ajax - Ajaxical redirect using query-string parameters -

redirecting using following partial response (inside servlet filter). attempt redirect target resource, when user logs in.

private void redirect(httpservletrequest request, httpservletresponse response, string redirecturl) throws ioexception {     if ("partial/ajax".equals(request.getheader("faces-request"))) {         response.setcontenttype("text/xml");         response.setcharacterencoding("utf-8");         response.getwriter()                 .append("<?xml version=\"1.0\" encoding=\"utf-8\"?>")                 .printf("<partial-response><redirect url=\"%s\"></redirect></partial-response>", redirecturl);     } else {         response.sendredirect(response.encoderedirecturl(redirecturl));     } } 

request / response headers :

general      request url:https://localhost:8443/contextroot/utility/login     request method:post     status code:302 found     remote address:127.0.0.1:8443  response headers      cache-control:no-cache, no-store, must-revalidate     connection:keep-alive     content-length:0     date:thu, 17 mar 2016 11:12:58 gmt     expires:thu, 01 jan 1970 00:00:00 gmt     location:https://localhost:8443/contextroot/admin/home.xhtml     pragma:no-cache     server:wildfly/10     x-powered-by:undertow/1  request headers      accept:application/xml, text/xml, */*; q=0.01     accept-encoding:gzip, deflate     accept-language:en-us,en;q=0.8     connection:keep-alive     content-length:256     content-type:application/x-www-form-urlencoded; charset=utf-8     cookie:jsessionid=0a-fkcnyfwx_cu30m5fzuusrq4g-qbhqhvojrncu.om-f6b0ea3ad206; __utma=111872281.616526714.1454485589.1454485589.1454485589.1; __utmz=111872281.1454485589.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)     faces-request:partial/ajax     host:localhost:8443     origin:https://localhost:8443     referer:https://localhost:8443/contextroot/admin/ratingdetails?product=10&id=2     user-agent:mozilla/5.0 (windows nt 5.1) applewebkit/537.36 (khtml, gecko) chrome/49.0.2623.87 safari/537.36     x-requested-with:xmlhttprequest  form data      view url encoded     javax.faces.partial.ajax:true     javax.faces.source:login     javax.faces.partial.execute:loginform     javax.faces.partial.render:loginform     login:login     loginform:loginform     username:admin     password:admin     javax.faces.viewstate:-5804174403308424993:4075605247268615317 

as can seen, response status code "302 found" redirect target resource not happen.

the culprit & in query-string :

https://localhost:8443/contextroot/admin/ratingdetails?product=10&id=2 

the following single query-string parameter works fine:

https://localhost:8443/contextroot/admin/ratingdetails?product=10 

there parse error :

<partial-response>     <parsererror style="display: block; white-space: pre; border: 2px solid #c77; padding: 0 1em 0 1em; margin: 1em; background-color: #fdd; color: black">         <h3>this page contains following errors:</h3>         <div style="font-family:monospace;font-size:12px">error on line 1 @ column 118: entityref: expecting ';'         </div>         <h3>below rendering of page first error.</h3>     </parsererror> </partial-response> 

response.encodeurl(redirecturl) or response.encoderedirecturl(redirecturl) in case not either.

any suggestion?

error on line 1 @ column 118: entityref: expecting ';'

the & special character in xml representing start of entity, supposed end ; character, e.g. <,  , etc. explains part of error message.

however, you're using character query string parameter separator without entity reference name , end character ;. hence, xml parser fall on it.

escaping & & should solve it. redirect url has end in format:

https://localhost:8443/contextroot/admin/ratingdetails?product=10&id=2 

the encodeurl()/encoderedirecturl() serves different purpose explained in in context of java servlet difference between url rewriting , forwarding?

see also:

• the entity name must follow '&' in entity reference