spring security 自帶url 校驗失敗 因為請求的url不合法，但是對接方又不能修改，只能平臺適配

---

org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String "%2E"
?? ?at org.springframework.security.web.firewall.StrictHttpFirewall.rejectedBlacklistedUrls(StrictHttpFirewall.java:265)
?? ?at org.springframework.security.web.firewall.StrictHttpFirewall.getFirewalledRequest(StrictHttpFirewall.java:245)
?? ?at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:193)
?? ?at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
?? ?at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
?? ?at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
?? ?at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
?? ?at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
?? ?at?
?? ?at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
?? ?at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
?? ?at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
?? ?at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
?? ?at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
?? ?at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
?? ?at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:100)
?? ?at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
?? ?at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
?? ?at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
?? ?at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
?? ?at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
?? ?at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:65)
?? ?at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
?? ?at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
?? ?at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
?? ?at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
?? ?at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
?? ?at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
?? ?at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
?? ?at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
?? ?at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
?? ?at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
?? ?at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
?? ?at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
?? ?at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
?? ?at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
?? ?at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
?? ?at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
?? ?at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
?? ?at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
?? ?at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
?? ?at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
?? ?at io.undertow.server.Connectors.executeRootHandler(Connectors.java:336)
?? ?at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
?? ?at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
?? ?at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
?? ?at java.lang.Thread.run(Thread.java:748)

---

解決方法

在對應請求在對過濾鏈進行放行處理

@Configuration @EnableWebMvc public class WebConfig extends WebMvcConfigurerAdapter {@Overridepublic void addResourceHandlers(ResourceHandlerRegistry registry) { //將所有/static/** 訪問都映射到classpath:/static/ 目錄下registry.addResourceHandler("/**").addResourceLocations("classpath:/static/");registry.addResourceHandler("/swagger-ui.html").addResourceLocations("classpath:/META-INF/resources/");registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/");registry.addResourceHandler("/update/**").addResourceLocations("classpath:/update/");}@Overridepublic void configureMessageConverters(List<HttpMessageConverter<?>> converters) {MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();ObjectMapper mapper = new ObjectMapper();mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);mapper.setDateFormat(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSXXX"));converter.setObjectMapper(mapper);converters.add(converter);}@Beanpublic ViewResolver getViewResolver(){InternalResourceViewResolver resolver = new InternalResourceViewResolver();resolver.setPrefix("/static/");resolver.setSuffix(".html");return resolver;}@Beanpublic FilterRegistrationBean myUpdateFilterRegistration() {FilterRegistrationBean registration = new FilterRegistrationBean();registration.setFilter(new MyUpdateFilter());registration.addUrlPatterns("/*");registration.addUrlPatterns();registration.setName("myUpdateFilter");registration.setOrder(-102);return registration;}}

public class MyUpdateFilter implements Filter {private KikGaLogger log = LogUtil.get();@Overridepublic void init(FilterConfig filterConfig) throws ServletException {}@Overridepublic void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)throws IOException, ServletException {final HttpServletRequest request = (HttpServletRequest) servletRequest;final HttpServletResponse response = (HttpServletResponse) servletResponse;String servletPath = request.getServletPath();//update下載if (StringUtils.isNotBlank(servletPath) && servletPath.contains("/update/")) {log.info("MyUpdateFilter filter:" + servletPath);skipFilter(filterChain);}filterChain.doFilter(servletRequest, servletResponse);}@Overridepublic void destroy() {}/*** 方法名稱：skipFilter* 方法描述：跳過filter（）* 返回值描述：*/private void skipFilter(FilterChain chain) {try {Field field = chain.getClass().getDeclaredField("filters");field.setAccessible(true);List<ManagedFilter> filters = (List<ManagedFilter>) field.get(chain);int k = 0;Iterator<ManagedFilter> iterators = filters.iterator();while (iterators.hasNext()){ManagedFilter filter = iterators.next();if (filter==null) {continue;}String name = filter.getFilterInfo().getName();//cas過濾if(name.contains("cas")||name.contains("Security")){iterators.remove();}}//field.set("filters",filters);field.setAccessible(false);} catch (Exception e) {log.error("skipFilter error",e);}}}

總結

以上是生活随笔為你收集整理的web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentia的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。