Fix server errors for invalid If-None-Match request headers

bclozel · bclozel · commit 798d8668a486 · 2016-08-26T15:33:02.000+02:00
HttpEntityMethodProcessor should not throw IllegalArgumentExceptions for
invalid If-None-Match headers.

For those cases, this commit makes sure that both
`HttpEntityMethodProcessor` and `ServletWebRequest` have a consistent
behavior and stop processing the request as conditional and leave the
handler handle it.

Issue: SPR-14559
diff --git a/spring-web/src/test/java/org/springframework/web/context/request/ServletWebRequestHttpMethodsTests.java b/spring-web/src/test/java/org/springframework/web/context/request/ServletWebRequestHttpMethodsTests.java
@@ -99,6 +99,15 @@ public void checkNotModifiedInvalidStatus() {
 		assertEquals(dateFormat.format(epochTime), servletResponse.getHeader("Last-Modified"));
 	}
 
+	@Test // SPR-14559
+	public void checkNotModifiedInvalidIfNoneMatchHeader() {
+		String eTag = "\"etagvalue\"";
+		servletRequest.addHeader("If-None-Match", "missingquotes");
+		assertFalse(request.checkNotModified(eTag));
+		assertEquals(200, servletResponse.getStatus());
+		assertEquals(eTag, servletResponse.getHeader("ETag"));
+	}
+
 	@Test
 	public void checkNotModifiedHeaderAlreadySet() {
 		long epochTime = currentDate.getTime();
diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/HttpEntityMethodProcessor.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/HttpEntityMethodProcessor.java
@@ -223,24 +223,28 @@ private List<String> getVaryRequestHeadersToAdd(HttpHeaders responseHeaders, Htt
 	}
 
 	private boolean isResourceNotModified(ServletServerHttpRequest inputMessage, ServletServerHttpResponse outputMessage) {
-		List<String> ifNoneMatch = inputMessage.getHeaders().getIfNoneMatch();
-		long ifModifiedSince = inputMessage.getHeaders().getIfModifiedSince();
-		String eTag = addEtagPadding(outputMessage.getHeaders().getETag());
-		long lastModified = outputMessage.getHeaders().getLastModified();
 		boolean notModified = false;
-
-		if (!ifNoneMatch.isEmpty() && (inputMessage.getHeaders().containsKey(HttpHeaders.IF_UNMODIFIED_SINCE)
-				|| inputMessage.getHeaders().containsKey(HttpHeaders.IF_MATCH))) {
-			// invalid conditional request, do not process
-		}
-		else if (lastModified != -1 && StringUtils.hasLength(eTag)) {
-			notModified = isETagNotModified(ifNoneMatch, eTag) && isTimeStampNotModified(ifModifiedSince, lastModified);
-		}
-		else if (lastModified != -1) {
-			notModified = isTimeStampNotModified(ifModifiedSince, lastModified);
+		try {
+			long ifModifiedSince = inputMessage.getHeaders().getIfModifiedSince();
+			String eTag = addEtagPadding(outputMessage.getHeaders().getETag());
+			long lastModified = outputMessage.getHeaders().getLastModified();
+			List<String> ifNoneMatch = inputMessage.getHeaders().getIfNoneMatch();
+			if (!ifNoneMatch.isEmpty() && (inputMessage.getHeaders().containsKey(HttpHeaders.IF_UNMODIFIED_SINCE)
+					|| inputMessage.getHeaders().containsKey(HttpHeaders.IF_MATCH))) {
+				// invalid conditional request, do not process
+			}
+			else if (lastModified != -1 && StringUtils.hasLength(eTag)) {
+				notModified = isETagNotModified(ifNoneMatch, eTag) && isTimeStampNotModified(ifModifiedSince, lastModified);
+			}
+			else if (lastModified != -1) {
+				notModified = isTimeStampNotModified(ifModifiedSince, lastModified);
+			}
+			else if (StringUtils.hasLength(eTag)) {
+				notModified = isETagNotModified(ifNoneMatch, eTag);
+			}
 		}
-		else if (StringUtils.hasLength(eTag)) {
-			notModified = isETagNotModified(ifNoneMatch, eTag);
+		catch (IllegalArgumentException exc) {
+			// invalid conditional request, do not process
 		}
 		return notModified;
 	}
diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/HttpEntityMethodProcessorMockTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/HttpEntityMethodProcessorMockTests.java
@@ -379,6 +379,21 @@ public void handleReturnValueEtag() throws Exception {
 		assertEquals(etagValue, servletResponse.getHeader(HttpHeaders.ETAG));
 	}
 
+	@Test // SPR-14559
+	public void handleReturnValueEtagInvalidIfNoneMatch() throws Exception {
+		String etagValue = "\"deadb33f8badf00d\"";
+		servletRequest.addHeader(HttpHeaders.IF_NONE_MATCH, "unquoted");
+		HttpHeaders responseHeaders = new HttpHeaders();
+		responseHeaders.set(HttpHeaders.ETAG, etagValue);
+		ResponseEntity<String> returnValue = new ResponseEntity<>("body", responseHeaders, HttpStatus.OK);
+
+		initStringMessageConversion(MediaType.TEXT_PLAIN);
+		processor.handleReturnValue(returnValue, returnTypeResponseEntity, mavContainer, webRequest);
+
+		assertTrue(mavContainer.isRequestHandled());
+		assertEquals(HttpStatus.OK.value(), servletResponse.getStatus());
+	}
+
 	@Test
 	public void handleReturnValueETagAndLastModified() throws Exception {
 		long currentTime = new Date().getTime();
