url包含分号时,在Spring 5中获得500响应

时间:2018-07-23 11:01:54

标签: java spring spring-boot

我最近已从Spring 3升级到Spring。早些时候,我能够在URL值包含分号的情况下发布并获取资源。但是升级后我得到了500错误。以下是我的获取请求

/ rest / logindomains / grouptorolemapping / 13 / Atl; BasGroup

有人知道如何解决此问题吗?

3 个答案:

答案 0 :(得分:2)

要在网址中启用分号,必须调整UrlPathHelper。例如:

@Configuration
public class WebConfig implements WebMvcConfigurer {
    @Override
    public void configurePathMatch(PathMatchConfigurer configurer) {
        UrlPathHelper urlPathHelper = new UrlPathHelper();
        urlPathHelper.setRemoveSemicolonContent(false);

        configurer.setUrlPathHelper(urlPathHelper);
    }
}

答案 1 :(得分:1)

Spring 5包含默认启用的StrictHttpFirewall。为了允许在URL中使用分号,需要使用setAllowSemicolon(boolean)方法。

答案 2 :(得分:1)

通过将以下xml添加到security-config.xml解决了该问题。这将允许在URL中使用分号和百分比字符。

<bean id="myHttpFirewall" class="org.springframework.security.web.firewall.StrictHttpFirewall">
    <property name="allowSemicolon" value="true"/>
    <property name="allowUrlEncodedPercent" value="true"/>
</bean>
<security:http-firewall ref="myHttpFirewall"/>

Java解决方案:

@Component
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
{
private static final DebugLog LOG = new DebugLog("WebSecurityConfig", WebSecurityConfig.class);

@Bean
public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
    StrictHttpFirewall firewall = new StrictHttpFirewall();
    firewall.setAllowUrlEncodedPercent(true);;
    firewall.setAllowSemicolon(true);
    return firewall;
}

@Override
public void configure(WebSecurity web) throws Exception {
  super.configure(web);
  // @formatter:off
  web.httpFirewall(allowUrlEncodedSlashHttpFirewall());
}