骆驼http4和url编码的密码被解释为单独的参数 [英] Camel http4 and url-encoded passwords being interpreted as separate arguments
问题描述
我们有一个Apache Camel(2.13.2)应用程序,它使用http4与Web服务器进行通信,并使用NTLM进行身份验证.
We've got an Apache Camel (2.13.2) app that uses http4 to communicate with a webserver, using NTLM for auth.
端点定义为(伪):
...
.to("http4://thegreat.server.com/uri?authUsername=" + user + "&authPassword=" + pass
+ "&authenticationPreemptive=true&authMethod=NTLM&authDomain=DOMAIN&authHost=host")
.to("otherEndpoint");
只要pass
变量包含非特殊"字符,此方法就可以很好地工作.
This works well as long as the pass
variable contains "non-special" chars.
但是,如果pass
包含例如"abcd&def"
,则Camel会按需要解释和号作为查询参数分隔符.
However, if the pass
contains for example "abcd&def"
- Camel will intepret the ampersand as a query parameter separator, as it should.
但是对&符号(即"abcd%26def"
)进行url编码完全没有区别吗?
But url encoding the ampersand (i.e "abcd%26def"
) makes no difference at all?
最后,骆驼使用截断的密码调用端点"http://thegreat.server.com/uri?authMethod=NTLM&def="
.
We still end up with Camel invoking the endpoint "http://thegreat.server.com/uri?authMethod=NTLM&def="
, with a truncated password.
我们是否错过了一些明显的东西,还是这种看起来像是错误?
Is there something obvious we're missing out on, or does this kind of look like a bug?
谢谢.
推荐答案
请参阅Camel文档如何配置端点uris
See the Camel documentation how to configure endpoint uris
其中有一部分涉及密码,例如,您应使用RAW()语法.
There is a section that covers about passwords, eg you should use the RAW() syntax.
那会是一个类似的东西
.to("http4://thegreat.server.com/uri?authUsername=" + user + "&authPassword=RAW(" + pass
+ ")&authenticationPreemptive=true&authMethod=NTLM&authDomain=DOMAIN&authHost=host")
.to("otherEndpoint");
这篇关于骆驼http4和url编码的密码被解释为单独的参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!