Tomcat 8无法处理带有"|"的获取请求在查询参数? [英] Tomcat 8 is not able to handle get request with '|' in query parameters?
问题描述
我正在使用Tomcat8.在一种情况下,我需要处理来自外部源的外部请求,其中外部请求的参数由|分隔.
I am using Tomcat 8. In one case I need to handle external request coming from external source where the request has a parameters where it is separated by |.
请求看起来像这样:
http://localhost:8080/app/handleResponse?msg=name|id|
在这种情况下,我得到以下错误.
In this case I am getting following error.
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:467)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:667)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
编辑1
它适用于Apache Tomcat 8.0.30,但不适用于Tomcat 8.5
It works with Apache Tomcat 8.0.30 but not with Tomcat 8.5
推荐答案
在所有主要的Tomcat版本中都引入了此行为:
This behavior is introduced in all major Tomcat releases:
- Tomcat 7.0.73 , 8.0.39 , 8.5.7
要解决此问题,请执行以下一项操作:
To fix, do one of the following:
- 设置
relaxedQueryChars以允许该字符 (建议,请参阅林肯的答案) - 设置
requestTargetAllow选项 (在Tomcat 8.5中已弃用)(请参阅杰里米的答案). - 您可以降级到较旧的版本之一(不建议-安全)
- set
relaxedQueryCharsto allow this character (recommended, see Lincoln's answer) - set
requestTargetAllowoption (deprecated in Tomcat 8.5) (see Jérémie's answer). - you can downgrade to one of older versions (not recommended - security)
基于更改日志,这些更改可能会影响此行为:
Based on changelog, those changes could affect this behavior:
Tomcat 8.5.3:
Tomcat 8.5.3:
确保使用非令牌的HTTP方法名称的请求(RFC 7231要求)以400响应被拒绝
Ensure that requests with HTTP method names that are not tokens (as required by RFC 7231) are rejected with a 400 response
Tomcat 8.5.7:
Tomcat 8.5.7:
将其他对有效字符的检查添加到HTTP请求行解析中,以便更快地拒绝无效的请求行.
Add additional checks for valid characters to the HTTP request line parsing so invalid request lines are rejected sooner.
最好的选择(遵循标准)-您要在客户端上对URL进行编码:
The best option (following the standard) - you want to encode your URL on client:
encodeURI("http://localhost:8080/app/handleResponse?msg=name|id|")
> http://localhost:8080/app/handleResponse?msg=name%7Cid%7C
或仅查询字符串:
encodeURIComponent("msg=name|id|")
> msg%3Dname%7Cid%7C
它将保护您免受其他有问题的字符(无效的URI字符列表).
It will secure you from other problematic characters (list of invalid URI characters).
这篇关于Tomcat 8无法处理带有"|"的获取请求在查询参数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
