我在日志中发现以下错误:
org.springframework.security.web.firewall.RequestRejectedException: The requestURI cannot contain encoded slash. Got /;lm=1488887514;m=js;asset=delayedElements%2Fsnippet;tf;ucm=353df4434086482d9d1d7b89758e156e/
at org.springframework.security.web.firewall.DefaultHttpFirewall.getFirewalledRequest(DefaultHttpFirewall.java:56)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:193)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:77)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
...
我找到了可能在Spring Boot中有效的解决方案。
Spring security DefaultHttpFirewall - The requestURI cannot contain encoded slash
我可以以及如何在Grails中应用它?
在此先多谢!
编辑1:
这就是我实施Sudhir的建议的方式:
在这里,我创建了新类:
这是实现的样子:
package fnx.security;
import org.springframework.security.web.firewall.DefaultHttpFirewall;
public class CustomHttpFirewall extends DefaultHttpFirewall {
CustomHttpFirewall() {
boolean allowUrlEncodedSlash = true;
}
}
这就是它如何包含在application.yml中:
grails:
plugin:
springsecurity:
httpFirewallBeanClass: 'fnx.security.CustomHttpFirewall'
有什么缺失或错误吗?
最佳答案
默认情况下,spring security core插件使用DefaultHttpFirewall,您可以通过扩展DefaultHttpFirewall来创建子类,并从构造函数中将allowUrlEncodedSlash属性设置为true。
CustomHttpFirewall extends DefaultHttpFirewall {
CustomHttpFirewall() {
allowUrlEncodedSlash = true
}
}
然后配置spring安全性以使用您的自定义防火墙类,如下所示。
grails.plugin.springsecurity.httpFirewallBeanClass = "full name of your class"
请注意已测试,但这应该可以工作。