總述

    JDK都要出12了，而我們項目使用的jdk卻仍然還停留在JDK1.6。為了追尋技術的發(fā)展的腳步，我這邊準備將項目升級到JDK1.8。而作為一個web項目，我們的容器使用的是Tomcat?？戳讼耇omcat版本與JDK版本之間的兼容關系http://tomcat.apache.org/whichversion.html以及網上所傳的各種JDK1.8和Tomcat7不兼容的問題， 我決定將Tomcat升級到8。我這里本地驗證采用的tomcat版本是8.5.38 https://tomcat.apache.org/download-80.cgi。

問題一：請求js文件報404錯誤

    其實這個問題嚴格來講不是升級到Tomcat8出現的問題，而是升級到Tomcat9出現的問題。正好我開始嘗試的是Tomcat9，無法解決這個問題才降到Tomcat8。所以這里一并記錄下來。

    這個問題在從Tomcat6升級到Tomcat7之后也會存在，原因如下，在項目代碼中對js的請求路徑中包含了{、}等特殊符號：

<script type="text/javascript" src="${ctx}/js/common/include_css.js?{'ctx':'${ctx}','easyui':'easyui'}"></script>  

    前臺會發(fā)現加載js的時候報了404的錯誤，后臺報錯信息如下：

Invalid character found in the request target.The valid characters are defined in RFC 7230 and RFC3986

    出現這個問題的原因是因為Tomcat升級之后對安全進行了升級，其中就有對請求中的特殊字符進行校驗，具體校驗規(guī)則參照下面的代碼：

(InternalInputBuffer、InternalAprInputBuffer、InternalNioInputBuffer)

/**   * Read the request line. This function is meant to be used during the   * HTTP request header parsing. Do NOT attempt to read the request body   * using it.   *   * @throws IOException If an exception occurs during the underlying socket   * read operations, or if the given buffer is not big enough to accommodate   * the whole line.   */  @Override  public boolean parseRequestLine(boolean useAvailableDataOnly)        throws IOException {        int start = 0;        //      // Skipping blank lines      //        byte chr = 0;      do {            // Read new bytes if needed          if (pos >= lastValid) {              if (!fill())                  throw new EOFException(sm.getString("iib.eof.error"));          }          // Set the start time once we start reading data (even if it is          // just skipping blank lines)          if (request.getStartTime() < 0) {              request.setStartTime(System.currentTimeMillis());          }          chr = buf[pos++];      } while ((chr == Constants.CR) || (chr == Constants.LF));        pos--;        // Mark the current buffer position      start = pos;        //      // Reading the method name      // Method name is a token      //        boolean space = false;        while (!space) {            // Read new bytes if needed          if (pos >= lastValid) {              if (!fill())                  throw new EOFException(sm.getString("iib.eof.error"));          }            // Spec says method name is a token followed by a single SP but          // also be tolerant of multiple SP and/or HT.          if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) {              space = true;              request.method().setBytes(buf, start, pos - start);          } else if (!HttpParser.isToken(buf[pos])) {              throw new IllegalArgumentException(sm.getString("iib.invalidmethod"));          }            pos++;        }        // Spec says single SP but also be tolerant of multiple SP and/or HT      while (space) {          // Read new bytes if needed          if (pos >= lastValid) {              if (!fill())                  throw new EOFException(sm.getString("iib.eof.error"));          }          if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) {              pos++;          } else {              space = false;          }      }        // Mark the current buffer position      start = pos;      int end = 0;      int questionPos = -1;        //      // Reading the URI      //        boolean eol = false;        while (!space) {            // Read new bytes if needed          if (pos >= lastValid) {              if (!fill())                  throw new EOFException(sm.getString("iib.eof.error"));          }            // Spec says single SP but it also says be tolerant of HT          if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) {              space = true;              end = pos;          } else if ((buf[pos] == Constants.CR)                     || (buf[pos] == Constants.LF)) {              // HTTP/0.9 style request              eol = true;              space = true;              end = pos;          } else if ((buf[pos] == Constants.QUESTION) && (questionPos == -1)) {              questionPos = pos;          } else if (HttpParser.isNotRequestTarget(buf[pos])) {              throw new IllegalArgumentException(sm.getString("iib.invalidRequestTarget"));          }            pos++;        }        request.unparsedURI().setBytes(buf, start, end - start);      if (questionPos >= 0) {          request.queryString().setBytes(buf, questionPos + 1,                                         end - questionPos - 1);          request.requestURI().setBytes(buf, start, questionPos - start);      } else {          request.requestURI().setBytes(buf, start, end - start);      }        // Spec says single SP but also says be tolerant of multiple SP and/or HT      while (space) {          // Read new bytes if needed          if (pos >= lastValid) {              if (!fill())                  throw new EOFException(sm.getString("iib.eof.error"));          }          if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) {              pos++;          } else {              space = false;          }      }        // Mark the current buffer position      start = pos;      end = 0;        //      // Reading the protocol      // Protocol is always "HTTP/" DIGIT "." DIGIT      //      while (!eol) {            // Read new bytes if needed          if (pos >= lastValid) {              if (!fill())                  throw new EOFException(sm.getString("iib.eof.error"));          }            if (buf[pos] == Constants.CR) {              end = pos;          } else if (buf[pos] == Constants.LF) {              if (end == 0)                  end = pos;              eol = true;          } else if (!HttpParser.isHttpProtocol(buf[pos])) {              // 關鍵點在這一句，如果校驗不通過，則會報參數異常              throw new IllegalArgumentException(sm.getString("iib.invalidHttpProtocol"));          }            pos++;        }        if ((end - start) > 0) {          request.protocol().setBytes(buf, start, end - start);      } else {          request.protocol().setString("");      }        return true;    }

我們進一步跟進HttpParser中的方法：

public static boolean isNotRequestTarget(int c) {      // Fast for valid request target characters, slower for some incorrect      // ones      try {          // 關鍵在于這個數組          return IS_NOT_REQUEST_TARGET[c];      } catch (ArrayIndexOutOfBoundsException ex) {          return true;      }  }      // Combination of multiple rules from RFC7230 and RFC 3986. Must be  // ASCII, no controls plus a few additional characters excluded  if (IS_CONTROL[i] || i > 127 ||          i == ' ' || i == '"' || i == '#' || i == '<' || i == '>' || i == '\' ||          i == '^' || i == '`'  || i == '{' || i == '|' || i == '}') {      // 可以看到只有在REQUEST_TARGET_ALLOW數組中的值才不會設置成true，所以我們需要追蹤REQUEST_TARGET_ALLOW數組的賦值      if (!REQUEST_TARGET_ALLOW[i]) {          IS_NOT_REQUEST_TARGET[i] = true;      }  }    String prop = System.getProperty("tomcat.util.http.parser.HttpParser.requestTargetAllow");  if (prop != null) {      for (int i = 0; i < prop.length(); i++) {          char c = prop.charAt(i);          // 可以看到在配置文件中配置了tomcat.util.http.parser.HttpParser.requestTargetAllow并且包含{、}、|的時候，REQUEST_TARGET_ALLOW數組中的值才會為true          if (c == '{' || c == '}' || c == '|') {              REQUEST_TARGET_ALLOW[c] = true;          } else {              log.warn(sm.getString("httpparser.invalidRequestTargetCharacter",                      Character.valueOf(c)));          }      }  }

    解決辦法: 其實通過源碼分析不難得到解決辦法

在Tomcat的catalina.properties文件中添加以下語句：

tomcat.util.http.parser.HttpParser.requestTargetAllow={}|

當然需要注意的是，這個后門在Tomcat8.5以后就無法使用的，Tomcat9之后的解決辦法暫時未找到，可能只有對URL進行編碼了。

問題二：Cookie設置報錯

    這個問題就是在升級到Tomcat8.5以上的時候會出現的，具體原因是Tomcat8.5采用的Cookie處理類是：

Rfc6265CookieProcessor,而在之前使用的處理類是LegacyCookieProcessor。該處理類對domai進行了校驗：

private void validateDomain(String domain) {      int i = 0;      int prev = -1;      int cur = -1;      char[] chars = domain.toCharArray();      while (i < chars.length) {          prev = cur;          cur = chars[i];          if (!domainValid.get(cur)) {              throw new IllegalArgumentException(sm.getString(                      "rfc6265CookieProcessor.invalidDomain", domain));          }          // labels must start with a letter or number          if ((prev == '.' || prev == -1) && (cur == '.' || cur == '-')) {              throw new IllegalArgumentException(sm.getString(                      "rfc6265CookieProcessor.invalidDomain", domain));          }          // labels must end with a letter or number          if (prev == '-' && cur == '.') {              throw new IllegalArgumentException(sm.getString(                      "rfc6265CookieProcessor.invalidDomain", domain));          }          i++;      }      // domain must end with a label      if (cur == '.' || cur == '-') {          throw new IllegalArgumentException(sm.getString(                  "rfc6265CookieProcessor.invalidDomain", domain));      }  }

新的Cookie規(guī)范對domain有以下要求

1、必須是1-9、a-z、A-Z、. 、- （注意是-不是_）這幾個字符組成
2、必須是數字或字母開頭 （所以以前的cookie的設置為.XX.com 的機制要改為 XX.com 即可）
3、必須是數字或字母結尾

原來的代碼設置domain時如下：

cookie.setDomain(".aaa.com");

這就導致設置domain的時候不符合新的規(guī)范，直接報錯如下：

java.lang.IllegalArgumentException: An invalid domain [.aaa.com] was specified for this cookie          at org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:181)          at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:123)          at org.apache.catalina.connector.Response.generateCookieString(Response.java:989)          at org.apache.catalina.connector.Response.addCookie(Response.java:937)          at org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:386)

    解決辦法(以下3中任意一種皆可)

1. 修改原來代碼為：

   cookie.setDomain("aaa.com");

2. 如果是Spring-boot環(huán)境，直接替換默認的Cookie處理類：

   @Configuration  @ConditionalOnExpression("${tomcat.useLegacyCookieProcessor:false}")  public class LegacyCookieProcessorConfiguration {      @Bean      EmbeddedServletContainerCustomizer embeddedServletContainerCustomizerLegacyCookieProcessor() {          return new EmbeddedServletContainerCustomizer() {              @Override              public void customize(ConfigurableEmbeddedServletContainer factory) {                  if (factory instanceof TomcatEmbeddedServletContainerFactory) {                      TomcatEmbeddedServletContainerFactory tomcatFactory =                              (TomcatEmbeddedServletContainerFactory) factory;                      tomcatFactory.addContextCustomizers(new TomcatContextCustomizer() {                          @Override                          public void customize(Context context) {                              context.setCookieProcessor(new LegacyCookieProcessor());                          }                      });                  }              }          };      }  }

3. 在Tomcat的context.xml中增加如下配置，指定Cookie的處理類：

   <CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" /> 

更多Tomcat相關教程見以下內容：

CentOS 6.6下安裝配置Tomcat環(huán)境  http://www.sfodin.cn/Linux/2015-08/122234.htm
RedHat Linux 5.5安裝JDK+Tomcat并部署Java項目  http://www.sfodin.cn/Linux/2015-02/113528.htm
Tomcat權威指南(第二版)(中英高清PDF版+帶書簽)  http://www.sfodin.cn/Linux/2015-02/113062.htm
Tomcat 安全配置與性能優(yōu)化 http://www.sfodin.cn/Linux/2015-02/113060.htm
Linux下使用Xshell查看Tomcat實時日志中文亂碼解決方案 http://www.sfodin.cn/Linux/2015-01/112395.htm
CentOS 64-bit下安裝JDK和Tomcat并設置Tomcat開機啟動操作步驟 http://www.sfodin.cn/Linux/2015-01/111485.htm
Ubuntu 16.04下安裝Tomcat 8.5.9  http://www.sfodin.cn/Linux/2017-06/144809.htm
Tomcat中session的管理機制  http://www.sfodin.cn/Linux/2016-09/135072.htm