乱码并拦截报错"/>
http请求header中包含中文字符时,Spring Security识别为乱码并拦截报错
问题描述
前端websocket请求连接时,一直报如下的错误:
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the header value
"username=admin; rememberMe=true; vesion=0; AccountId=608; Username=; Role=1; Memo=å<93><88>å°<94>滨工ä¸<9a>大å¦; OldPw=; password=; Admin-Token=eyJhbGciOiJIUzUxMiJ9.eyJsb2dpbl91c2VyX2tleSI6IjJkM2QxYmYyLTFiNWUtNDhhMC04ZTllLWUyYjNmM2M0ZmQyMyJ9.9XwtQPc5ZiR6wfSQNyRkkpu2sMTVpmpdSlff4JlWFBYQyKQHl95IV8uPNtg_bj2jx0oV-xGnp0WGFQrqPS2IZA" is not allowed.at org.springframework.security.web.firewall.StrictHttpFirewall$StrictFirewalledRequest.validateAllowedHeaderValue(StrictHttpFirewall.java:751)
问题原因
请求头中的cookie包含有中文字符,而spring security的默认字符集不识别中文,导致验证报错
问题排查解决过程
根据报错堆栈信息可以定位到是StrictHttpFirewall类的validateAllowedHeaderValue方法报的错
打开spring security的官方文档搜索:
.html
解决方案
官方共给出了三种解决方案,我们这里采取最简单的处理:
对字段的校验总返回true,即可解决
@Bean
public StrictHttpFirewall httpFirewall() {StrictHttpFirewall firewall = new StrictHttpFirewall();firewall.setAllowedHeaderNames((header) -> true);firewall.setAllowedHeaderValues((header) -> true);firewall.setAllowedParameterNames((parameter) -> true);return firewall;
}
更多推荐
http请求header中包含中文字符时,Spring Security识别为乱码并拦截报错
发布评论