tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Eggers <its_toas...@yahoo.com.INVALID>
Subject Re: java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
Date Mon, 13 Mar 2017 15:57:30 GMT
First of all, sorry for the wrapping. Hint - turn on message wrapping
when writing to the mailing list.

Anyway, responses are at the end.

On 3/13/2017 8:23 AM, Chandrashekar H.S wrote:
> Hi All,
> We have recently upgraded tomcat from 8.0.30 to 8.5.11.
> 
> The tomcat 8.5.11 rejects the requested URI with below error.
> Requested URI: /poc-root/resource-lists/users/tel:+918197119913/index/~~/resource-lists/list[@name="oma_pocbuddylist"]/entry[@uri="tel:+919742700996"]
> 
> Mar 13, 2017 5:05:20 PM org.apache.coyote.http11.Http11Processor service
> INFO: Error parsing HTTP request header
> Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
> java.lang.IllegalArgumentException: Invalid character found in the request target. The
valid characters are defined in RFC 7230 and RFC 3986
>    at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:471)
>     at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:667)
>     at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
>     at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)
>     at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1434)
>     at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>     at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>     at java.lang.Thread.run(Thread.java:745)
> 
> The server accepts the request if the DQUOTE(") is replaced with text %22 as mentioned
below
> /poc-root/resource-lists/users/tel:+918197119913/index/~~/resource-lists/list[@name=%22oma_pocbuddylist%22]/entry[@uri=%22tel:+
919742700996%22]
> 
> Please help me to fix this at the server side, since the client or URI requester is already
in production/field.
> 
> Regards,
> Chandra
> 
> 

There are two ways to this issue.

1. Front your Apache Tomcat with Apache HTTPD and mod_jk

This is the least invasive to your code. However, it depends on Apache
HTTPD being lenient with RFC 7230 and RFC 3986. How ling that lasts is
up to that project.

a. Read the docs on how to configure Apache HTTPD / Tomcat / mod_jk

https://tomcat.apache.org/connectors-doc/
https://tomcat.apache.org/connectors-doc/webserver_howto/apache.html

b. Use the excellent uriworkers.properties file found in the source at:

[distribution-root]/conf

where [distribution-root] is tomcat-connectors-1.2.42-src as I write this.

c. Note the defaults with respect to encoding

From the second link above:

Using JkOptions ForwardURIProxy, the forwarded URI will be partially
reencoded after processing inside Apache and before forwarding to
Tomcat. This will be compatible with local URL manipulation by
mod_rewrite and with URL encoded session ids.

JkOptions     +ForwardURIProxy

This is the default as of version 1.2.24.

This may solve your problem. It solved ours, but our issue is with a
request parameter, not the entire URI.

Note that this is not a fix - and may NOT work for your use case.

2. Fix the code

If you are sending this GET via AJAX and javascript, there is a very
simple solution - encode the URI.

For an entire URL, the following function call is all you need:

var encoded_uri = encodeURI("unencoded uri);

Then use the encoded_uri value to make the request.

As I said above, our issue is with a request parameter, so the
developers will use the following:

var encoded_param = encodeURIComponent("unencoded request paramenter");

Then use the encoded_param value to make the request.

3. If you're not using AJAX / javascript

Then you have a lot of work to do, especially if method 1 above does not
solve your problem.

. . . just my two cents.
/mde/


Mime
View raw message