报错详情

org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String “//”
at org.springframework.security.web.firewall.StrictHttpFirewall.rejectedBlacklistedUrls(StrictHttpFirewall.java:369)
at org.springframework.security.web.firewall.StrictHttpFirewall.getFirewalledRequest(StrictHttpFirewall.java:336)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:194)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:108)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:747)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocolConnectionHandler.process(AbstractProtocol.java:860)atorg.apache.tomcat.util.net.NioEndpointConnectionHandler.process(AbstractProtocol.java:860) at org.apache.tomcat.util.net.NioEndpointConnectionHandler.process(AbstractProtocol.java:860)atorg.apache.tomcat.util.net.NioEndpointSocketProcessor.doRun(NioEndpoint.java:1591)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutorWorker.run(ThreadPoolExecutor.java:624)atorg.apache.tomcat.util.threads.TaskThreadWorker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThreadWorker.run(ThreadPoolExecutor.java:624)atorg.apache.tomcat.util.threads.TaskThreadWrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)

报错原因

  • 报错原因很简单,多了个/。场景如下图所示。

解决方案

  • 把多余的/去掉就好了。

  • 但我疑惑的是为什么php就可以,java报错了,后来查到是Spring Security拦截了。

  • 源代码在StrictHttpFirewall#setAllowUrlEncodedDoubleSlash

  • 这个类里面其他的方法应该也和特殊字符有关(如setAllowBackSlash、setAllowUrlEncodedPercent等)。

  • 重新注入StrictHttpFirewall对象,就可以让它支持//的模式。

    /*** 配置地址栏不能识别 // 的情况* @return*/@Beanpublic HttpFirewall allowUrlEncodedSlashHttpFirewall() {StrictHttpFirewall firewall = new StrictHttpFirewall();//此处可添加别的规则,目前只设置 允许双 //firewall.setAllowUrlEncodedDoubleSlash(true);return firewall;}
  • 这样就能成功了,结果如下图所示。

The request was rejected because the URL contained a potentially malicious String “//“相关推荐

  1. The request was rejected because the URL contained a potentially malicious String “;“问题的正确解决姿势

    问题的复盘 首先这个问题出现的时机是,当用户访问特定的连接(如http://localhost/index)时没有权限,被重定向到登录页面http://localhost/login.为了登录成功后再 ...

  2. The request was rejected because the URL contained a potentially malicious String “%2e“

    日志出现: [http-nio-80-exec-3] ERROR o.a.c.c.C.[.[localhost].[/].[dispatcherServlet] - Servlet.service() ...

  3. The request was rejected because the URL contained a potentially malicious String “//“ 报错

    控制台报错 请求将被拒绝,因为URL字符串包含一个潜在的恶意"/ /" The request was rejected because the URL contained a p ...

  4. SpringSecurity:request was rejected because the URL contained a potentially malicious String “//“

    问题描述 项目发布时候,权限校验发生了问题,登录接口报错'用户未授权',其实就是登录接口也被拦截器拦掉了,本地是没有问题的,估计是代理的问题,查看服务器日志如下: org.springframewor ...

  5. The request was rejected because the URL contained a potentially malicious String ;报错解决

    报错信息 浏览器中看到的报错 错误摘要: The request was rejected because the URL contained a potentially malicious Stri ...

  6. springboot学习(七十一)解决问题:the URL contained a potentially malicious String “;“

    访问某个请求报错: org.springframework.security.web.firewall.RequestRejectedException: The request was reject ...

  7. the URL contained a potentially malicious String “//“

    这个问题是因为前端的请求url后面多加了一个斜杠,把后面的斜杠删了就行, 正确的: 错误的:

  8. web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentia

    spring security 自带url 校验失败 因为请求的url不合法,但是对接方又不能修改,只能平台适配 org.springframework.security.web.firewall.R ...

  9. SpringBoot整合升级Spring Security 报错 【The request was rejected because the URL was not normalized】...

    前言 最近LZ给项目框架升级, 从Spring1.x升级到Spring2.x, 在这里就不多赘述两个版本之间的区别以及升级的原因. 关于升级过程中踩的坑,在其他博文中会做比较详细的记录,以便给读者参考 ...

最新文章

  1. 手把手教你怎样免费注冊国际顶级域名
  2. 50本.NTE、C#相关技术书籍免费下载
  3. Luogu P1108 低价购买 DP
  4. 串口通信寄存器/库函数配置、实例编写
  5. myeclipse连接mysql怎么调用_myeclipse连接mysql数据库详细步骤
  6. 在安卓中对应用进行单元测试
  7. python写的代码怎么发给别人_用python 代码 怎么给别人发邮件的两种写法
  8. LTE网络架构 学习整理
  9. 频谱图 与傅立叶变换
  10. 吸引子传播(Affinity Propagation)算法
  11. 第1.5 章 elasticsearch备份过程记录
  12. 你的程序员是在努力工作还是在偷懒?
  13. 【bzoj1050】[HAOI2006]旅行comf
  14. 门店如何利用会员系统软件做精细化运营管理
  15. 《自适应机器人交互白皮书》
  16. 使用Wamp在win7上搭WEB服务器
  17. CSS布局之——左边、上边固定,内容自适应(Vue)
  18. 总结篇:消息中间件MQ的学习境界和路线
  19. p56 p57 p58
  20. 记一次Windows10 home版文件共享步骤及问题处理

热门文章

  1. dell r730服务器系统安装后,无法进入系统
  2. 浏览器输入url后发生的变化
  3. R语言实现 朴素贝叶斯分类
  4. win2003系统服务器搭建,最新版WIN2003系统服务器环境搭建教程.doc
  5. git文件没有绿色红色小图标解决办法
  6. 金蝶显示云服务器已离线,金蝶云服务器已离线是什么情况
  7. oracle异构迁移mysql方案实施(含原理)——已迁移成功
  8. 计算机更改显卡,为你解答笔记本电脑怎么更换显卡
  9. css表格nth左对齐,使用CSS nth-child选择单个表格单元格
  10. 从模拟切换到真实业务接管,看zCloud如何助力银行灾备演练升级