设为首页收藏本站
开启辅助访问

springsecurity 获取header中文乱码“The request was rejected because the header value “äº?é?ªé£?“ is no“问题解决

 您所在的位置:网站首页 陌生人登录京东账号安全吗 springsecurity 获取header中文乱码“The request was rejected because the header value “äº?é?ªé£?“ is no“问题解决

springsecurity 获取header中文乱码“The request was rejected because the header value “äº?é?ªé£?“ is no“问题解决

2023-06-02 13:49| 来源: 网络整理| 查看: 265

目录 问题描述解决方案问题排查解决思路根据报错堆栈信息找到对应源码 官网找关键字其他方案

问题描述

request.getHeader(“X-HC-USER-NAME”); header里的这个属性是中文,在经过springsecurity的时候会报错,“The request was rejected because the header value “äº?é?ªé£?” is not allowed”。

解决方案

在SpringSecurity的配置文件中添加配置bean

@Bean public StrictHttpFirewall httpFirewall() { StrictHttpFirewall firewall = new StrictHttpFirewall(); firewall.setAllowedHeaderValues((header) -> { String parsed = new String(header.getBytes(StandardCharsets.ISO_8859_1), StandardCharsets.UTF_8); return ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN.matcher(parsed).matches(); }); return firewall; }

就不会报错了。之后获取header属性后转一下就可以了

String headerUsername = request.getHeader("X-HC-USER-NAME"); String decodeHeaderUserName = new String(headerUsername.getBytes(StandardCharsets.ISO_8859_1), StandardCharsets.UTF_8); 问题排查解决思路 根据报错堆栈信息找到对应源码

StrictHttpFirewall类

private void validateAllowedHeaderValue(String value) { if (!StrictHttpFirewall.this.allowedHeaderValues.test(value)) { throw new RequestRejectedException( "The request was rejected because the header value \"" + value + "\" is not allowed."); } } private static final Pattern ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN = Pattern .compile("[\\p{IsAssigned}&&[^\\p{IsControl}]]*"); private static final Predicate ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE = ( s) -> ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN.matcher(s).matches(); private Predicate allowedHeaderNames = ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE; private Predicate allowedHeaderValues = ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE; private Predicate allowedParameterNames = ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE; private Predicate allowedParameterValues = (value) -> true;

可以看到是allowedHeaderValues匹配的正则表达式

官网找关键字

打开springsecurity的官网,查找关键字allowedHeaderValues 看到有解决方案

@Bean public StrictHttpFirewall httpFirewall() { StrictHttpFirewall firewall = new StrictHttpFirewall(); firewall.setAllowedHeaderNames((header) -> true); firewall.setAllowedHeaderValues((header) -> true); firewall.setAllowedParameterNames((parameter) -> true); return firewall; } @Bean public StrictHttpFirewall httpFirewall() { StrictHttpFirewall firewall = new StrictHttpFirewall(); Pattern allowed = Pattern.compile("[\\p{IsAssigned}&&[^\\p{IsControl}]]*"); Pattern userAgent = ...; firewall.setAllowedHeaderValues((header) -> allowed.matcher(header).matches() || userAgent.matcher(header).matches()); return firewall; } firewall.setAllowedHeaderValues((header) -> { String parsed = new String(header.getBytes(ISO_8859_1), UTF_8); return allowed.matcher(parsed).matches(); });

我们这里适合用第3种

其他方案

用Encoder.encode 和Decoder.decode在传输前后对header编解码。



【本文地址】


今日新闻

推荐新闻

CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3