久久久久久久视色,久久电影免费精品,中文亚洲欧美乱码在线观看,在线免费播放AV片

<center id="vfaef"><input id="vfaef"><table id="vfaef"></table></input></center>

    <p id="vfaef"><kbd id="vfaef"></kbd></p>

    
    
    <pre id="vfaef"><u id="vfaef"></u></pre>

      <thead id="vfaef"><input id="vfaef"></input></thead>

    1. 站長(zhǎng)資訊網(wǎng)
      最全最豐富的資訊網(wǎng)站

      Tomcat 7 升級(jí)到 Tomcat 8 歷程

      總述

          JDK都要出12了,而我們項(xiàng)目使用的jdk卻仍然還停留在JDK1.6。為了追尋技術(shù)的發(fā)展的腳步,我這邊準(zhǔn)備將項(xiàng)目升級(jí)到JDK1.8。而作為一個(gè)web項(xiàng)目,我們的容器使用的是Tomcat??戳讼耇omcat版本與JDK版本之間的兼容關(guān)系http://tomcat.apache.org/whichversion.html以及網(wǎng)上所傳的各種JDK1.8和Tomcat7不兼容的問題, 我決定將Tomcat升級(jí)到8。我這里本地驗(yàn)證采用的tomcat版本是8.5.38 https://tomcat.apache.org/download-80.cgi。

      問題一:請(qǐng)求js文件報(bào)404錯(cuò)誤

          其實(shí)這個(gè)問題嚴(yán)格來講不是升級(jí)到Tomcat8出現(xiàn)的問題,而是升級(jí)到Tomcat9出現(xiàn)的問題。正好我開始嘗試的是Tomcat9,無法解決這個(gè)問題才降到Tomcat8。所以這里一并記錄下來。

          這個(gè)問題在從Tomcat6升級(jí)到Tomcat7之后也會(huì)存在,原因如下,在項(xiàng)目代碼中對(duì)js的請(qǐng)求路徑中包含了{、}等特殊符號(hào):

      <script type="text/javascript" src="${ctx}/js/common/include_css.js?{'ctx':'${ctx}','easyui':'easyui'}"></script>  

          前臺(tái)會(huì)發(fā)現(xiàn)加載js的時(shí)候報(bào)了404的錯(cuò)誤,后臺(tái)報(bào)錯(cuò)信息如下:

      Invalid character found in the request target.The valid characters are defined in RFC 7230 and RFC3986

          出現(xiàn)這個(gè)問題的原因是因?yàn)門omcat升級(jí)之后對(duì)安全進(jìn)行了升級(jí),其中就有對(duì)請(qǐng)求中的特殊字符進(jìn)行校驗(yàn),具體校驗(yàn)規(guī)則參照下面的代碼:

      (InternalInputBuffer、InternalAprInputBuffer、InternalNioInputBuffer)

      /**   * Read the request line. This function is meant to be used during the   * HTTP request header parsing. Do NOT attempt to read the request body   * using it.   *   * @throws IOException If an exception occurs during the underlying socket   * read operations, or if the given buffer is not big enough to accommodate   * the whole line.   */  @Override  public boolean parseRequestLine(boolean useAvailableDataOnly)        throws IOException {        int start = 0;        //      // Skipping blank lines      //        byte chr = 0;      do {            // Read new bytes if needed          if (pos >= lastValid) {              if (!fill())                  throw new EOFException(sm.getString("iib.eof.error"));          }          // Set the start time once we start reading data (even if it is          // just skipping blank lines)          if (request.getStartTime() < 0) {              request.setStartTime(System.currentTimeMillis());          }          chr = buf[pos++];      } while ((chr == Constants.CR) || (chr == Constants.LF));        pos--;        // Mark the current buffer position      start = pos;        //      // Reading the method name      // Method name is a token      //        boolean space = false;        while (!space) {            // Read new bytes if needed          if (pos >= lastValid) {              if (!fill())                  throw new EOFException(sm.getString("iib.eof.error"));          }            // Spec says method name is a token followed by a single SP but          // also be tolerant of multiple SP and/or HT.          if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) {              space = true;              request.method().setBytes(buf, start, pos - start);          } else if (!HttpParser.isToken(buf[pos])) {              throw new IllegalArgumentException(sm.getString("iib.invalidmethod"));          }            pos++;        }        // Spec says single SP but also be tolerant of multiple SP and/or HT      while (space) {          // Read new bytes if needed          if (pos >= lastValid) {              if (!fill())                  throw new EOFException(sm.getString("iib.eof.error"));          }          if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) {              pos++;          } else {              space = false;          }      }        // Mark the current buffer position      start = pos;      int end = 0;      int questionPos = -1;        //      // Reading the URI      //        boolean eol = false;        while (!space) {            // Read new bytes if needed          if (pos >= lastValid) {              if (!fill())                  throw new EOFException(sm.getString("iib.eof.error"));          }            // Spec says single SP but it also says be tolerant of HT          if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) {              space = true;              end = pos;          } else if ((buf[pos] == Constants.CR)                     || (buf[pos] == Constants.LF)) {              // HTTP/0.9 style request              eol = true;              space = true;              end = pos;          } else if ((buf[pos] == Constants.QUESTION) && (questionPos == -1)) {              questionPos = pos;          } else if (HttpParser.isNotRequestTarget(buf[pos])) {              throw new IllegalArgumentException(sm.getString("iib.invalidRequestTarget"));          }            pos++;        }        request.unparsedURI().setBytes(buf, start, end - start);      if (questionPos >= 0) {          request.queryString().setBytes(buf, questionPos + 1,                                         end - questionPos - 1);          request.requestURI().setBytes(buf, start, questionPos - start);      } else {          request.requestURI().setBytes(buf, start, end - start);      }        // Spec says single SP but also says be tolerant of multiple SP and/or HT      while (space) {          // Read new bytes if needed          if (pos >= lastValid) {              if (!fill())                  throw new EOFException(sm.getString("iib.eof.error"));          }          if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) {              pos++;          } else {              space = false;          }      }        // Mark the current buffer position      start = pos;      end = 0;        //      // Reading the protocol      // Protocol is always "HTTP/" DIGIT "." DIGIT      //      while (!eol) {            // Read new bytes if needed          if (pos >= lastValid) {              if (!fill())                  throw new EOFException(sm.getString("iib.eof.error"));          }            if (buf[pos] == Constants.CR) {              end = pos;          } else if (buf[pos] == Constants.LF) {              if (end == 0)                  end = pos;              eol = true;          } else if (!HttpParser.isHttpProtocol(buf[pos])) {              // 關(guān)鍵點(diǎn)在這一句,如果校驗(yàn)不通過,則會(huì)報(bào)參數(shù)異常              throw new IllegalArgumentException(sm.getString("iib.invalidHttpProtocol"));          }            pos++;        }        if ((end - start) > 0) {          request.protocol().setBytes(buf, start, end - start);      } else {          request.protocol().setString("");      }        return true;    }

      我們進(jìn)一步跟進(jìn)HttpParser中的方法:

      public static boolean isNotRequestTarget(int c) {      // Fast for valid request target characters, slower for some incorrect      // ones      try {          // 關(guān)鍵在于這個(gè)數(shù)組          return IS_NOT_REQUEST_TARGET[c];      } catch (ArrayIndexOutOfBoundsException ex) {          return true;      }  }      // Combination of multiple rules from RFC7230 and RFC 3986. Must be  // ASCII, no controls plus a few additional characters excluded  if (IS_CONTROL[i] || i > 127 ||          i == ' ' || i == '"' || i == '#' || i == '<' || i == '>' || i == '\' ||          i == '^' || i == '`'  || i == '{' || i == '|' || i == '}') {      // 可以看到只有在REQUEST_TARGET_ALLOW數(shù)組中的值才不會(huì)設(shè)置成true,所以我們需要追蹤REQUEST_TARGET_ALLOW數(shù)組的賦值      if (!REQUEST_TARGET_ALLOW[i]) {          IS_NOT_REQUEST_TARGET[i] = true;      }  }    String prop = System.getProperty("tomcat.util.http.parser.HttpParser.requestTargetAllow");  if (prop != null) {      for (int i = 0; i < prop.length(); i++) {          char c = prop.charAt(i);          // 可以看到在配置文件中配置了tomcat.util.http.parser.HttpParser.requestTargetAllow并且包含{、}、|的時(shí)候,REQUEST_TARGET_ALLOW數(shù)組中的值才會(huì)為true          if (c == '{' || c == '}' || c == '|') {              REQUEST_TARGET_ALLOW[c] = true;          } else {              log.warn(sm.getString("httpparser.invalidRequestTargetCharacter",                      Character.valueOf(c)));          }      }  }

          解決辦法: 其實(shí)通過源碼分析不難得到解決辦法

      在Tomcat的catalina.properties文件中添加以下語句:

      tomcat.util.http.parser.HttpParser.requestTargetAllow={}|

      當(dāng)然需要注意的是,這個(gè)后門在Tomcat8.5以后就無法使用的,Tomcat9之后的解決辦法暫時(shí)未找到,可能只有對(duì)URL進(jìn)行編碼了。

      問題二:Cookie設(shè)置報(bào)錯(cuò)

          這個(gè)問題就是在升級(jí)到Tomcat8.5以上的時(shí)候會(huì)出現(xiàn)的,具體原因是Tomcat8.5采用的Cookie處理類是:

      Rfc6265CookieProcessor,而在之前使用的處理類是LegacyCookieProcessor。該處理類對(duì)domai進(jìn)行了校驗(yàn):

      private void validateDomain(String domain) {      int i = 0;      int prev = -1;      int cur = -1;      char[] chars = domain.toCharArray();      while (i < chars.length) {          prev = cur;          cur = chars[i];          if (!domainValid.get(cur)) {              throw new IllegalArgumentException(sm.getString(                      "rfc6265CookieProcessor.invalidDomain", domain));          }          // labels must start with a letter or number          if ((prev == '.' || prev == -1) && (cur == '.' || cur == '-')) {              throw new IllegalArgumentException(sm.getString(                      "rfc6265CookieProcessor.invalidDomain", domain));          }          // labels must end with a letter or number          if (prev == '-' && cur == '.') {              throw new IllegalArgumentException(sm.getString(                      "rfc6265CookieProcessor.invalidDomain", domain));          }          i++;      }      // domain must end with a label      if (cur == '.' || cur == '-') {          throw new IllegalArgumentException(sm.getString(                  "rfc6265CookieProcessor.invalidDomain", domain));      }  }

      新的Cookie規(guī)范對(duì)domain有以下要求

      1、必須是1-9、a-z、A-Z、. 、- (注意是-不是_)這幾個(gè)字符組成
      2、必須是數(shù)字或字母開頭 (所以以前的cookie的設(shè)置為.XX.com 的機(jī)制要改為 XX.com 即可)
      3、必須是數(shù)字或字母結(jié)尾

      原來的代碼設(shè)置domain時(shí)如下:

      cookie.setDomain(".aaa.com");

      這就導(dǎo)致設(shè)置domain的時(shí)候不符合新的規(guī)范,直接報(bào)錯(cuò)如下:

      java.lang.IllegalArgumentException: An invalid domain [.aaa.com] was specified for this cookie          at org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:181)          at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:123)          at org.apache.catalina.connector.Response.generateCookieString(Response.java:989)          at org.apache.catalina.connector.Response.addCookie(Response.java:937)          at org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:386)

          解決辦法(以下3中任意一種皆可)

      1. 修改原來代碼為:

        cookie.setDomain("aaa.com");
      2. 如果是Spring-boot環(huán)境,直接替換默認(rèn)的Cookie處理類:

        @Configuration  @ConditionalOnExpression("${tomcat.useLegacyCookieProcessor:false}")  public class LegacyCookieProcessorConfiguration {      @Bean      EmbeddedServletContainerCustomizer embeddedServletContainerCustomizerLegacyCookieProcessor() {          return new EmbeddedServletContainerCustomizer() {              @Override              public void customize(ConfigurableEmbeddedServletContainer factory) {                  if (factory instanceof TomcatEmbeddedServletContainerFactory) {                      TomcatEmbeddedServletContainerFactory tomcatFactory =                              (TomcatEmbeddedServletContainerFactory) factory;                      tomcatFactory.addContextCustomizers(new TomcatContextCustomizer() {                          @Override                          public void customize(Context context) {                              context.setCookieProcessor(new LegacyCookieProcessor());                          }                      });                  }              }          };      }  }
      3. 在Tomcat的context.xml中增加如下配置,指定Cookie的處理類:

        <CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" /> 

      更多Tomcat相關(guān)教程見以下內(nèi)容

      CentOS 6.6下安裝配置Tomcat環(huán)境  http://www.sfodin.cn/Linux/2015-08/122234.htm
      RedHat Linux 5.5安裝JDK+Tomcat并部署Java項(xiàng)目  http://www.sfodin.cn/Linux/2015-02/113528.htm
      Tomcat權(quán)威指南(第二版)(中英高清PDF版+帶書簽)  http://www.sfodin.cn/Linux/2015-02/113062.htm
      Tomcat 安全配置與性能優(yōu)化 http://www.sfodin.cn/Linux/2015-02/113060.htm
      Linux下使用Xshell查看Tomcat實(shí)時(shí)日志中文亂碼解決方案 http://www.sfodin.cn/Linux/2015-01/112395.htm
      CentOS 64-bit下安裝JDK和Tomcat并設(shè)置Tomcat開機(jī)啟動(dòng)操作步驟 http://www.sfodin.cn/Linux/2015-01/111485.htm
      Ubuntu 16.04下安裝Tomcat 8.5.9  http://www.sfodin.cn/Linux/2017-06/144809.htm
      Tomcat中session的管理機(jī)制  http://www.sfodin.cn/Linux/2016-09/135072.htm

      贊(0)
      分享到: 更多 (0)
      網(wǎng)站地圖   滬ICP備18035694號(hào)-2    滬公網(wǎng)安備31011702889846號(hào)