0

我正在使用 Spring MVC + Spring Security 3.1 开发一个应用程序,我的应用程序是通过某个 URL 调用的,该 URL 包含一个参数,该参数是一个 XML 文件作为字符串。

我正在测试环境中开发,所以我构建了一个测试控制器,我这样做:

String parameter = "<Usuario>\n\t<ID>primaria</ID>\n</Usuario>";
return "redirect:/autenticacion/primaria?parametro=" + parameter;

我得到以下异常:

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.IllegalArgumentException: Invalid characters (CR/LF) in redirect location
    org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:894)
    org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:88)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
    org.springframework.security.config.debug.DebugFilter.doFilterInternal(DebugFilter.java:45)
    org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
    org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)

我能做些什么来模拟它?

编辑:我更改了实际参数内容。问题是我不能删除 \t 和 \r 字符,因为该参数是由外部应用程序生成的,所以我必须“接受”一个包含 \r 和 \t 的参数......我该怎么做?

4

2 回答 2

1

看起来这只是一个编码问题,所以你可以自己手动完成。但是默认情况下,Spring 会将模型属性添加到重定向 URI,因此您可能只是这样做

@RequestMapping(...)
public String handle(Model model, ...) {
    ...
    String parameter = "<Usuario>\n\t<ID>primaria</ID>\n</Usuario>";
    model.addAttribute("parametro", parameter);
    return "redirect:/autenticacion/primaria";
}
于 2012-11-26T14:16:54.570 回答
0

好吧,最后我找到了解决方法...

我已经构建了一个过滤器,它可以捕获“冲突”调用并用 '\0' 字符替换 '\r' 字符并且它可以工作!Spring Security 不会抱怨 :)

@Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        HttpServletRequest httpRequest = (HttpServletRequest) request;

        String incomingUrl = httpRequest.getRequestURI();
        // Se comprueba si la url original tiene caracter de retorno de carro
        if (incomingUrl.indexOf('\r') >= 0) {
            //Sustituye todos los caracteres retorno de carro por caracter vacío.
            String newUrl = incomingUrl.replaceAll("\r", "");
            //Asigna una nueva url a la petición.
            RequestDispatcher requestDispatcher = request
                    .getRequestDispatcher(newUrl);
            requestDispatcher.forward(request, response);
        }
        //Sique adelante la cadena de filtros.
        chain.doFilter(request, response);
    }
于 2012-11-26T16:36:08.250 回答