java 为什么这个 URL 从 Tomcat 返回错误 400?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/36220740/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Why is this URL returning error 400 from Tomcat?
提问by John Brink
I have a Tomcat server running Java servlets. I'm trying to make a servlet that returns stored files, given their encrypted IDs.
我有一个运行 Java servlet 的 Tomcat 服务器。我正在尝试制作一个 servlet,根据它们的加密 ID 返回存储的文件。
ID: 100
编号:100
Encrypted ID: +e4/E5cR/aM=
加密ID:+e4/E5cR/aM=
URL-encoded ID: %2Be4%2FE5cR%2FaM%3D
URL 编码 ID:%2Be4%2FE5cR%2FaM%3D
Resulting URL: http://localhost/file/demo/%2Be4%2FE5cR%2FaM%3D
结果 URL:http://localhost/file/demo/%2Be4%2FE5cR%2FaM%3D
When I try to follow that link, I don't even get into my servlet's code - the server returns this error: Failed to load resource: the server responded with a status of 400 (Bad Request)
当我尝试访问该链接时,我什至没有进入我的 servlet 代码 - 服务器返回此错误:无法加载资源:服务器响应状态为 400(错误请求)
What's wrong with this URL that's making Tomcat reject it before reaching my code? I ran it though a URL-encoder, and I don't see any invalid characters in it.
这个 URL 有什么问题导致 Tomcat 在到达我的代码之前拒绝它?我通过 URL 编码器运行它,但我没有在其中看到任何无效字符。
回答by Dennis R
You have slash "/" encoded in the url. Apache doesn't allow them due to potential atacks. There is setting to allow them:
您在 url 中编码了斜杠“/”。由于潜在的攻击,Apache 不允许它们。有设置允许他们:
System.setProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH", "true");
or
或者
-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
See similar post.
见类似帖子。
回答by pczeus
You are likely experiencing one of 2 issues:
您可能会遇到以下两个问题之一:
1) You have not included the port in your URL. Either you have configured the Tomcat port to port 80, in which case the port is not needed, or you need to include the port, which defaults to 8080, for example:
1) 您没有在 URL 中包含端口。要么您已将 Tomcat 端口配置为端口 80,在这种情况下不需要该端口,要么您需要包含该端口,默认为 8080,例如:
http://localhost:8080/file/demo/%2Be4%2FE5cR%2FaM%3D
2) You are adding the encrypted ID as part of the URL itself, which would have to be mapped to a Servlet/JSP/View of some sort in your URL mappings and is not likely. Tomcat is not going to recognize a unique ID and know a corresponding handler to call to process the mapping. Assuming you intend to call the servlet/JSP/controller that is mapped to '/file/demo', you would more likely want to pass the ID as a request parameter, for example:
2) 您将加密的 ID 添加为 URL 本身的一部分,这必须映射到 URL 映射中的某种 Servlet/JSP/View,而且不太可能。 Tomcat 不会识别唯一的 ID,也不会知道要调用的相应处理程序来处理映射。假设您打算调用映射到“/file/demo”的 servlet/JSP/控制器,您更有可能希望将 ID 作为请求参数传递,例如:
http://localhost:8080/file/demo?id=%2Be4%2FE5cR%2FaM%3D
