springsecurity 获取header中文乱码“The request was rejected because the header value “äº?é?ªé£?“ is no“问题解决 |
您所在的位置:网站首页 › 陌生人登录京东账号安全吗 › springsecurity 获取header中文乱码“The request was rejected because the header value “äº?é?ªé£?“ is no“问题解决 |
目录
问题描述解决方案问题排查解决思路根据报错堆栈信息找到对应源码
官网找关键字其他方案
问题描述
request.getHeader(“X-HC-USER-NAME”); header里的这个属性是中文,在经过springsecurity的时候会报错,“The request was rejected because the header value “äº?é?ªé£?” is not allowed”。 解决方案在SpringSecurity的配置文件中添加配置bean @Bean public StrictHttpFirewall httpFirewall() { StrictHttpFirewall firewall = new StrictHttpFirewall(); firewall.setAllowedHeaderValues((header) -> { String parsed = new String(header.getBytes(StandardCharsets.ISO_8859_1), StandardCharsets.UTF_8); return ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN.matcher(parsed).matches(); }); return firewall; }就不会报错了。之后获取header属性后转一下就可以了 String headerUsername = request.getHeader("X-HC-USER-NAME"); String decodeHeaderUserName = new String(headerUsername.getBytes(StandardCharsets.ISO_8859_1), StandardCharsets.UTF_8); 问题排查解决思路 根据报错堆栈信息找到对应源码StrictHttpFirewall类 private void validateAllowedHeaderValue(String value) { if (!StrictHttpFirewall.this.allowedHeaderValues.test(value)) { throw new RequestRejectedException( "The request was rejected because the header value \"" + value + "\" is not allowed."); } } private static final Pattern ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN = Pattern .compile("[\\p{IsAssigned}&&[^\\p{IsControl}]]*"); private static final Predicate ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE = ( s) -> ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN.matcher(s).matches(); private Predicate allowedHeaderNames = ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE; private Predicate allowedHeaderValues = ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE; private Predicate allowedParameterNames = ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE; private Predicate allowedParameterValues = (value) -> true;可以看到是allowedHeaderValues匹配的正则表达式 官网找关键字打开springsecurity的官网,查找关键字allowedHeaderValues 看到有解决方案 @Bean public StrictHttpFirewall httpFirewall() { StrictHttpFirewall firewall = new StrictHttpFirewall(); firewall.setAllowedHeaderNames((header) -> true); firewall.setAllowedHeaderValues((header) -> true); firewall.setAllowedParameterNames((parameter) -> true); return firewall; } @Bean public StrictHttpFirewall httpFirewall() { StrictHttpFirewall firewall = new StrictHttpFirewall(); Pattern allowed = Pattern.compile("[\\p{IsAssigned}&&[^\\p{IsControl}]]*"); Pattern userAgent = ...; firewall.setAllowedHeaderValues((header) -> allowed.matcher(header).matches() || userAgent.matcher(header).matches()); return firewall; } firewall.setAllowedHeaderValues((header) -> { String parsed = new String(header.getBytes(ISO_8859_1), UTF_8); return allowed.matcher(parsed).matches(); });我们这里适合用第3种 其他方案用Encoder.encode 和Decoder.decode在传输前后对header编解码。 |
今日新闻 |
推荐新闻 |
CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |