tomcat8项目移到tomcat9,出现如下问题
HTTP Status 400 – Bad Request
Type Exception Report
Message Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
Description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).
Exception
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:467)
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:294)
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:748) url实际请求地址:/systemSet/userR7Role/roleManageShow?jiaosId=52&f_jsmc=ITSS问题审核
经过抓包,url请求地址如下
ie如下:
/systemSet/userR7Role/roleManageShow?jiaosId=50&f_jsmc=ITSS\351\227\256\351\242\230\347\224\263\350\257\267
chrome如下:
/systemSet/userR7Role/roleManageShow?jiaosId=52&f_jsmc=ITSS%E9%97%AE%E9%A2%98%E5%AE%A1%E6%A0%B8
只要用js对url进行编码即可,解决方法
/systemSet/userR7Role/roleManageShow?jiaosId=52&f_jsmc=encodeURIComponent('ITSS问题审核')
后来在网上查资料,说tomcat8.0.53以后,对url的检查就比较严格了。根据笔者工作来说,一部分原因可能是为了防止同url方式跨站(CRSF)、XSS以及sql注入。