tomcat8.5.30之后拦截特殊字符解决办法
Tomcat8.5.30之后的版本,参数中有特殊字符的话会报错,直接返回400
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:479)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:687)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol
C
o
n
n
e
c
t
i
o
n
H
a
n
d
l
e
r
.
p
r
o
c
e
s
s
(
A
b
s
t
r
a
c
t
P
r
o
t
o
c
o
l
.
j
a
v
a
:
790
)
a
t
o
r
g
.
a
p
a
c
h
e
.
t
o
m
c
a
t
.
u
t
i
l
.
n
e
t
.
N
i
o
E
n
d
p
o
i
n
t
ConnectionHandler.process(AbstractProtocol.java:790) at org.apache.tomcat.util.net.NioEndpoint
ConnectionHandler.process(AbstractProtocol.java:790)atorg.apache.tomcat.util.net.NioEndpointSocketProcessor.doRun(NioEndpoint.java:1468)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor
W
o
r
k
e
r
.
r
u
n
(
T
h
r
e
a
d
P
o
o
l
E
x
e
c
u
t
o
r
.
j
a
v
a
:
624
)
a
t
o
r
g
.
a
p
a
c
h
e
.
t
o
m
c
a
t
.
u
t
i
l
.
t
h
r
e
a
d
s
.
T
a
s
k
T
h
r
e
a
d
Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread
Worker.run(ThreadPoolExecutor.java:624)atorg.apache.tomcat.util.threads.TaskThreadWrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
这是因为
根据rfc规范(RFC 3986规范定义了Url中只允许包含英文字母(a-zA-Z)、数字(0-9)、-_.~4个特殊字符以及所有保留字符(RFC3986中指定了以下字符为保留字符:! * ’ ( ) ; : @ & = + $ , / ? # [ ]))。
url中不允许有 |,{,}等特殊字符,但在实际生产中还是有些url有可能携带有这些字符,特别是|还是较为常见的。在tomcat升级到7以后,对url字符的检查都变严格了,如果出现这类字符,tomcat将直接返回400状态码。
网上给出的办法多是,修改tomcat的配置,在catalina.properties添加下面的配置
tomcat.util.http.parser.HttpParser.requestTargetAllow=|{}
但是我试过后发现不起作用,然后搜索了下,在server.xml中修改Connector设置为
后完美解决。