The request was rejected because the URL was not normalized.问题探讨

最新推荐文章于 2024-08-16 14:24:43 发布
置顶 最新推荐文章于 2024-08-16 14:24:43 发布
阅读量2.1w 收藏
点赞数 1
分类专栏: PPMALL JAVA 文章标签: JAVA SPRING SECURITY SPRING BOOT
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/Akira_Rexlee/article/details/82416194
版权

今天在个人项目中尝试着整合spring security 进行权限管理,整合完成后在发起请求的时候控制台报了这样一个错误

[10:28:22.551][ERROR][o.a.c.c.C.[.[.[/].[dispatcherServlet]][http-nio-8090-exec-7] Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not normalized.
	at org.springframework.security.web.firewall.StrictHttpFirewall.getFirewalledRequest(StrictHttpFirewall.java:248)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:194)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1468)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Unknown Source)

看起来像是URL不正常,但是我的请求是没错的,也能正确得到返回结果,如图

后来发现原来并不是这次请求报错,是另外一个请求,那么我们在StrictHttpFirewall这个类的248行抛出的异常

at org.springframework.security.web.firewall.StrictHttpFirewall.getFirewalledRequest(StrictHttpFirewall.java:248)
if (!isNormalized(request)) {
    throw new RequestRejectedException("The request was rejected because the URL was not normalized."); // 248行
}

在这里看到是由于isNormalized(request)判断不通过所以导致的异常抛出我们定位到isNormalized方法里面

	private static boolean isNormalized(String path) {
		if (path == null) {
			return true;
		}

		if (path.indexOf("//") > -1) {
			return false;
		}

		for (int j = path.length(); j > 0;) {
			int i = path.lastIndexOf('/', j - 1);
			int gap = j - i;

			if (gap == 2 && path.charAt(i + 1) == '.') {
				// ".", "/./" or "/."
				return false;
			} else if (gap == 3 && path.charAt(i + 1) == '.' && path.charAt(i + 2) == '.') {
				return false;
			}

			j = i;
		}

		return true;
	}

我们各在return false打上断点,最后发现错误的是返回json里面的一段HTML的src标签

我猜测是在返回之后浏览器自动对html代码的src发起请求,于是乎就进来了本地服务器,然后,我改成用postman工具去发起请求就不会自动对图片资源进行请求了,但是要怎么改还不得而知了。

Akira_Rexlee
关注
专栏目录
idea上传代码到github时遇到的Push rejected: Push to origin/master was rejected
01-08
在使用IntelliJ IDEA(简称Idea)上传代码到GitHub时,可能会遇到“Push rejected: Push to origin/master was rejected”的错误。这个问题通常发生在你尝试将一个新的项目推送到一个已存在文件的GitHub仓库时。以下...
spring boot The request was rejected because the URL was not normalized
WGH100817的博客
06-19 270
升级spring boot 1.5.10.RELEASE 版本后,突然发现之前能Nginx代理能请求的地址抛如下异常: org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not norm...
Spring-Security处理请求的过程
weixin_42145727的博客
03-23 149
security框架对请求的过滤其实就是调用FilterChainProxy封装的过滤器链中的每个过滤器的doFilter()方法,然后回到tomcat的过滤器链路
报错: The request was rejected because the URL contained a potentially malicious String “//“
最新发布
比个帽的博客
08-16 1295
Spring Security 框架中提供了一个 HttpFirewall,这是一个请求防火墙,它可以自动处理掉一些非法请求,请求地址格式中不能包含;等字符或编码,必须是标准化 URL。如果希望请求地址中可以出现 %,在SpringSecurity中进行如下配置。
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because
Nostalgia____的博客
03-15 6711
org.springframework.security.web.firewall.RequestRejectedException
springsecurity 获取header中文乱码“The request was rejected because the header value “äº?é?ªé£?“ is no“问题解决
Maybe_9527的博客
08-08 7118
The request was rejected because the header value "äº?é?ªé£?" is not allowed问题解决
The request was rejected because the URL was not normalized.解决方案
热门推荐
hu10131013的博客
05-24 2万+
背景 在单点登录配置url的时候,访问一个url的时候会报如下的错误 2021-05-24 18:28:03.163 ERROR 17350 --- [nio-8082-exec-1] o.a.c.c.C.[.[.[.[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [/auth] threw exception org.springframework.
spring mail发送邮件报错:com.sun.mail.util.MailConnectException: Couldn't connect to host
乘风的博客
06-11 7794
使用spring mail发送邮件的时候报以下异常: 2019-06-11 15:35:11.746 [http-nio-8090-exec-4] INFO c.i.bbm.shiro.session.RedisShiroSessionRepository - session过期时间:3600000 2019-06-11 15:35:11.926 [http-nio-8090-exec-4] E...
does not exist.解决/root/.Xauthority does not exist
06-18
解决 /root/.Xauthority does not exist" 涉及到的是一个常见的 Linux 系统问题,通常在使用图形界面(如 X Window System)或通过 SSH 远程连接时遇到。这个问题指出,系统找不到 `/root/.Xauthority` 文件,这是...
使用Promise封装wx.request wx.setStorage封装,实现设置过期时间
05-11
Promise有三种状态:pending(等待中)、fulfilled(已完成)和rejected(已失败)。一旦状态改变,就不会再变,保证了异步操作的顺序执行。 2. **wx.request封装**:`wx.request`用于向服务器发起HTTP请求,返回的...
Git-2.37.1版本 windows64位
05-29
Git-2.37.1,windows64位用。好用的版本。
The request was rejected because the URL was not normalized
moyanxiaoq的博客
01-03 6125
背景问题 在升级security时报了一个错:The request was rejected because the URL was not normalized。 字面意思是:不是正规的URL请求被拒绝。 有可能是“/getUser”写成了“//getUser”等类似的不正规的url。 因为security升级后对url校验更加严格了,我这边是从4.2.3.RELEASE升级到4.2.9.RE...
请求地址时报错The request was rejected because the URL was not normalized
初心不改,事在人为
09-03 1508
原因:你访问的地址有误,我的错误是//应该为/
The request was rejected because the URL contained a potentially malicious String “//“ 报错
weixin_44635886的博客
08-04 1万+
请求将被拒绝,因为URL字符串包含一个潜在的恶意“/ /” The request was rejected because the URL contained a potentially malicious String “//“
The request was rejected because the URL contained a potentially malicious String “;“问题的正确解决姿势
码农小胖哥
05-12 2万+
问题的复盘 首先这个问题出现的时机是,当用户访问特定的连接(如http://localhost/index)时没有权限,被重定向到登录页面http://localhost/login。为了登录成功后再跳转到目标访问的页面http://localhost/index,Spring Security会在Cookie中存一个信息,标记一为一个jsessionid。重定向时Servlet容器,也就是tomcat之类的会把jsessionid编码到重定向url,也就是http://localhost/login;js
The request was rejected because the URL was not normalized.
cuiyaoqiang的博客
11-09 2252
注意:spring boot 1.5.10.RELEASE 版本后 ,类似ip:port//resources 这样访问 // 可以被处理访问 就会出现上边异常。修改客户端请求中的//即可。
The request was rejected because the URL contained a potentially malicious String “%2e“
脑神
01-11 4520
日志出现: [http-nio-80-exec-3] ERROR o.a.c.c.C.[.[localhost].[/].[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception org.springframework.security.web.firewall.RequestRejectedException: The request w
在使用 spring security 时,请求的地址栏使用 “//”的情况是后台报错处理方法
江南山水电
12-05 9353
在使用 spring security 时,请求的地址栏使用 “//”的情况是后台报如下错误: org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String "/...
The request was rejected because the URL contained a potentially malicious String “;
06-14
遇到"The request was rejected because the URL contained a potentially malicious string ‘;’"这样的错误提示,通常意味着服务器检测到了URL中存在可能被视为安全威胁的字符序列。在HTTP请求中,特别是...
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值