使独立的 grizzly2 JAX-RS 在 URL?
Making standalone grizzly2 JAX-RS accept an encoded URL in the URL?
我正在尝试将一个可能存在漏洞的库封装在它自己的独立 JVM 中,并使用 REST 调用它。我有一个 Java EE 7 网络应用程序可以执行此操作,但我想要一个独立版本。为此,我使用
创建了一个小型 Maven 项目
mvn archetype:generate -DarchetypeGroupId=org.glassfish.jersey.archetypes \
-DarchetypeArtifactId=jersey-quickstart-grizzly2 -DarchetypeVersion=2.27
这给了我一个带有这个 Main 的小项目。
public class Main {
// Base URI the Grizzly HTTP server will listen on
public static final String BASE_URI = "http://localhost:8080/verapdf/";
/**
* Starts Grizzly HTTP server exposing JAX-RS resources defined in this application.
* @return Grizzly HTTP server.
*/
public static HttpServer startServer() {
// create a resource config that scans for JAX-RS resources and providers
// in dk.kb.dpa.verapdf package
final ResourceConfig rc = new ResourceConfig().packages("dk.kb.dpa.verapdf");
// create and start a new instance of grizzly http server
// exposing the Jersey application at BASE_URI
return GrizzlyHttpServerFactory.createHttpServer(URI.create(BASE_URI), rc);
}
/**
* Main method.
* @param args
* @throws IOException
*/
public static void main(String[] args) throws IOException {
final HttpServer server = startServer();
System.out.println(String.format("Jersey app started with WADL available at "
+ "%sapplication.wadl\nHit enter to stop it...", BASE_URI));
System.in.read();
server.stop();
}
}
我添加了自己的小资源,如下所示:
.
.
.
@Path("validate")
public class JAXRSValidator {
@GET
@Path("{url}")
@Produces(MediaType.APPLICATION_XML)
public String validate(@PathParam("url") String url) throws Exception
.
.
.
目前我可以调用 http://localhost:8080/verapdf/validate/123 并在 url 设置为 123 的方法内命中断点。但是,我想在这里有一个真正的 URL (这将是绝对的,包括斜杠和井号),这会产生错误 500。由于未调用该方法,我怀疑 Web 容器 and/or JAX-RS 不喜欢我在正确位置编码的 URL,就像 Tomcat 看起来那样。
我该如何解决这个问题?另一种方法很好,只要我最终得到一个提供 REST 服务的独立二进制文件即可。
如评论中所述,斜线解码存在问题。您可以显式启用解码斜杠:
public static HttpServer startServer() {
final ResourceConfig rc = new ResourceConfig().packages("dk.kb.dpa.verapdf");
HttpServer httpServer = GrizzlyHttpServerFactory.createHttpServer(URI.create(BASE_URI), rc);
httpServer.getHttpHandler().setAllowEncodedSlash(true);
return httpServer;
}
没有 allowEncodedSlash HTTP 服务器在解码编码斜杠期间抛出并捕获内部异常。默认禁止斜线解码:
java.io.CharConversionException: Encoded slashes are not allowed
at org.glassfish.grizzly.http.util.URLDecoder.decode(URLDecoder.java:251)
at org.glassfish.grizzly.http.util.URLDecoder.decodeAscii(URLDecoder.java:159)
at org.glassfish.grizzly.http.util.URLDecoder.decode(URLDecoder.java:71)
at org.glassfish.grizzly.http.util.HttpRequestURIDecoder.decode(HttpRequestURIDecoder.java:161)
at org.glassfish.grizzly.http.util.RequestURIRef.getDecodedRequestURIBC(RequestURIRef.java:138)
at org.glassfish.grizzly.http.util.RequestURIRef.getDecodedRequestURIBC(RequestURIRef.java:124)
at org.glassfish.grizzly.http.server.HttpHandlerChain.doHandle(HttpHandlerChain.java:203)
at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:242)
at org.glassfish.grizzly.filterchain.ExecutorResolver.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:539)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
at org.glassfish.grizzly.strategies.SameThreadIOStrategy.executeIoEvent(SameThreadIOStrategy.java:103)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.executeIoEvent(AbstractIOStrategy.java:89)
at org.glassfish.grizzly.nio.SelectorRunner.iterateKeyEvents(SelectorRunner.java:427)
at org.glassfish.grizzly.nio.SelectorRunner.iterateKeys(SelectorRunner.java:396)
at org.glassfish.grizzly.nio.SelectorRunner.doSelect(SelectorRunner.java:358)
at org.glassfish.grizzly.nio.SelectorRunner.run(SelectorRunner.java:281)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:593)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:573)
at java.lang.Thread.run(Thread.java:745)
java.io.CharConversionException: Encoded slashes are not allowed
at org.glassfish.grizzly.http.util.URLDecoder.decode(URLDecoder.java:251)
at org.glassfish.grizzly.http.util.URLDecoder.decodeAscii(URLDecoder.java:159)
at org.glassfish.grizzly.http.util.URLDecoder.decode(URLDecoder.java:71)
at org.glassfish.grizzly.http.util.HttpRequestURIDecoder.decode(HttpRequestURIDecoder.java:161)
at org.glassfish.grizzly.http.util.RequestURIRef.getDecodedRequestURIBC(RequestURIRef.java:138)
at org.glassfish.grizzly.http.util.RequestURIRef.getDecodedRequestURIBC(RequestURIRef.java:124)
at org.glassfish.grizzly.http.server.HttpHandlerChain.doHandle(HttpHandlerChain.java:203)
at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:242)
at org.glassfish.grizzly.filterchain.ExecutorResolver.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:539)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
at org.glassfish.grizzly.strategies.SameThreadIOStrategy.executeIoEvent(SameThreadIOStrategy.java:103)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.executeIoEvent(AbstractIOStrategy.java:89)
at org.glassfish.grizzly.nio.SelectorRunner.iterateKeyEvents(SelectorRunner.java:427)
at org.glassfish.grizzly.nio.SelectorRunner.iterateKeys(SelectorRunner.java:396)
at org.glassfish.grizzly.nio.SelectorRunner.doSelect(SelectorRunner.java:358)
at org.glassfish.grizzly.nio.SelectorRunner.run(SelectorRunner.java:281)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:593)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:573)
at java.lang.Thread.run(Thread.java:745)
我正在尝试将一个可能存在漏洞的库封装在它自己的独立 JVM 中,并使用 REST 调用它。我有一个 Java EE 7 网络应用程序可以执行此操作,但我想要一个独立版本。为此,我使用
创建了一个小型 Maven 项目mvn archetype:generate -DarchetypeGroupId=org.glassfish.jersey.archetypes \
-DarchetypeArtifactId=jersey-quickstart-grizzly2 -DarchetypeVersion=2.27
这给了我一个带有这个 Main 的小项目。
public class Main {
// Base URI the Grizzly HTTP server will listen on
public static final String BASE_URI = "http://localhost:8080/verapdf/";
/**
* Starts Grizzly HTTP server exposing JAX-RS resources defined in this application.
* @return Grizzly HTTP server.
*/
public static HttpServer startServer() {
// create a resource config that scans for JAX-RS resources and providers
// in dk.kb.dpa.verapdf package
final ResourceConfig rc = new ResourceConfig().packages("dk.kb.dpa.verapdf");
// create and start a new instance of grizzly http server
// exposing the Jersey application at BASE_URI
return GrizzlyHttpServerFactory.createHttpServer(URI.create(BASE_URI), rc);
}
/**
* Main method.
* @param args
* @throws IOException
*/
public static void main(String[] args) throws IOException {
final HttpServer server = startServer();
System.out.println(String.format("Jersey app started with WADL available at "
+ "%sapplication.wadl\nHit enter to stop it...", BASE_URI));
System.in.read();
server.stop();
}
}
我添加了自己的小资源,如下所示:
.
.
.
@Path("validate")
public class JAXRSValidator {
@GET
@Path("{url}")
@Produces(MediaType.APPLICATION_XML)
public String validate(@PathParam("url") String url) throws Exception
.
.
.
目前我可以调用 http://localhost:8080/verapdf/validate/123 并在 url 设置为 123 的方法内命中断点。但是,我想在这里有一个真正的 URL (这将是绝对的,包括斜杠和井号),这会产生错误 500。由于未调用该方法,我怀疑 Web 容器 and/or JAX-RS 不喜欢我在正确位置编码的 URL,就像 Tomcat 看起来那样。
我该如何解决这个问题?另一种方法很好,只要我最终得到一个提供 REST 服务的独立二进制文件即可。
如评论中所述,斜线解码存在问题。您可以显式启用解码斜杠:
public static HttpServer startServer() {
final ResourceConfig rc = new ResourceConfig().packages("dk.kb.dpa.verapdf");
HttpServer httpServer = GrizzlyHttpServerFactory.createHttpServer(URI.create(BASE_URI), rc);
httpServer.getHttpHandler().setAllowEncodedSlash(true);
return httpServer;
}
没有 allowEncodedSlash HTTP 服务器在解码编码斜杠期间抛出并捕获内部异常。默认禁止斜线解码:
java.io.CharConversionException: Encoded slashes are not allowed
at org.glassfish.grizzly.http.util.URLDecoder.decode(URLDecoder.java:251)
at org.glassfish.grizzly.http.util.URLDecoder.decodeAscii(URLDecoder.java:159)
at org.glassfish.grizzly.http.util.URLDecoder.decode(URLDecoder.java:71)
at org.glassfish.grizzly.http.util.HttpRequestURIDecoder.decode(HttpRequestURIDecoder.java:161)
at org.glassfish.grizzly.http.util.RequestURIRef.getDecodedRequestURIBC(RequestURIRef.java:138)
at org.glassfish.grizzly.http.util.RequestURIRef.getDecodedRequestURIBC(RequestURIRef.java:124)
at org.glassfish.grizzly.http.server.HttpHandlerChain.doHandle(HttpHandlerChain.java:203)
at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:242)
at org.glassfish.grizzly.filterchain.ExecutorResolver.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:539)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
at org.glassfish.grizzly.strategies.SameThreadIOStrategy.executeIoEvent(SameThreadIOStrategy.java:103)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.executeIoEvent(AbstractIOStrategy.java:89)
at org.glassfish.grizzly.nio.SelectorRunner.iterateKeyEvents(SelectorRunner.java:427)
at org.glassfish.grizzly.nio.SelectorRunner.iterateKeys(SelectorRunner.java:396)
at org.glassfish.grizzly.nio.SelectorRunner.doSelect(SelectorRunner.java:358)
at org.glassfish.grizzly.nio.SelectorRunner.run(SelectorRunner.java:281)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:593)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:573)
at java.lang.Thread.run(Thread.java:745)
java.io.CharConversionException: Encoded slashes are not allowed
at org.glassfish.grizzly.http.util.URLDecoder.decode(URLDecoder.java:251)
at org.glassfish.grizzly.http.util.URLDecoder.decodeAscii(URLDecoder.java:159)
at org.glassfish.grizzly.http.util.URLDecoder.decode(URLDecoder.java:71)
at org.glassfish.grizzly.http.util.HttpRequestURIDecoder.decode(HttpRequestURIDecoder.java:161)
at org.glassfish.grizzly.http.util.RequestURIRef.getDecodedRequestURIBC(RequestURIRef.java:138)
at org.glassfish.grizzly.http.util.RequestURIRef.getDecodedRequestURIBC(RequestURIRef.java:124)
at org.glassfish.grizzly.http.server.HttpHandlerChain.doHandle(HttpHandlerChain.java:203)
at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:242)
at org.glassfish.grizzly.filterchain.ExecutorResolver.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:539)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
at org.glassfish.grizzly.strategies.SameThreadIOStrategy.executeIoEvent(SameThreadIOStrategy.java:103)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.executeIoEvent(AbstractIOStrategy.java:89)
at org.glassfish.grizzly.nio.SelectorRunner.iterateKeyEvents(SelectorRunner.java:427)
at org.glassfish.grizzly.nio.SelectorRunner.iterateKeys(SelectorRunner.java:396)
at org.glassfish.grizzly.nio.SelectorRunner.doSelect(SelectorRunner.java:358)
at org.glassfish.grizzly.nio.SelectorRunner.run(SelectorRunner.java:281)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:593)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:573)
at java.lang.Thread.run(Thread.java:745)