The request was rejected because the URL contained a potentially malicious String “//“
报错详情
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String “//”
at org.springframework.security.web.firewall.StrictHttpFirewall.rejectedBlacklistedUrls(StrictHttpFirewall.java:369)
at org.springframework.security.web.firewall.StrictHttpFirewall.getFirewalledRequest(StrictHttpFirewall.java:336)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:194)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:108)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:747)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocolConnectionHandler.process(AbstractProtocol.java:860)atorg.apache.tomcat.util.net.NioEndpointConnectionHandler.process(AbstractProtocol.java:860) at org.apache.tomcat.util.net.NioEndpointConnectionHandler.process(AbstractProtocol.java:860)atorg.apache.tomcat.util.net.NioEndpointSocketProcessor.doRun(NioEndpoint.java:1591)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutorWorker.run(ThreadPoolExecutor.java:624)atorg.apache.tomcat.util.threads.TaskThreadWorker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThreadWorker.run(ThreadPoolExecutor.java:624)atorg.apache.tomcat.util.threads.TaskThreadWrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
报错原因
- 报错原因很简单,多了个
/
。场景如下图所示。
解决方案
把多余的
/
去掉就好了。但我疑惑的是为什么php就可以,java报错了,后来查到是
Spring Security
拦截了。源代码在
StrictHttpFirewall#setAllowUrlEncodedDoubleSlash
。
这个类里面其他的方法应该也和特殊字符有关(如setAllowBackSlash、setAllowUrlEncodedPercent等)。
重新注入
StrictHttpFirewall
对象,就可以让它支持//
的模式。
/*** 配置地址栏不能识别 // 的情况* @return*/@Beanpublic HttpFirewall allowUrlEncodedSlashHttpFirewall() {StrictHttpFirewall firewall = new StrictHttpFirewall();//此处可添加别的规则,目前只设置 允许双 //firewall.setAllowUrlEncodedDoubleSlash(true);return firewall;}
- 这样就能成功了,结果如下图所示。
The request was rejected because the URL contained a potentially malicious String “//“相关推荐
- The request was rejected because the URL contained a potentially malicious String “;“问题的正确解决姿势
问题的复盘 首先这个问题出现的时机是,当用户访问特定的连接(如http://localhost/index)时没有权限,被重定向到登录页面http://localhost/login.为了登录成功后再 ...
- The request was rejected because the URL contained a potentially malicious String “%2e“
日志出现: [http-nio-80-exec-3] ERROR o.a.c.c.C.[.[localhost].[/].[dispatcherServlet] - Servlet.service() ...
- The request was rejected because the URL contained a potentially malicious String “//“ 报错
控制台报错 请求将被拒绝,因为URL字符串包含一个潜在的恶意"/ /" The request was rejected because the URL contained a p ...
- SpringSecurity:request was rejected because the URL contained a potentially malicious String “//“
问题描述 项目发布时候,权限校验发生了问题,登录接口报错'用户未授权',其实就是登录接口也被拦截器拦掉了,本地是没有问题的,估计是代理的问题,查看服务器日志如下: org.springframewor ...
- The request was rejected because the URL contained a potentially malicious String ;报错解决
报错信息 浏览器中看到的报错 错误摘要: The request was rejected because the URL contained a potentially malicious Stri ...
- springboot学习(七十一)解决问题:the URL contained a potentially malicious String “;“
访问某个请求报错: org.springframework.security.web.firewall.RequestRejectedException: The request was reject ...
- the URL contained a potentially malicious String “//“
这个问题是因为前端的请求url后面多加了一个斜杠,把后面的斜杠删了就行, 正确的: 错误的:
- web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentia
spring security 自带url 校验失败 因为请求的url不合法,但是对接方又不能修改,只能平台适配 org.springframework.security.web.firewall.R ...
- SpringBoot整合升级Spring Security 报错 【The request was rejected because the URL was not normalized】...
前言 最近LZ给项目框架升级, 从Spring1.x升级到Spring2.x, 在这里就不多赘述两个版本之间的区别以及升级的原因. 关于升级过程中踩的坑,在其他博文中会做比较详细的记录,以便给读者参考 ...
最新文章
- 手把手教你怎样免费注冊国际顶级域名
- 50本.NTE、C#相关技术书籍免费下载
- Luogu P1108 低价购买 DP
- 串口通信寄存器/库函数配置、实例编写
- myeclipse连接mysql怎么调用_myeclipse连接mysql数据库详细步骤
- 在安卓中对应用进行单元测试
- python写的代码怎么发给别人_用python 代码 怎么给别人发邮件的两种写法
- LTE网络架构 学习整理
- 频谱图 与傅立叶变换
- 吸引子传播(Affinity Propagation)算法
- 第1.5 章 elasticsearch备份过程记录
- 你的程序员是在努力工作还是在偷懒?
- 【bzoj1050】[HAOI2006]旅行comf
- 门店如何利用会员系统软件做精细化运营管理
- 《自适应机器人交互白皮书》
- 使用Wamp在win7上搭WEB服务器
- CSS布局之——左边、上边固定,内容自适应(Vue)
- 总结篇:消息中间件MQ的学习境界和路线
- p56 p57 p58
- 记一次Windows10 home版文件共享步骤及问题处理