SpringBoot整合升级Spring Security 报错【The request was rejected because the URL was not normalized】...

2024-05-14 14:03:59

前言

最近LZ给项目框架升级，从Spring1.x升级到Spring2.x, 在这里就不多赘述两个版本之间的区别以及升级的原因。

关于升级过程中踩的坑，在其他博文中会做比较详细的记录，以便给读者参考，不要掉进同样的坑里。这里我们讨论一个关于URL中包含双斜杠被拦截的问题。

发现问题

升级框架之后，测试一个功能时，发现报错Http 500，第一时间怀疑是后台功能报错。打印后台错误日志，发现报错信息：The request was rejected because the URL was not normalized。

之后与升级前相同环境对比发现，相同的功能，升级之后，URL中包含双斜杠。

分析问题

经过对比不同和错误信息，初步定位问题出在URL上。查询资料得知，Spring Security 在高版本中增加了StrictHttpFirewall类，对URL校验更加严格。于是查看源码：

private static boolean isNormalized(String path) {if (path == null) {return true;} else if (path.indexOf("//") > -1) {return false;} else {int i;for(int j = path.length(); j > 0; j = i) {i = path.lastIndexOf(47, j - 1);int gap = j - i;if (gap == 2 && path.charAt(i + 1) == '.') {return false;}if (gap == 3 && path.charAt(i + 1) == '.' && path.charAt(i + 2) == '.') {return false;}}return true;}
}

解决问题

方法一：修改项目中出现“//”双斜杠的URL路径，哈哈

方法二：自定义FireWall方式允许URL出现双斜杠“//”

参考:Spring 5.0.3 RequestRejectedException: The request was rejected because the URL was not normalized

https://stackoverflow.com/questions/48453980/spring-5-0-3-requestrejectedexception-the-request-was-rejected-because-the-url/49116274

创建允许在URL中使用斜线的自定义防火墙。

@Bean
public HttpFirewall allowUrlEncodedSlashHttpFirewall() {StrictHttpFirewall firewall = new StrictHttpFirewall();firewall.setAllowUrlEncodedSlash(true);    return firewall;
}

2.在WebSecurity中配置这个bean。

@Override
public void configure(WebSecurity web) throws Exception {//@formatter:offsuper.configure(web);web.httpFirewall(allowUrlEncodedSlashHttpFirewall());
....
}

至此，问题解决。

转载于:https://www.cnblogs.com/lanxuan826/p/10997641.html

SpringBoot整合升级Spring Security 报错【The request was rejected because the URL was not normalized】...相关推荐

security工作笔记006---oauth2(spring security)报错method_not_allowed(Request method 'GET' not supported)解决
JAVA技术交流QQ群:170933152 最近做智慧城市项目,太恶心了...各种不会,个人负责权限验证中心服务,...唉,慢慢研究吧.. 报错信息 <MethodNotAllowed> ...
SpringBoot【The request was rejected because the URL was not normalized】
SpringBoot整合ng-alain时报错如下: org.springframework.security.web.firewall.RequestRejectedException: The r ...
SpringBoot 提示：RequestRejectedException:The request was rejected because the URL was not normalized.
今天遇到一个问题:本地磁盘通过SpringMVC 资源映射成URL地址可以访问的资源,提示如下错误信息: RequestRejectedException:The request was reject ...
feign接口调用服务上传图片报错 the request was rejected because no multipart boundary was found
在用postman 请求这个调用接口的时候,报了the request was rejected because no multipart boundary was found 1.首先检查是否导入了 ...
解决高版本SpringBoot整合swagger时启动报错：Failed to start bean ‘documentationPluginsBootstrapper‘ 问题
一.控制台的报错信息 2021-12-29 15:15:04 [main] ERROR org.springframework.boot.SpringApplication - Application ...
SpringBoot整合es7.x启动报错:Rejecting mapping update to [AAA] as the final mapping would have more than 1
因为es6.x以后调整一个index只能有一个type,官方默认在所有的index自动加了一个_doc的type,所以当我们不指定或者指定不为_doc的type时,会报这个错误,解决方案: @Docu ...
Spring MVC报错:The request sent by the client was syntactically incorrect ()
springmvc数据绑定是一个很好的东西,在数据绑定的时候一定要主意Controller方法中的参数名和jsp页面里的参数名字是否一致或者按照绑定的规范来写,如果不一致,可能会报如下错误: The ...
整合rocketmq/stream-rocketmq启动报错channel.AbstractMessageChannel问题
springboot整合rocketmq/stream-rocketmq启动报错 spring boot.springcloud.springcloud alibaba项目整合rocketmq时.一启 ...
启动Spring项目报错，Springboot启动报错 Disconnected from the target VM 解决过程
启动Spring项目报错,Springboot启动报错 Disconnected from the target VM 解决过程大概率是缺少了一下依赖 <dependency><g ...

最新文章

热门文章