URL encoding using the new Spring UriComponentsBuilder

spring

I'm attempting to use spring's UriComponentsBuilder to generate some urls for oauth interaction. The query parameters include such entities as callback urls and parameter values with spaces in them.

Attempting to use UriComponentBuilder (because UriUtils is now deprecated)

UriComponentsBuilder urlBuilder = UriComponentsBuilder.fromHttpUrl(oauthURL);
urlBuilder.queryParam("client_id", clientId);
urlBuilder.queryParam("redirect_uri", redirectURI);
urlBuilder.queryParam("scope", "test1 test2");

String url = urlBuilder.build(false).encode().toUriString();

Unfortunately, while the space in the scope parameter is successfully replaced with '+', the redirect_uri parameter is not at all url encoded.

E.g, 

redirect_uri=https://oauth2-login-demo.appspot.com/code

should have ended up

redirect_uri=https%3A%2F%2Foauth2-login-demo.appspot.com%2Fcode

but was untouched. Diving into the code, specifically org.springframework.web.util.HierarchicalUriComponents.Type.QUERY_PARAM.isAllowed(c) :

if ('=' == c || '+' == c || '&' == c) {
  return false;
}
else {
  return isPchar(c) || '/' == c || '?' == c;
}

clearly allows ':' and '/' characters, which by gum, it shouldn't. It must be doing some other type of encoding, though for the life of me, I can't imagine what. Am I barking up the wrong tree(s) here?

Thanks


UriComponentsBuilder is encoding your URI in accordance with RFC 3986, with section 3.4 about the 'query' component of a URI being of particular note.

Within the 'query' component, the characters '/' and ':' are permitted, and do not need escaping.

To take the '/' character for example: the 'query' component (which is clearly delimited by unescaped '?' and (optionally) '#' characters), is not hierarchical and the '/' character has no special meaning. So it doesn't need encoding.


from what I understand, UriComponentsBuilder doesn't encode the query parameters automatically, just the original HttpUrl it's instantiated with. In other words, you still have to explicitly encode:

String redirectURI= "https://oauth2-login-demo.appspot.com/code";
urlBuilder.queryParam("redirect_uri", URLEncoder.encode(redirectURI,"UTF-8" ));

Related

How can I get a ListView GridViewColumn to fill the remaining space in my grid?
escape dictionary key double quotes when doing println dictionary item in Swift
setup.py: restrict the allowable version of the python interpreter
How do I include a php.ini file in another php.ini file?
Increase PHP Script Execution Time [duplicate]
PowerShell - get process ID of called application
Flatten array with objects into 1 object
Best equivalent for IsInteger in SQL Server
Insert HTML code inside SVG Text element
Implementation of standard recycling rules
Relinking an anonymous (unlinked but open) file
Is it reasonable to assume my visitors have javascript enabled?