java.lang.IllegalArgumentException: An invalid domain [.xxx.com] was specified for this cookie
at org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:203)
at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:145)
at org.apache.catalina.connector.Response.generateCookieString(Response.java:1019)
at org.apache.catalina.connector.Response.addCookie(Response.java:967)
at org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:386)
......
————————————————
版权声明:本文为CSDN博主「0x2015」的原创文章,遵循CC 4.0 by-sa版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/w57685321/article/details/84943176
tomcat8.0升级到8.5导致的错误(springboot 2.1.4内置的tomcat版本是9.0.17)
去看tomcat的源码,对应189~218行
private void validateDomain(String domain) {
int i = 0;
int prev = -1;
int cur = -1;
char[] chars = domain.toCharArray();
while (i < chars.length) {
prev = cur;
cur = chars[i];
if (!domainValid.get(cur)) {
throw new IllegalArgumentException(sm.getString(
"rfc6265CookieProcessor.invalidDomain", domain));
}
// labels must start with a letter or number
if ((prev == '.' || prev == -1) && (cur == '.' || cur == '-')) {
throw new IllegalArgumentException(sm.getString(
"rfc6265CookieProcessor.invalidDomain", domain));
}
// labels must end with a letter or number
if (prev == '-' && cur == '.') {
throw new IllegalArgumentException(sm.getString(
"rfc6265CookieProcessor.invalidDomain", domain));
}
i++;
}
// domain must end with a label
if (cur == '.' || cur == '-') {
throw new IllegalArgumentException(sm.getString(
"rfc6265CookieProcessor.invalidDomain", domain));
}
}
if (prev == ‘-’ && cur == ‘.’) 抛出的异常,这个方法就是验证domain是否正确的,两个指针一个指向当前的char,一个指向上一个char,初始-1,那么这个当这个域名以’.’或者’-’的开头的时候就会抛出这个异常
根据这个原理,将前面的点号去掉,测试就OK了
原因分析:
跟踪addCookie方法
发现这个generateHeader方法中有两个实现,经搜索得知,tomcat8.5版本默认使用的是rfc6265实现的,而tomcat8.0版本是LegacyCookieProcessor
而在rfc6265中看到了域属性这段话,域属性不要以dot开头
所以,类似的cookie.setDomain(".test.com");在rfc6265标准中应该改为cookie.setDomain(“test.com”),即开头不要加点号
规则:
必须是1-9、a-z、A-Z、. 、- (注意是-不是_)这几个字符组成
必须是数字或字母开头 (所以以前的cookie的设置为.XX.com 的机制要改为 XX.com 即可)
必须是数字或字母结尾
在生产环境中,我们都不想去改代码,这个时候也有解决的方法
修改${tomcat_home}\conf\context.xml文件
<?xml version="1.0" encoding="UTF-8”?>
<!-- The contents of this file will be loaded for each web application -->
<Context>
<!-- Default set of monitored resources. If one of these changes, the -->
<!-- web application will be reloaded. -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<!-- <Manager pathname="" /> -->
<!-- 添加代码 -->
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor"/>
</Context>
将cookie处理的手工设置为LegacyCookieProcessor即可
如果是Spring boot中也是类似的道理
参考文档:https://docs.spring.io/spring-boot/docs/2.0.3.RELEASE/reference/htmlsingle/#howto-use-tomcat-legacycookieprocessor
package com.xxx.oauth2.config;
import org.apache.tomcat.util.http.LegacyCookieProcessor;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class CookieConfig {
/**
* 解决问题:
* There was an unexpected error (type=Internal Server Error, status=500).
* An invalid domain [.xxx.com] was specified for this cookie
*
* @return
*/
@Bean
public WebServerFactoryCustomizer<TomcatServletWebServerFactory> cookieProcessorCustomizer() {
return (factory) -> factory.addContextCustomizers(
(context) -> context.setCookieProcessor(new LegacyCookieProcessor()));
}
}
写个配置类或文档中写的配置一个bean就行了