最近在搞python项目用java重构,出现了各种问题,记录如下:
1 post请求失败,报csrf错误
错误日志:
Java代码
018-07-30 10:46:51.568 ERROR 24753 — [nio-7001-exec-2] ssDeniedHandlerLoggingMethodBeforeAdvice : To access request URI [/warehouseItem/importWarehouseSku.json] is denied ,
caused by : Invalid CSRF Token ‘null’ was found on the request parameter ‘_csrf’ or header ‘X-XSRF-TOKEN’.
出现问题原因为:spring-security组件从3升级到4后修改了安全验证,将post排除在外了。
修复方案:application.properties文件
方法1:关闭post的csrf校验
security.enableCsrf = false
spring.security.csrf.supportedMethods = PUT
方法2:根据黑名单关闭csrf校验
spring.security.csrf.url.style = regex
spring.security.csrf.url.included = /.*?
spring.security.csrf.url.excluded = ^/csrf/nocheck
2 响应头信息有set-cookie返回
这个也是spring-security安全组件导致的。关闭csrf后就可以了
3 url中有特殊字符串请求报错400
详细报错信息如下:
Java代码
2019-7-30 10:29:15 org.apache.coyote.http11.AbstractHttp11Processor process
信息: Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
at org.apache.coyote.http11.InternalAprInputBuffer.parseRequestLine(InternalAprInputBuffer.java:238)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1028)
at org.apache.coyote.AbstractProtocol A b s t r a c t C o n n e c t i o n H a n d l e r . p r o c e s s ( A b s t r a c t P r o t o c o l . j a v a : 637 ) a t o r g . a p a c h e . t o m c a t . u t i l . n e t . A p r E n d p o i n t AbstractConnectionHandler.process(AbstractProtocol.java:637) at org.apache.tomcat.util.net.AprEndpoint Abstract