The request was rejected because the URL was not normalized

最新推荐文章于 2022-01-17 22:17:38 发布

科技红薯

最新推荐文章于 2022-01-17 22:17:38 发布

阅读量6.5k

点赞数 2

CC 4.0 BY-SA版权

分类专栏： java security springmvc 文章标签： security 升级 normalized springmvc

本文链接：https://blog.youkuaiyun.com/moyanxiaoq/article/details/85694378

java 同时被 3 个专栏收录

10 篇文章

订阅专栏

security

1 篇文章

订阅专栏

springmvc

1 篇文章

订阅专栏

背景问题

在升级security时报了一个错:The request was rejected because the URL was not normalized。
字面意思是：不是正规的URL请求被拒绝。
有可能是“/getUser”写成了“//getUser”等类似的不正规的url。
因为security升级后对url校验更加严格了，我这边是从4.2.3.RELEASE升级到4.2.9.RELEASE

org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not normalized.
	at org.springframework.security.web.firewall.StrictHttpFirewall.getFirewalledRequest(StrictHttpFirewall.java:248)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:194)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

解决方案

在这里插入图片描述
在上图红框那行代码打断点，然后看request里面跳转的url是否为不正规的url。
我这边断点显示跳转首页的url是 “ //index.jsp ” 应该是 “ /index.jsp ”
于是就在我的过滤器拦截跳转的地方将 “ / ” 去掉。
wel.xml改成了如下：

<welcome-file-list>
	<welcome-file>index.jsp</welcome-file>
</welcome-file-list>

修改完后再去请求首页就可以正常跳到登陆界面了。