小贝子编程

如何在WSO2EI上转义HTTP请求中的URL不安全字符



是否可以在WSO2中转义不安全的URL字符?例如,如果WSO2正在接收具有请求URLhttps://example.com/something?token=...&imageFormat=image/png的请求。斜线"/"查询参数中的符号不安全,但我不在乎,我只想将此请求代理到另一台服务器,但WSO2返回了一个Error 404--Not Found,可能是因为查询参数中斜杠混淆了它。

然而,在任何中介处理发生之前,请求就被拒绝了,所以我对此无能为力。有什么方法可以逃脱传入请求的URL吗?

我不认为是查询参数导致了问题。通常,?之后的任何内容都被忽略以进行上下文匹配。我用一个简单的API进行了尝试,它没有任何问题。请参阅下面的示例。

API

<?xml version="1.0" encoding="UTF-8"?>
<api context="/sample" name="Sample" xmlns="http://ws.apache.org/ns/synapse">
<resource methods="GET">
<inSequence>
<property action="remove" name="TRANSPORT_HEADERS" scope="axis2"/>
<payloadFactory media-type="xml">
<format>
<msg xmlns="">Hello</msg>
</format>
<args/>
</payloadFactory>
<property name="messageType" scope="axis2" type="STRING" value="application/json"/>
<respond/>
</inSequence>
<outSequence/>
<faultSequence/>
</resource>
</api>

有线日志

HTTP-Listener I/O dispatcher-5 >> "GET /sample?token=12345&imageFormat=image/png HTTP/1.1[r][n]"
HTTP-Listener I/O dispatcher-5 >> "User-Agent: PostmanRuntime/7.29.0[r][n]"
HTTP-Listener I/O dispatcher-5 >> "Accept: */*[r][n]"
HTTP-Listener I/O dispatcher-5 >> "Postman-Token: f5e87376-f8b1-4722-b068-6513314de9ab[r][n]"
HTTP-Listener I/O dispatcher-5 >> "Host: localhost:8280[r][n]"
HTTP-Listener I/O dispatcher-5 >> "Accept-Encoding: gzip, deflate, br[r][n]"
HTTP-Listener I/O dispatcher-5 >> "Connection: keep-alive[r][n]"
HTTP-Listener I/O dispatcher-5 >> "[r][n]"
HTTP-Listener I/O dispatcher-5 << "HTTP/1.1 200 OK[r][n]"
HTTP-Listener I/O dispatcher-5 << "Content-Type: application/json; charset=UTF-8[r][n]"
HTTP-Listener I/O dispatcher-5 << "Date: Tue, 30 Aug 2022 13:00:01 GMT[r][n]"
HTTP-Listener I/O dispatcher-5 << "Transfer-Encoding: chunked[r][n]"
HTTP-Listener I/O dispatcher-5 << "Connection: keep-alive[r][n]"
HTTP-Listener I/O dispatcher-5 << "[r][n]"
HTTP-Listener I/O dispatcher-5 << "f[r][n]"
HTTP-Listener I/O dispatcher-5 << "{"msg":"Hello"}[r][n]"
HTTP-Listener I/O dispatcher-5 << "0[r][n]"
HTTP-Listener I/O dispatcher-5 << "[r][n]"

正如你在上面看到的,我正在进行下面的调用,它按预期工作。

curl 'http://localhost:8280/sample?token=12345&imageFormat=image/png'

变通办法

如果您确信错误是由查询参数中的斜杠引起的,那么这里有一个解决方法。所有不匹配的服务调用都将被分派到默认的main序列。您可以通过导航到<EI_HOME>/repository/deployment/server/synapse-configs/default/sequences或从碳控制台转到Sequences部分来找到此序列。在主序列中,您可以添加一些如下逻辑,以检查这是否是您的API失败,并将所有内容路由到不同的序列,或者您甚至可以在从主序列进行URL编码后调用原始的API。在下面的示例中,我的API的根上下文是Sample

<filter regex="true" source="starts-with(get-property('To'), '/sample')" xmlns:ns="http://org.apache.synapse/xsd">
<then>
<log>
<property name="msg" value="Weird API Matched ~~~~~~Do your stuff here or invoke another sequence~~~~~~~"/>
</log>
<sequence key="Seq"/>
</then>
<else>
<log>
<property name="msg" value="No Match ~~~~~~~~~~~~~~~~~"/>
</log>
</else>
</filter>

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium