Java servlet sendRequest - getParameter encoding Problem

Question

I'm building a web app for my lesson using java servlets. At some point i want to redirect to a jsp page, sending also some info that want to use there (using the GET method). In my servlet i have the following code:

String link = new String("index.jsp?name="+metadata.getName()+"&title="+metadata.getTitle());

response.sendRedirect(response.encodeRedirectURL(link));

In the jsp, I get these parameters using

<%
request.getParameter("name");
request.getParameter("title");
%>

Everything works fine, except when the parameters do not contain only latin characters (in my case they can contain greek characters). For example if name=ΕΡΕΥΝΑΣ i get name=¡¥. How can i fix this encoding problem (setting it to UTF-8)? Isn't encodeRedirectURL() doing this job? Should I also use encodeURL() at some point? I tried the last one but problem still existed.

Thanks in advance :)

score 8 · Accepted Answer · edited May 23 '17 at 12:00

8

The HttpServletResponse#encodeRedirectURL() does not URL-encode the URL. It only appends the jsessionid attribute to the URL whenever there's a session and the client has cookies disabled. Admittedly, it's a confusing method name.

You need to encode the request parameters with help of URLEncoder#encode() yourself during composing the URL.

String charset = "UTF-8";
String link = String.format("index.jsp?name=%s&title=%s", 
    URLEncoder.encode(metadata.getName(), charset), 
    URLEncoder.encode(metadata.getTitle(), charset));

response.sendRedirect(response.encodeRedirectURL(link));

And create a filter which is mapped on /* and does basically the following in doFilter() method:

request.setCharacterEncoding("UTF-8");
chain.doFilter(request, response);

And add the following to top of your JSP:

<%@ page pageEncoding="UTF-8" %>

Finally you'll be able to display them as follows:

<p>Name: ${param.name}</p>
<p>Title: ${param.title}</p>

@Will: I've rolled back your suggested edit. The `pageEncoding="UTF-8"` not only sets the response encoding (which is mandatory in order to display params correctly), but it also **implicitly** sets the encoding in the `Content-Type` header. You don't need to set it explicitly as well by `contentType`. Read the link. – BalusC Feb 23 '11 at 22:10
Thank you for bothering with my question. I tried to understand how the filters work and follow your suggestions, but i'm get some exceptions. I'm gonna continue work tomorrow again, and i'll come back with some feedback. – CdB Feb 23 '11 at 22:29
Strange - I am using `${username}` in my jspS and `response.sendRedirect(PROJECT_SERVLET + "?name=" + project.getName());` in my controller - where username and project name are greek - and the only thing I needed to do is set the `URIEncoding="UTF-8"` in the Context tag of (tomcat's 7) server.xml to get the urls go through right (they _were_ displayed right by the browser but they didn't go through to the server right). I am using the `@page` and the filter _but do I need to use `URLEncoder.encode` and `String.format`_ ? – Mr_and_Mrs_D Oct 06 '12 at 16:44
1

@Mr_ URLEncoder is mandatory when special characters are been used in query strings. – BalusC Oct 06 '12 at 23:43
Thanks - [been looking at it all day](http://stackoverflow.com/a/12763865/281545) :) – Mr_and_Mrs_D Oct 06 '12 at 23:59
1

@Mr_ You're welcome. String.format is just for convenience. I find it better readable than `"..." + ... + "..." + ... + "..."`. It's not mandatory for the functional requirement. – BalusC Oct 07 '12 at 00:00
Thanks again - yes - the real question was about the need to use the `URLEncoder.encode` - so now it is clear that it is not needed for utf chars (as the tomcat setting is all that's needed) but of course needed _when special characters are been used in query strings_. That being said why rely on the server.xml ? - better _after all_ to use the `URLEncoder.encode` and be prepared to [be surprised when decoding](http://stackoverflow.com/a/12764532/281545). It is clear now :) – Mr_and_Mrs_D Oct 07 '12 at 00:08
@Mr_: URLEncoder encodes them during creating the URL which the client has to request, server.xml decodes them during parsing the URL which the client has requested. So both definitely needs to be "in sync". – BalusC Oct 07 '12 at 00:10

score 1 · Answer 2 · answered Feb 23 '11 at 21:27

1

Use the java.net.URLEncoder to encode each parameter before adding them to the url. Think about it this way: if your name contained a "&", how would you know that this was not a parameter delimiter?

answered Feb 23 '11 at 21:27

sstendal

3,148
17
22

Thanks for replying sstendal. I have tried this, but the result is the same. Maybe it needs something more – CdB Feb 23 '11 at 22:05

score 0 · Answer 3 · answered Feb 23 '11 at 21:23

0

You should encode every request parameter with URLEncoder.encode() before putting it into the query string .

The encodeRedirectURL method is only used to include the session ID into the URL if necessary (URL rewriting if no cookie support by the browser)

answered Feb 23 '11 at 21:23

JB Nizet

678,734
91
1,224
1,255

Will · Answer 4 · 2011-02-24T20:07:59.917

How about the following instead?

Set the name and title as attributes on the request object;
Get a request dispatcher for the JSP from the request object or via the servlet context;
Use the request dispatcher to forward the request to the JSP;
Access these attributes in the request from the JSP.

This saves redirecting the browser from the first servlet to the JSP derived servlet and avoids the whole parameter encoding issue entirely.

Also ensure the JSP page directive sets the content encoding to UTF-8.

Java servlet sendRequest - getParameter encoding Problem

4 Answers4

See also: