org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because

最新推荐文章于 2024-05-10 09:37:13 发布
最新推荐文章于 2024-05-10 09:37:13 发布
阅读量1.1w 收藏
点赞数 6
分类专栏: java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_38082304/article/details/96485674
版权 
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not normalized.
	at org.springframework.security.web.firewall.StrictHttpFirewall.getFirewalledRequest(StrictHttpFirewall.java:296) ~[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:194) ~[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) ~[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) ~[spring-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) ~[spring-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92) ~[spring-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) ~[spring-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) ~[spring-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200) ~[tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) [tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) [tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834) [tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415) [tomcat-embed-core-9.0.16.jar:9.0.16]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.16.jar:9.0.16]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_211]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_211]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.16.jar:9.0.16]
	at java.lang.Thread.run(Thread.java:748) [na:1.8.0_211]

解决方法

    //允许多请求地址多加斜杠  比如 /msg/list   //msg/list
    @Bean
    public HttpFirewall httpFirewall() {
        return new DefaultHttpFirewall();
    }
苏雨丶
关注
  • 6
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
SpringBoot中SpringSecurity 报错:org.springframework.security.web.firewall.RequestRejectedException
一个简单的描述,我想你不会感兴趣的
08-04 4064
根据报错org.springframework.security.web.firewall.RequestRejectedException中的信息分析错误
The request was rejected because the URL contained a potentially malicious String “;“问题的正确解决姿势
Ajekseg的博客
07-31 7908
先自我介绍一下,小编13年上师交大毕业,曾经在小公司待过,去过华为OPPO等大厂,18年进入阿里,直到现在。深知大多数初中级java工程师,想要升技能,往往是需要自己摸索成长或是报班学习,但对于培训机构动则近万元的学费,着实压力不小。因此我收集了一份《java开发全套学习资料》送给大家,初衷也很简单,就是希望帮助到想自学又不知道该从何学起的朋友,同时减轻大家的负担。,SpringSecurity会在Cookie中存一个信息,标记一为一个。是非常危险的举动,可能导致会话固定攻击,因此不建议上述的行为。...
The request was rejected because the header value “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWe
最新发布
LinFord1995的博客
05-10 358
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the header value "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) å讯é/2.0.0 Chrome/87.0.4280.141 Electron/11.5.0 Safari/
web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentia
kevin_loving的博客
12-18 4459
spring security 自带url 校验失败 因为请求的url不合法,但是对接方又不能修改,只能平台适配 org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious......
在使用 spring security 时,请求的地址栏使用 “//”的情况是后台报错处理方法
江南山水电
12-05 9091
在使用 spring security 时,请求的地址栏使用 “//”的情况是后台报如下错误: org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String "/...
SpringBoot整合升级Spring Security 报错 【The request was rejected because the URL was not normalized】
Lan_Xuan
06-10 1471
SpringBoot整合升级Spring Security 报错 【The request was rejected because the URL was not normalized】 前言 最近LZ给项目框架升级, 从Spring1.x升级到Spring2.x, 在这里就不多赘述两个版本之间的区别以及升级的原因。 关于升级过程中踩的坑,在其他博文中会做比较详细的记录,以便给读者参考,不要掉进...
学习软件_日语学习_日语计算机用语常用句免费下载.zip
07-16
8. **网络安全**:涉及到“セキュリティ”(security)、“ファイアウォール”(firewall)和“ウイルス”(virus)等概念,对理解日语安全文档和防范措施有重要意义。 9. **硬件组件**:日语中的硬件名称,如“モ...
Firebase4Delphi-master.zip_Firewall-Security_Help!
09-20
"Firewall-Security Help!" 标签暗示了这个项目可能包含了如何在 Delphi 应用程序中处理防火墙和安全问题的指南或示例。这可能包括如何配置应用程序以通过防火墙进行通信,以及如何确保与 Firebase 的连接是安全的,...
「APT」云计算安全的未来_安全设备虚拟化 - web安全.zip
11-28
首先,我们来看NGFW(Next-Generation Firewall,下一代防火墙)。NGFW是传统防火墙的升级版,它不仅具备基本的包过滤功能,还集成了应用层检测、入侵防御系统(IPS)以及威胁情报等功能。在云计算环境中,NGFW能够...
自动化英语资料PPT资料.ppt
11-02
例如,"breach"指的是破坏或安全漏洞,"vulnerability"是指系统的弱点,而"firewall"是用于保护网络免受未经授权访问的防护措施。 2. 四种计算机安全漏洞的区别:这涉及到识别和区分不同类型的攻击方式,如物理攻击...
sct.rar_The Network_content firewall
09-24
对防火墙中的数据包进行协议还原,检测网络数据包的原始内容The firewall in the agreement to restore the packets to detect network packets of the original content
远程管理Hyper-v虚拟机.docx
05-22
- 使用命令`netsh advfirewall firewall set rulegroup="Windows Management Instrumentation(WMI)" new enable=yes`启用WMI相关的防火墙规则。 - 确认防火墙高级设置中存在四条关于Windows Management ...
FangHuoQiang.rar_Firewall-Security_VC++ 防火墙_VC防火墙程序_fanghuoqiang
09-23
用VC++做的WINDOWS程序。简单的防火墙例子。能实现一般的功能。
「攻防靶场」互联网企业安全建设落地实践 - NGFW.zip
11-11
标题中的“「攻防靶场」互联网企业安全建设落地实践 - NGFW”指的是一个关于互联网企业如何实施安全建设,特别是采用下一代防火墙(Next-Generation Firewall, NGFW)的实战案例。NGFW 是一种集成了传统防火墙、入侵...
SpringSecurity:request was rejected because the URL contained a potentially malicious String “//“
Ricardo.M.Yu的博客
03-15 2307
spring security路径问题
The request was rejected because the URL contained a potentially malicious String ";"报错解决,
热门推荐
zhuyongru的专栏
09-11 2万+
去掉 URL 中讨厌的 jsessionid 在Java开发的网站中,经常会出现在URL中包含有jsessionid,用来记录session。 这是因为如果浏览器不支持cookie,JSP容器通过在URL中包含jsessionid来达到session的效果。 第一次访问的时候服务器不知道客户端有没有禁用cookie,所以会在超链接上加上jsessionid,在session过期以前第二次访问的...
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String "%25",出现这种异常,如何捕获
06-10
要捕获org.springframework.security.web.firewall.RequestRejectedException异常,可以使用Spring MVC中的@ControllerAdvice注解来实现全局异常处理。 具体实现步骤如下: 1. 创建一个异常处理类,使用@...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值