characters are defined in RFC 7230 and RFC 3986

background

The company uses spring boot, and the latest built-in version of tomcat has been upgraded from 7 to 8.5. It finds that the request parameter has {,}, [,] and other characters, and reports the following errors.

java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
    at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:467)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:667)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

Reason

A new feature added to Tomcat's new version is access parsing in strict accordance with the RFC 3986 specification, which defines that only English letters (a-zA-Z), numbers (0-9), -. ~4 special characters and all reserved characters are allowed in Url (the following characters are specified in RFC 3986 as reserved characters: * (); @ &= +$, /?# []).

Solution

  • The request sent by the client is processed by url encode coding. encodeURIComponent("msg=name|id |"), but every relevant request needs to be changed.
  • Reduce tomcat version to 7.0.
  • Modify the configuration of tomcat.
  1. If the tomcat version is after 7.0.76, 8.0.42, 8.5.12, (I'm not sure about this version, I'm studying it.)
    Add in the catalina.properties file:
tomcat.util.http.parser.HttpParser.requestTargetAllow=|{}
  1. Alternatively, the parameter tomcat.util.http.parser.HttpParser.requestTargetAllow is deprecated since Tomcat 8.5, and should be relaxed QueryChars/relaxed PathChars. I also succeeded in this way.
//springboot version is 1.5.x
@Component
public class PortalTomcatWebServerCustomizer implements EmbeddedServletContainerCustomizer {

    @Override
    public void customize(ConfigurableEmbeddedServletContainer container) {
        if(container instanceof TomcatEmbeddedServletContainerFactory) {
            TomcatEmbeddedServletContainerFactory containerFactory = (TomcatEmbeddedServletContainerFactory) container;
            containerFactory.addConnectorCustomizers(new TomcatConnectorCustomizer() {
                @Override
                public void customize(Connector connector) {
                    connector.setAttribute("relaxedQueryChars", "[]|{}^\`"<>");
                    connector.setAttribute("relaxedPathChars", "[]|");
                }
            });
        }
    }
}

Tags: Java Tomcat Apache Spring

Posted on Mon, 04 Feb 2019 03:15:17 -0500 by brandye71

Hot Tags

©2023 Programmer Help