1. Dom
  2. Pytanie i odpowiedź
  3. Błąd z wartością cookie podczas dodawania nowej sesji wiosennej

Błąd z wartością cookie podczas dodawania nowej sesji wiosennej

2016-07-31 11 views
5

W mojej aplikacji bazującej na Spring Boot 1.4 używam Spring Session do przechowywania danych sesji w bazie danych za pomocą JDBC.Błąd z wartością cookie podczas dodawania nowej sesji wiosennej

Działa to dobrze z domyślną sesją. Ale gdy chcę dodać nową sesję (dodając ?_s=1 do adresu URL aplikacji) pojawia się następujący wyjątek:

java.lang.IllegalArgumentException: An invalid character [32] was present in the Cookie value

Co tu jest problem?

Edycja: Pamiętaj, że sam nie ustawiam wartości cookie, robi to Spring Session. Dlatego nie mogę stwierdzić, jaką wartość próbuje ustawić.

Kompletny StackTrace jest tutaj:

java.lang.IllegalArgumentException: An invalid character [32] was present in the Cookie value 
    at org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateCookieValue(Rfc6265CookieProcessor.java:160) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:109) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.connector.Response.generateCookieString(Response.java:989) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.connector.Response.addCookie(Response.java:937) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:386) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.springframework.session.web.http.DefaultCookieSerializer.writeCookieValue(DefaultCookieSerializer.java:112) ~[spring-session-1.2.1.RELEASE.jar:na] 
    at org.springframework.session.web.http.CookieHttpSessionStrategy.onNewSession(CookieHttpSessionStrategy.java:213) ~[spring-session-1.2.1.RELEASE.jar:na] 
    at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.commitSession(SessionRepositoryFilter.java:247) ~[spring-session-1.2.1.RELEASE.jar:na] 
    at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.access$100(SessionRepositoryFilter.java:214) ~[spring-session-1.2.1.RELEASE.jar:na] 
    at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryResponseWrapper.onResponseCommitted(SessionRepositoryFilter.java:202) ~[spring-session-1.2.1.RELEASE.jar:na] 
    at org.springframework.session.web.http.OnCommittedResponseWrapper.doOnResponseCommitted(OnCommittedResponseWrapper.java:226) ~[spring-session-1.2.1.RELEASE.jar:na] 
    at org.springframework.session.web.http.OnCommittedResponseWrapper.sendRedirect(OnCommittedResponseWrapper.java:126) ~[spring-session-1.2.1.RELEASE.jar:na] 
    at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.springframework.security.web.firewall.FirewalledResponse.sendRedirect(FirewalledResponse.java:41) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.springframework.security.web.util.OnCommittedResponseWrapper.sendRedirect(OnCommittedResponseWrapper.java:128) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.springframework.security.web.util.OnCommittedResponseWrapper.sendRedirect(OnCommittedResponseWrapper.java:128) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.DefaultRedirectStrategy.sendRedirect(DefaultRedirectStrategy.java:57) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint.commence(LoginUrlAuthenticationEntryPoint.java:169) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.access.ExceptionTranslationFilter.sendStartAuthentication(ExceptionTranslationFilter.java:204) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException(ExceptionTranslationFilter.java:178) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:134) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:150) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) ~[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] 
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:87) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:164) ~[spring-session-1.2.1.RELEASE.jar:na] 
    at org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:80) ~[spring-session-1.2.1.RELEASE.jar:na] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) ~[tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.StandardContextValve.__invoke(StandardContextValve.java:108) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1425) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_101] 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_101] 
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.4.jar:8.5.4] 
    at java.lang.Thread.run(Thread.java:745) [na:1.8.0_101]

Źródło

2016-07-31 yglodt

+0

Jaka jest wartość, którą próbujesz ustawić w pliku cookie? –

+1

Możliwy duplikat [java.lang.IllegalArgumentException: znak kontrolny w wartości lub atrybucie cookie] (http://stackoverflow.com/questions/9109318/java-lang-illegalargumentexception-control-character-in-cookie-value-or- attribu) –

+0

Nie wiem, jaką wartość Spring Session chce ustawić w ciasteczku. – yglodt

Odpowiedz

8

Wynika to z przetwarzaniem plików cookie Tomcat jest zmieniona na RFC 6265 realizację zgodnego domyślnie w 8.5, która nie pozwala przestrzeń (znak 32), m.in. .

Jako rozwiązanie tymczasowe można skonfigurować Tomcat tak, aby korzystał ze starszego procesora plików cookie. Aby to zrobić z wiosennym Boot, zarejestruj EmbeddedServletContainerCustomizer@Bean takiego:

@Bean 
public EmbeddedServletContainerCustomizer customizer() { 
    return container -> { 
     if (container instanceof TomcatEmbeddedServletContainerFactory) { 
      TomcatEmbeddedServletContainerFactory tomcat = (TomcatEmbeddedServletContainerFactory) container; 
      tomcat.addContextCustomizers(context -> context.setCookieProcessor(new LegacyCookieProcessor())); 
     } 
    }; 
}

zobaczyć również spring-projects/spring-session#gh-605 śledzić postęp ustalające ten w Spring Session.

Źródło

2016-08-28 22:16:43

2

Plik cookie funkcji nie może poprawnie kodować wartości za pomocą spacji, również znaków francuskich i tak dalej. Rozwiązuję ten problem z URLEncoder.encode (String arg0, Encoding version) tutaj użyłem UTF-8. Oto metoda, którą stworzyłem!

private static void setCookie(HttpServletResponse response, String nom, String valeur, int maxAge)throws IOException { 
    Cookie cookie = new Cookie(nom, URLEncoder.encode(valeur, "UTF-8")); 
    cookie.setMaxAge(maxAge); 
    response.addCookie(cookie); 
}

Źródło

2017-09-21 18:20:10

1

CookieProcessor to nowy element konfiguracji, wprowadzony w Tomcat 8.0.15. Element CookieProcessor umożliwia różne konfiguracje przetwarzania plików cookie w każdej aplikacji internetowej lub globalnie w domyślnym pliku conf/context.xml.

Według oficjalnych docs na Apache Tomcat 8 Configuration Reference Version 8.0.47:

Standardowa realizacja CookieProcessor jest: org.apache.tomcat.util.http.LegacyCookieProcessor. Zauważ, że przewiduje się, że zmieni się to w org.apache.tomcat.util.http.Rfc6265CookieProcessor w przyszłym wydaniu Tomcat 8.

Później ..

Według oficjalnych docs na Apache Tomcat 8 Configuration Reference Version 8.5.23:

Standardowa realizacja CookieProcessor jest org.apache.tomcat.util.http.Rfc6265CookieProcessor.

Aby rozwiązać ten problem: dodaj ten wiersz w konf/context.xml w lokalizacji% CATALINA_HOME% (np. C: \ apache-tomcat-8.5.20 \ conf \ context.xml w moim przypadku):

<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />

Jak to wygląda po dodaniu:

<?xml version="1.0" encoding="UTF-8"?> 

<Context reloadable="true"> 
    <WatchedResource>WEB-INF/web.xml</WatchedResource> 
    <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource> 
    <Transaction factory="bitronix.tm.BitronixUserTransactionObjectFactory"/> 
    <CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />  
</Context>

Źródło

2017-10-12 05:53:58

0

Nie stosować spacje w treści cookie. Wymienia białe znaki jako nieprawidłowe znaki.

Źródło

2017-12-27 13:03:28

+1

Odpowiedz we właściwy sposób, aby inni mogli zrozumieć. –

+0

Jestem nowy w Stack Overflow, więc znam odpowiedź, którą napisałem, ale jak dodać kod, którego nie znam. –

Powiązane problemy

 Powiązane problemy