I have a spring boot application with a GET service.
@RequestMapping(value = "/abc/track/{type}", method = RequestMethod.GET)
public void DummFunc(
@RequestParam(value="subs", required = false) String sub,
, HttpServletResponse response) {}
value for subs
is an encoded value.
If I pass following as value to parameter subs
{%22endpoint%22:%22https://def.abc.com/tyu/send/eD3vpGNQW28:APA91bHOo8rYrV0xccdQz3okjZJG-QGrJX8LG6ahJnEUpMNfGedqi3hJxQsJx_8BMbH6oDjaSPPEXqzNWchWrGSkhuTkSdemikkys1U22Ipd7MsRw0owWbw89V2fslIVAJ6G5lkyvYuQ%22,%22expirationTime%22:null,%22keys%22:{%22p256dh%22:%22BK0pktn50CMsTQtqwdPlKlJtdFs0LFeXX14T1zgoz6QWnvSTp5dxtChnUP5P1JX0TsjcopbdPKyN31HfABMUyic%22,%22auth%22:%22qbO_z0vGao9wD-E5g8VU-A%22}}
It fails to capture the request and control does not come inside of the function.
If we instead pass as value to parameter subs:
%7B%22endpoint%22:%22https://def.abc.com/tyu/send/dX5q5eV7hFQ:APA91bHib-0QXrMzjatcvTR_uaIeeJK8lf6GmXUC9Jxv0Oxth-BzD4GmWnd4-YpDZv8qSFZ0eSg9mB2YkRvkc5ezdXW5KeaHjuQZfdyDxyBXjJgE-25Xbtlk37pdm8vfLk20k0k_VxW9%22,%22expirationTime%22:null,%22keys%22:%7B%22p256dh%22:%22BCCvcBLpRqp4u0auP688_MUJLsAiwWlQSn5kpyl8YVsEo_J-KpSdnhCmVIE_BhDXBcFYflPK52hqhYf3EaOCyuY%22,%22auth%22:%22iKuW_ESkCZnubWcQu_JK8w%22%7D%7D
It works fine.
Why is this happening? What's wrong with first encoding?
Since server is not able to handle the request, it returns 400. I need to capture such requests and then handle them by encoding them properly. What can be way forward?
I am new to Spring boot/Spring and Java itself. Would be great if I can get some insight.
Also, I can decode both of them online here without any issues- https://www.urldecoder.org/
Edit: Basically, the request that has issue getting through has {
and }
instead of %7B
and %7D
.
My question is instead of application failing with 400 bad request,how do I capture such requests in my app, encode them properly and then process them.
format (also used by VF apex:outputtext ) uses the Java MessageFormat class. And braces are escaped by enclosing in single quotes, which in apex must also be escaped by backslash.
Different programming languages have various ways to delineate the start and end points of a programming structure, such as a loop, method or conditional statement. For example, Java and C++ are often referred to as curly brace languages because curly braces are used to define the start and end of a code block.
String h = "{hiren:}"; h=h. replaceAll(":\\}", ":\"\"}"); Otherwise, you can use String#replace with no regular expression nor escaping needed. String h = "{hiren:}"; h=h.
After entering the curly brace and the macro menu pops up, press the ESC key and the menu will go away leaving the curly brace there.
spring-boot is very much concerned about security. Adding double quote / single quotes or either escaping won't work I guess.
Please go through : https://www.rfc-editor.org/rfc/rfc1738
I think you should try the manual encoding {
to %7B
and }
to %7D
Unsafe:
Characters can be unsafe for a number of reasons. The space
character is unsafe because significant spaces may disappear and
insignificant spaces may be introduced when URLs are transcribed or
typeset or subjected to the treatment of word-processing programs.
The characters "<" and ">" are unsafe because they are used as the
delimiters around URLs in free text; the quote mark (""") is used to
delimit URLs in some systems. The character "#" is unsafe and should always be encoded because it is used in World Wide Web and in other
systems to delimit a URL from a fragment/anchor identifier that might follow it. The character "%" is unsafe because it is used for
encodings of other characters. Other characters are unsafe because
gateways and other transport agents are known to sometimes modify
such characters. These characters are "{", "}", "|", "", "^", "~",
"[", "]", and "`".All unsafe characters must always be encoded within a URL. For
example, the character "#" must be encoded within URLs even in
systems that do not normally deal with fragment or anchor
identifiers, so that if the URL is copied into another system that
does use them, it will not be necessary to change the URL encoding.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With