我即使在URL中添加了额外的backslash(),我也会成功地响应:
:https://localhost:8080///////\\/rest//v1///kems///stats?btv=doerrja
JSON响应:
[
{
"ID": "636803914206857000",
"Rank": "2.401",
"Artifact_State": "In Arbeit",
"Count": "10"
},
{
"ID": "636803920812123000",
"Rank": "1.372",
"Artifact_State": "Keine Änderung möglich",
"Count": "1"
}
]
如何在Java中处理这种情况?
服务器的快照
我可以看到的是,我认为它是一次消耗一个'/',然后将其余作为一个参数,然后再次将每个'/'作为单独的路径递归地对待,最终达到了您所拥有的实际明智值试图通过
最后以下解决方案对我有用:
pom.xml:
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-config -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-web -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.2.4.RELEASE</version>
</dependency>
SecurityConfig.java
package com.Application;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{
/*
* Method allow to access any resource without any authentication
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().permitAll();
}
}
urlfilter.java
package com.component;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.LoggerFactory;
import org.slf4j.Logger;
import org.springframework.stereotype.Component;
import com.daimler.datalayer.apistreamintegration.exception.BadRequest;
@Component
public class UrlFilter implements Filter {
private static final Logger LOGGER = LoggerFactory.getLogger(UrlFilter.class);
@Override
public void init(FilterConfig filterChain) throws ServletException {
}
/*
* filter call to check if any double forward slash(//) present in URI before invoking Controller class
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
throws IOException, ServletException {
LOGGER.info("Filtering the url");
if (!(request instanceof HttpServletRequest)) {
return;
}
String requestURI = ((HttpServletRequest) request).getRequestURI();
boolean isInvalidUrl = requestURI.contains("//");
if (isInvalidUrl) {
throw new BadRequest("The request was rejected because the URL was not normalized.");
}
filterChain.doFilter(request, response);
}
@Override
public void destroy() {
}
}
badrequest.java
package com.exception;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.ResponseStatus;
@ResponseStatus(value = HttpStatus.BAD_REQUEST)
public class BadRequest extends RuntimeException {
private static final long serialVersionUID = 1L;
public BadRequest(String message) {
super(message);
}
public BadRequest(String message, Throwable cause) {
super(message, cause);
}
}