Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Learn more about Collectives
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Learn more about Teams
Ask Question
I am forwarding on some API requests to a service that has a php backend. Thus I need to be able to accept [ and ] on one of my rest resources. Tomcat has a way to do this for your whole service: server.tomcat.relaxed-query-chars=[,]. For security reasons I only want to allow these on 1 specific api resource instead of on the whole service. Is there a way to accomplish this?
Thanks,
Brian
As you've observed, the Tomcat configuration option applies to the whole server. If you want to do something that's specific to a particular REST resource, you could implement your own
Filter
that checks the characters in the query string for all URLs other than that of the REST resource where you want the check to be more relaxed.
I ended up leaving server.tomcat.relaxed-query-chars=[,]. I then created a RequestBodyAdviceAdapter ControllerAdvice. If it is not my specific resource, I added logic to validate that it will throw
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
for [ and ] still for all other resources.
@ControllerAdvice
MyControllerAdvice extends org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdviceAdapter{
@Override
public Object supports(){
my logic here
@Override
public HttpInputMessage beforeBodyRead(){
my other logic here
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
