Description John Vasta 2020-06-29 13:15:30 EDT

Created attachment 283433 [details]
servlet illustrating behavior of empty-valued parameters

In an application that is deployed in a JEE servlet container using the Equinox bridge servlet, an incoming request URI with an empty-valued query parameter (e.g. "?param=") results in two values returned by HttpServletRequest#getParameterMap, one with the value being an empty string (which is correct), and one with a null value (which is incorrect). According to the JEE servlet specifications, a null value is only returned for parameters that do not exist at all in the request URI query string. If a parameter name is followed by an equals sign but no value, the parameter value is the empty string.

This breaks our applications significantly, because we have services with required parameters where a single parameter instance is required, but the value is allowed to be empty. When our code gets a null value, that means the parameter was not specified by the client, which is an error.

I'm adding a zip of a servlet project illustrating the problem; it can be deployed as an embedded Equinox application. (It is a variant of the example I attached to bug 562843).

It appears this defect was surfaced by the fix for bug 500783. The actual problem is in the DispatchTargets#queryStringToParameterMap method - it is returning null for empty-valued parameters. Then the DispatchTargets#getParameterMap method merges those values with the values from the incoming request's getParameterMap result (which contains the correct empty string value), resulting in two values for the same parameter, one being null.