zoukankan      html  css  js  c++  java
  • Tomcat9报错 The valid characters are defined in RFC 7230 and RFC 3986

    tomcat8项目移到tomcat9,出现如下问题

    HTTP Status 400 – Bad Request


    Type Exception Report

    Message Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

    Description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

    Exception

    java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
    	org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:467)
    	org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:294)
    	org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    	org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
    	org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
    	org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    	java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    	java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    	org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    	java.lang.Thread.run(Thread.java:748)

    url实际请求地址:/systemSet/userR7Role/roleManageShow?jiaosId=52&f_jsmc=ITSS问题审核

    经过抓包,url请求地址如下

    ie如下:

    /systemSet/userR7Role/roleManageShow?jiaosId=50&f_jsmc=ITSS351227256351242230347224263350257267

    chrome如下:

    /systemSet/userR7Role/roleManageShow?jiaosId=52&f_jsmc=ITSS%E9%97%AE%E9%A2%98%E5%AE%A1%E6%A0%B8

    只要用js对url进行编码即可,解决方法

    /systemSet/userR7Role/roleManageShow?jiaosId=52&f_jsmc=encodeURIComponent('ITSS问题审核')

    后来在网上查资料,说tomcat8.0.53以后,对url的检查就比较严格了。根据笔者工作来说,一部分原因可能是为了防止同url方式跨站(CRSF)、XSS以及sql注入。

  • 相关阅读:
    电商总结(二)日志与监控系统的解决方案
    倾力推荐,哪一本让你想要加入书单
    电商总结(一)小型电商网站的架构
    聊一聊如何提升团队开发效率
    Nancy总结(三)Nancy资料介绍
    【推荐】2016年不得不读的九本好书
    Solr学习总结(七)Solr搜索引擎的整体架构
    再见 2015,你好 2016
    Solr学习总结(六)SolrNet的高级用法(复杂查询,分页,高亮,Facet查询)
    Solr学习总结(五)SolrNet的基本用法及CURD
  • 原文地址:https://www.cnblogs.com/passedbylove/p/10106567.html
Copyright © 2011-2022 走看看