tomcat8項目移到tomcat9,出現如下問題
HTTP Status 400 – Bad Request
Type Exception Report
Message Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
Description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).
Exception
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986 org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:467) org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:294) org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791) org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417) org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) java.lang.Thread.run(Thread.java:748)
url實際請求地址:/systemSet/userR7Role/roleManageShow?jiaosId=52&f_jsmc=ITSS問題審核
經過抓包,url請求地址如下
ie如下:
/systemSet/userR7Role/roleManageShow?jiaosId=50&f_jsmc=ITSS\351\227\256\351\242\230\347\224\263\350\257\267
chrome如下:
/systemSet/userR7Role/roleManageShow?jiaosId=52&f_jsmc=ITSS%E9%97%AE%E9%A2%98%E5%AE%A1%E6%A0%B8
只要用js對url進行編碼即可,解決方法
/systemSet/userR7Role/roleManageShow?jiaosId=52&f_jsmc=encodeURIComponent('ITSS問題審核')
后來在網上查資料,說tomcat8.0.53以后,對url的檢查就比較嚴格了。根據筆者工作來說,一部分原因可能是為了防止同url方式跨站(CRSF)、XSS以及sql注入。