骆驼 http4 和 url 编码的密码被解释为单独的参数 [英] Camel http4 and url-encoded passwords being interpreted as separate arguments

查看：25 发布时间：2021/11/11 22:58:07 url apache-camel ntlm

本文介绍了骆驼 http4 和 url 编码的密码被解释为单独的参数的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我们有一个 Apache Camel (2.13.2) 应用程序，它使用 http4 与网络服务器通信，使用 NTLM 进行身份验证.

端点定义为(伪):

<预><代码>....to("http4://thegreat.server.com/uri?authUsername=" + user + "&authPassword=" + pass+ "&authenticationPreemptive=true&authMethod=NTLM&authDomain=DOMAIN&authHost=host").to("otherEndpoint");

只要 pass 变量包含非特殊"字符，这就会很好地工作.

但是，如果 pass 包含例如 "abcd&def" - Camel 会将 & 符号解释为查询参数分隔符，这是应该的.

但是 url 编码&符号(即 "abcd%26def")根本没有区别?

我们最终仍然使用 Camel 调用端点 "http://thegreat.server.com/uri?authMethod=NTLM&def="，并使用截断的密码.

是不是我们遗漏了一些明显的东西，或者这种看起来像一个错误?

谢谢.

解决方案

查看 Camel 文档如何配置端点 uri

http://camel.apache.org/how-do-i-configure-endpoints.html

有一节介绍了密码，例如您应该使用 RAW() 语法.

所以它会有点像

.to("http4://thegreat.server.com/uri?authUsername=" + user + "&authPassword=RAW(" + pass+ ")&authenticationPreemptive=true&authMethod=NTLM&authDomain=DOMAIN&authHost=host").to("otherEndpoint");

We've got an Apache Camel (2.13.2) app that uses http4 to communicate with a webserver, using NTLM for auth.

The endpoint is defined as (pseudo):

...
.to("http4://thegreat.server.com/uri?authUsername=" + user + "&authPassword=" + pass 
   + "&authenticationPreemptive=true&authMethod=NTLM&authDomain=DOMAIN&authHost=host")
.to("otherEndpoint");

This works well as long as the pass variable contains "non-special" chars.

However, if the pass contains for example "abcd&def" - Camel will intepret the ampersand as a query parameter separator, as it should.

But url encoding the ampersand (i.e "abcd%26def") makes no difference at all?

We still end up with Camel invoking the endpoint "http://thegreat.server.com/uri?authMethod=NTLM&def=", with a truncated password.

Is there something obvious we're missing out on, or does this kind of look like a bug?

Thanks.

解决方案

See the Camel documentation how to configure endpoint uris

http://camel.apache.org/how-do-i-configure-endpoints.html

There is a section that covers about passwords, eg you should use the RAW() syntax.

So it would be something a like

.to("http4://thegreat.server.com/uri?authUsername=" + user + "&authPassword=RAW(" + pass 
   + ")&authenticationPreemptive=true&authMethod=NTLM&authDomain=DOMAIN&authHost=host")
.to("otherEndpoint");

这篇关于骆驼 http4 和 url 编码的密码被解释为单独的参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

骆驼 http4 和 url 编码的密码被解释为单独的参数 [英] Camel http4 and url-encoded passwords being interpreted as separate arguments

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

骆驼 http4 和 url 编码的密码被解释为单独的参数 [英] Camel http4 and url-encoded passwords being interpreted as separate arguments

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭