骆驼http4和url编码的密码被解释为单独的参数 [英] Camel http4 and url-encoded passwords being interpreted as separate arguments

问题描述

我们有一个Apache Camel(2.13.2)应用程序，它使用http4与Web服务器进行通信，并使用NTLM进行身份验证.

We've got an Apache Camel (2.13.2) app that uses http4 to communicate with a webserver, using NTLM for auth.

端点定义为(伪):

...
.to("http4://thegreat.server.com/uri?authUsername=" + user + "&authPassword=" + pass 
   + "&authenticationPreemptive=true&authMethod=NTLM&authDomain=DOMAIN&authHost=host")
.to("otherEndpoint");

只要pass变量包含非特殊"字符，此方法就可以很好地工作.

This works well as long as the pass variable contains "non-special" chars.

但是，如果pass包含例如"abcd&def"，则Camel会按需要解释和号作为查询参数分隔符.

However, if the pass contains for example "abcd&def" - Camel will intepret the ampersand as a query parameter separator, as it should.

但是对&符号(即"abcd%26def")进行url编码完全没有区别吗?

But url encoding the ampersand (i.e "abcd%26def") makes no difference at all?

最后，骆驼使用截断的密码调用端点"http://thegreat.server.com/uri?authMethod=NTLM&def=".

We still end up with Camel invoking the endpoint "http://thegreat.server.com/uri?authMethod=NTLM&def=", with a truncated password.

我们是否错过了一些明显的东西，还是这种看起来像是错误?

Is there something obvious we're missing out on, or does this kind of look like a bug?

谢谢.

推荐答案

请参阅Camel文档如何配置端点uris

See the Camel documentation how to configure endpoint uris

• http://camel.apache.org/how-do- i-configure-endpoints.html

其中有一部分涉及密码，例如，您应使用RAW()语法.

There is a section that covers about passwords, eg you should use the RAW() syntax.

那会是一个类似的东西

.to("http4://thegreat.server.com/uri?authUsername=" + user + "&authPassword=RAW(" + pass 
   + ")&authenticationPreemptive=true&authMethod=NTLM&authDomain=DOMAIN&authHost=host")
.to("otherEndpoint");

这篇关于骆驼http4和url编码的密码被解释为单独的参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！