骆驼 http4 和 url 编码的密码被解释为单独的参数 [英] Camel http4 and url-encoded passwords being interpreted as separate arguments
问题描述
我们有一个 Apache Camel (2.13.2) 应用程序,它使用 http4 与网络服务器通信,使用 NTLM 进行身份验证.
端点定义为(伪):
<预><代码>....to("http4://thegreat.server.com/uri?authUsername=" + user + "&authPassword=" + pass+ "&authenticationPreemptive=true&authMethod=NTLM&authDomain=DOMAIN&authHost=host").to("otherEndpoint");只要 pass
变量包含非特殊"字符,这就会很好地工作.
但是,如果 pass
包含例如 "abcd&def"
- Camel 会将 & 符号解释为查询参数分隔符,这是应该的.
但是 url 编码&符号(即 "abcd%26def"
)根本没有区别?
我们最终仍然使用 Camel 调用端点 "http://thegreat.server.com/uri?authMethod=NTLM&def="
,并使用截断的密码.
是不是我们遗漏了一些明显的东西,或者这种看起来像一个错误?
谢谢.
查看 Camel 文档如何配置端点 uri
有一节介绍了密码,例如您应该使用 RAW() 语法.
所以它会有点像
.to("http4://thegreat.server.com/uri?authUsername=" + user + "&authPassword=RAW(" + pass+ ")&authenticationPreemptive=true&authMethod=NTLM&authDomain=DOMAIN&authHost=host").to("otherEndpoint");
We've got an Apache Camel (2.13.2) app that uses http4 to communicate with a webserver, using NTLM for auth.
The endpoint is defined as (pseudo):
...
.to("http4://thegreat.server.com/uri?authUsername=" + user + "&authPassword=" + pass
+ "&authenticationPreemptive=true&authMethod=NTLM&authDomain=DOMAIN&authHost=host")
.to("otherEndpoint");
This works well as long as the pass
variable contains "non-special" chars.
However, if the pass
contains for example "abcd&def"
- Camel will intepret the ampersand as a query parameter separator, as it should.
But url encoding the ampersand (i.e "abcd%26def"
) makes no difference at all?
We still end up with Camel invoking the endpoint "http://thegreat.server.com/uri?authMethod=NTLM&def="
, with a truncated password.
Is there something obvious we're missing out on, or does this kind of look like a bug?
Thanks.
See the Camel documentation how to configure endpoint uris
There is a section that covers about passwords, eg you should use the RAW() syntax.
So it would be something a like
.to("http4://thegreat.server.com/uri?authUsername=" + user + "&authPassword=RAW(" + pass
+ ")&authenticationPreemptive=true&authMethod=NTLM&authDomain=DOMAIN&authHost=host")
.to("otherEndpoint");
这篇关于骆驼 http4 和 url 编码的密码被解释为单独的参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!