3 non compliant character at the process id produces wrong URL

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • None
    • Runtime Tooling
    • None
    • False
    • False
    • Undefined
    • ---
    • ---

      In current kogito tooling 0.8.0 it's being permitted to use NON "RFC 3986 section 3.3" characters for setting the ProcessId. In the image below we can see that is possible to define a process with the given id "CreateClientáü"

      From a "theoretical" point of view this shouldn't be a problem, or said in other words it's a matter of a definition we can take.

      However, when the kogito runtimes infrastructure generates the corresponding REST endpoints, the following paths are generated.

      @Path("/CreateClientáü")
      @javax.enterprise.context.ApplicationScoped()
      public class CreateClientáüResource {
      ...
      
          @GET
          @Path("/{id}/tasks")
          @Produces(MediaType.APPLICATION_JSON)
          public List<WorkItem> getTasks_CreateClientáü(@PathParam("id") String id, @QueryParam("user") final String user, @QueryParam("group") final List<String> groups) {
          }
      }
      

      etc.

      This is at a first glance not an issue and the characters "áü" present in the @Path are permitted from the point of view of the JAX-RS spec.
      However, this characters are automatically escaped to the "%" version in terms of the generated/required URL for accessing the REST endpoint

      Which means that for accessing a REST endpoint like the one defined above the escaped URL format must be used, for example:

      http://localhost:8080/CreateClient%C3%A1%C3%BC?businessKey=MyBusinessKey
      

      However along the road the following endpoint is constructed by the data-index.

       "endpoint": "http://myapplication.cloud.com:8280/CreateClientáü/82abec00-e33e-48e2-9fd9-b49e3335b9f9/CompleteInfo/f05cca07-3fa7-47ac-87ec-43412ceb4709
      

      See that "CreateClientáü" is used as part of the URL.

      By doing a quick debugging I could see that the cloud event emitted by the runtime carries this information:

      "source":"http://myapplication.cloud.com:8280/CreateClientáü"
      

      The issue is basically that the URL generated by the data-index doesn't work.

      (Aside note here is that when we play with the SwaggerUI it's still possible to create for example a process instance such definition, ut if we use this URL e.g. in Postman it won't work, etc.)

      For a matter of consistency I believe the following actions should be taken:

      1) the "source" emitted by the runtime should be in the escaped form:

      http://localhost:8080/CreateClient%C3%A1%C3%BC
      

      2) It might be worth to take a look at the data index level if any other escaping might be needed.

      3) additionally Iv'e could see that the TaskId permitted characters are properly checked at the Stunner level, see screenshot bellow:

      So maybe it make sense to incorporate this check at Stunner for the ProcessId too.

              cnicolai@redhat.com Cristiano Nicolai (Inactive)
              wmedvede@redhat.com Walter Medvedeo
              Barbora Kapustova Barbora Kapustova
              Barbora Kapustova Barbora Kapustova
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: