'+'(加号)未使用字符串 url 使用 RestTemplate 进行编码,但被解释为 ' ' (space)
'+' (plus sign) not encoded with RestTemplate using String url, but interpreted as ' ' (space)
我们正在从 Java 8 移动到 Java 11,因此,从 Spring Boot 1.5.6 移动到 2.1.2。我们注意到,当使用 RestTemplate 时,“+”号不再编码为“%2B”(由 SPR-14828 更改)。这没关系,因为 RFC3986 没有将“+”列为保留字符,但在 Spring 引导端点接收时仍将其解释为“”(space)。
我们有一个搜索查询,它可以将可选的时间戳作为查询参数。查询看起来像 http://example.com/search?beforeTimestamp=2019-01-21T14:56:50%2B00:00。
我们不知道如何在不进行双重编码的情况下发送编码加号。查询参数 2019-01-21T14:56:50+00:00 将被解释为 2019-01-21T14:56:50 00:00。如果我们自己对参数进行编码 (2019-01-21T14:56:50%2B00:00),那么它会被接收并解释为 2019-01-21T14:56:50%252B00:00.
另一个约束是,我们希望在其他地方设置基础 url,在设置 restTemplate 时,而不是在执行查询的地方。
或者,有没有办法强制“+”不被端点解释为“ ”?
我写了一个简短的例子,演示了一些实现更严格编码的方法,并在评论中解释了它们的缺点:
package com.example.clientandserver;
import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.DefaultUriBuilderFactory;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.UriUtils;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
@SpringBootApplication
@RestController
public class ClientAndServerApp implements CommandLineRunner {
public static void main(String[] args) {
SpringApplication.run(ClientAndServerApp.class, args);
}
@Override
public void run(String... args) {
String beforeTimestamp = "2019-01-21T14:56:50+00:00";
// Previously - base url and raw params (encoded automatically).
// This worked in the earlier version of Spring Boot
{
RestTemplate restTemplate = new RestTemplateBuilder()
.rootUri("http://localhost:8080").build();
UriComponentsBuilder b = UriComponentsBuilder.fromPath("/search");
if (beforeTimestamp != null) {
b.queryParam("beforeTimestamp", beforeTimestamp);
}
restTemplate.getForEntity(b.toUriString(), Object.class);
// Received: 2019-01-21T14:56:50 00:00
// Plus sign missing here ^
}
// Option 1 - no base url and encoding the param ourselves.
{
RestTemplate restTemplate = new RestTemplate();
UriComponentsBuilder b = UriComponentsBuilder
.fromHttpUrl("http://localhost:8080/search");
if (beforeTimestamp != null) {
b.queryParam(
"beforeTimestamp",
UriUtils.encode(beforeTimestamp, StandardCharsets.UTF_8)
);
}
restTemplate.getForEntity(
b.build(true).toUri(), Object.class
).getBody();
// Received: 2019-01-21T14:56:50+00:00
}
// Option 2 - with templated base url, query parameter is not optional.
{
RestTemplate restTemplate = new RestTemplateBuilder()
.rootUri("http://localhost:8080")
.uriTemplateHandler(new DefaultUriBuilderFactory())
.build();
Map<String, String> params = new HashMap<>();
params.put("beforeTimestamp", beforeTimestamp);
restTemplate.getForEntity(
"/search?beforeTimestamp={beforeTimestamp}",
Object.class,
params);
// Received: 2019-01-21T14:56:50+00:00
}
}
@GetMapping("/search")
public void search(@RequestParam String beforeTimestamp) {
System.out.println("Received: " + beforeTimestamp);
}
}
我们意识到 URL 可以在编码完成后在拦截器中修改。因此,一种解决方案是使用拦截器,它在查询参数中对加号进行编码。
RestTemplate restTemplate = new RestTemplateBuilder()
.rootUri("http://localhost:8080")
.interceptors(new PlusEncoderInterceptor())
.build();
一个简短的例子:
public class PlusEncoderInterceptor implements ClientHttpRequestInterceptor {
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException {
return execution.execute(new HttpRequestWrapper(request) {
@Override
public URI getURI() {
URI u = super.getURI();
String strictlyEscapedQuery = StringUtils.replace(u.getRawQuery(), "+", "%2B");
return UriComponentsBuilder.fromUri(u)
.replaceQuery(strictlyEscapedQuery)
.build(true).toUri();
}
}, body);
}
}
这里也讨论了这个问题。
Encoding of URI Variables on RestTemplate [SPR-16202]
一个更简单的解决方案是将 URI 构建器上的编码模式设置为 VALUES_ONLY。
DefaultUriBuilderFactory builderFactory = new DefaultUriBuilderFactory();
builderFactory.setEncodingMode(DefaultUriBuilderFactory.EncodingMode.VALUES_ONLY);
RestTemplate restTemplate = new RestTemplateBuilder()
.rootUri("http://localhost:8080")
.uriTemplateHandler(builderFactory)
.build();
这实现了与使用查询参数时使用 PlusEncodingInterceptor 相同的结果。
谢谢https://whosebug.com/users/4466695/gregor-eesmaa,它解决了我的问题。只是想补充一点,如果你可以在调用 RestTemplate 之前格式化 URL,你可以立即修复 URL(而不是在 PlusEncoderInterceptor 中替换它):
UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString("/search");
uriBuilder.queryParam("beforeTimestamp", "2019-01-21T14:56:50+00:00");
URI uriPlus = uriBuilder.encode().build(false).toUri();
// import org.springframework.util.StringUtils;
String strictlyEscapedQuery = StringUtils.replace(uriPlus.getRawQuery(), "+", "%2B");
URI uri = UriComponentsBuilder.fromUri(uriPlus)
.replaceQuery(strictlyEscapedQuery)
.build(true).toUri();
// prints "/search?beforeTimestamp=2019-01-21T14:56:50%2B00:00"
System.out.println(uri);
然后你可以在RestTemplate调用中使用:
RequestEntity<?> requestEntity = RequestEntity.get(uri).build();
ResponseEntity<String> responseEntity = restTemplate.exchange(requestEntity, String.class);
为了解决此类问题,我发现手动构建 URI 更容易。
URI uri = new URI(siteProperties.getBaseUrl()
+ "v3/elements/"
+ URLEncoder.encode("user/" + user + "/type/" + type, UTF_8)
+ "/"
+ URLEncoder.encode(id, UTF_8)
);
restTemplate.exchange(uri, DELETE, new HttpEntity<>(httpHeaders), Void.class);
我们正在从 Java 8 移动到 Java 11,因此,从 Spring Boot 1.5.6 移动到 2.1.2。我们注意到,当使用 RestTemplate 时,“+”号不再编码为“%2B”(由 SPR-14828 更改)。这没关系,因为 RFC3986 没有将“+”列为保留字符,但在 Spring 引导端点接收时仍将其解释为“”(space)。
我们有一个搜索查询,它可以将可选的时间戳作为查询参数。查询看起来像 http://example.com/search?beforeTimestamp=2019-01-21T14:56:50%2B00:00。
我们不知道如何在不进行双重编码的情况下发送编码加号。查询参数 2019-01-21T14:56:50+00:00 将被解释为 2019-01-21T14:56:50 00:00。如果我们自己对参数进行编码 (2019-01-21T14:56:50%2B00:00),那么它会被接收并解释为 2019-01-21T14:56:50%252B00:00.
另一个约束是,我们希望在其他地方设置基础 url,在设置 restTemplate 时,而不是在执行查询的地方。
或者,有没有办法强制“+”不被端点解释为“ ”?
我写了一个简短的例子,演示了一些实现更严格编码的方法,并在评论中解释了它们的缺点:
package com.example.clientandserver;
import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.DefaultUriBuilderFactory;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.UriUtils;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
@SpringBootApplication
@RestController
public class ClientAndServerApp implements CommandLineRunner {
public static void main(String[] args) {
SpringApplication.run(ClientAndServerApp.class, args);
}
@Override
public void run(String... args) {
String beforeTimestamp = "2019-01-21T14:56:50+00:00";
// Previously - base url and raw params (encoded automatically).
// This worked in the earlier version of Spring Boot
{
RestTemplate restTemplate = new RestTemplateBuilder()
.rootUri("http://localhost:8080").build();
UriComponentsBuilder b = UriComponentsBuilder.fromPath("/search");
if (beforeTimestamp != null) {
b.queryParam("beforeTimestamp", beforeTimestamp);
}
restTemplate.getForEntity(b.toUriString(), Object.class);
// Received: 2019-01-21T14:56:50 00:00
// Plus sign missing here ^
}
// Option 1 - no base url and encoding the param ourselves.
{
RestTemplate restTemplate = new RestTemplate();
UriComponentsBuilder b = UriComponentsBuilder
.fromHttpUrl("http://localhost:8080/search");
if (beforeTimestamp != null) {
b.queryParam(
"beforeTimestamp",
UriUtils.encode(beforeTimestamp, StandardCharsets.UTF_8)
);
}
restTemplate.getForEntity(
b.build(true).toUri(), Object.class
).getBody();
// Received: 2019-01-21T14:56:50+00:00
}
// Option 2 - with templated base url, query parameter is not optional.
{
RestTemplate restTemplate = new RestTemplateBuilder()
.rootUri("http://localhost:8080")
.uriTemplateHandler(new DefaultUriBuilderFactory())
.build();
Map<String, String> params = new HashMap<>();
params.put("beforeTimestamp", beforeTimestamp);
restTemplate.getForEntity(
"/search?beforeTimestamp={beforeTimestamp}",
Object.class,
params);
// Received: 2019-01-21T14:56:50+00:00
}
}
@GetMapping("/search")
public void search(@RequestParam String beforeTimestamp) {
System.out.println("Received: " + beforeTimestamp);
}
}
我们意识到 URL 可以在编码完成后在拦截器中修改。因此,一种解决方案是使用拦截器,它在查询参数中对加号进行编码。
RestTemplate restTemplate = new RestTemplateBuilder()
.rootUri("http://localhost:8080")
.interceptors(new PlusEncoderInterceptor())
.build();
一个简短的例子:
public class PlusEncoderInterceptor implements ClientHttpRequestInterceptor {
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException {
return execution.execute(new HttpRequestWrapper(request) {
@Override
public URI getURI() {
URI u = super.getURI();
String strictlyEscapedQuery = StringUtils.replace(u.getRawQuery(), "+", "%2B");
return UriComponentsBuilder.fromUri(u)
.replaceQuery(strictlyEscapedQuery)
.build(true).toUri();
}
}, body);
}
}
这里也讨论了这个问题。
Encoding of URI Variables on RestTemplate [SPR-16202]
一个更简单的解决方案是将 URI 构建器上的编码模式设置为 VALUES_ONLY。
DefaultUriBuilderFactory builderFactory = new DefaultUriBuilderFactory();
builderFactory.setEncodingMode(DefaultUriBuilderFactory.EncodingMode.VALUES_ONLY);
RestTemplate restTemplate = new RestTemplateBuilder()
.rootUri("http://localhost:8080")
.uriTemplateHandler(builderFactory)
.build();
这实现了与使用查询参数时使用 PlusEncodingInterceptor 相同的结果。
谢谢https://whosebug.com/users/4466695/gregor-eesmaa,它解决了我的问题。只是想补充一点,如果你可以在调用 RestTemplate 之前格式化 URL,你可以立即修复 URL(而不是在 PlusEncoderInterceptor 中替换它):
UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString("/search");
uriBuilder.queryParam("beforeTimestamp", "2019-01-21T14:56:50+00:00");
URI uriPlus = uriBuilder.encode().build(false).toUri();
// import org.springframework.util.StringUtils;
String strictlyEscapedQuery = StringUtils.replace(uriPlus.getRawQuery(), "+", "%2B");
URI uri = UriComponentsBuilder.fromUri(uriPlus)
.replaceQuery(strictlyEscapedQuery)
.build(true).toUri();
// prints "/search?beforeTimestamp=2019-01-21T14:56:50%2B00:00"
System.out.println(uri);
然后你可以在RestTemplate调用中使用:
RequestEntity<?> requestEntity = RequestEntity.get(uri).build();
ResponseEntity<String> responseEntity = restTemplate.exchange(requestEntity, String.class);
为了解决此类问题,我发现手动构建 URI 更容易。
URI uri = new URI(siteProperties.getBaseUrl()
+ "v3/elements/"
+ URLEncoder.encode("user/" + user + "/type/" + type, UTF_8)
+ "/"
+ URLEncoder.encode(id, UTF_8)
);
restTemplate.exchange(uri, DELETE, new HttpEntity<>(httpHeaders), Void.class);