{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 啃猪蹄的小仙女 的问题《How to handle curly braces in RequestParam in spri》','https://www.manongdao.com/q-886836.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a spring boot application with a GET service.
@RequestMapping(value = "/abc/track/{type}", method = RequestMethod.GET)
public void DummFunc(
@RequestParam(value="subs", required = false) String sub,
, HttpServletResponse response) {}
value for subs is an encoded value.
If I pass following as value to parameter subs
{%22endpoint%22:%22https://def.abc.com/tyu/send/eD3vpGNQW28:APA91bHOo8rYrV0xccdQz3okjZJG-QGrJX8LG6ahJnEUpMNfGedqi3hJxQsJx_8BMbH6oDjaSPPEXqzNWchWrGSkhuTkSdemikkys1U22Ipd7MsRw0owWbw89V2fslIVAJ6G5lkyvYuQ%22,%22expirationTime%22:null,%22keys%22:{%22p256dh%22:%22BK0pktn50CMsTQtqwdPlKlJtdFs0LFeXX14T1zgoz6QWnvSTp5dxtChnUP5P1JX0TsjcopbdPKyN31HfABMUyic%22,%22auth%22:%22qbO_z0vGao9wD-E5g8VU-A%22}}
It fails to capture the request and control does not come inside of the function.
If we instead pass as value to parameter subs:
%7B%22endpoint%22:%22https://def.abc.com/tyu/send/dX5q5eV7hFQ:APA91bHib-0QXrMzjatcvTR_uaIeeJK8lf6GmXUC9Jxv0Oxth-BzD4GmWnd4-YpDZv8qSFZ0eSg9mB2YkRvkc5ezdXW5KeaHjuQZfdyDxyBXjJgE-25Xbtlk37pdm8vfLk20k0k_VxW9%22,%22expirationTime%22:null,%22keys%22:%7B%22p256dh%22:%22BCCvcBLpRqp4u0auP688_MUJLsAiwWlQSn5kpyl8YVsEo_J-KpSdnhCmVIE_BhDXBcFYflPK52hqhYf3EaOCyuY%22,%22auth%22:%22iKuW_ESkCZnubWcQu_JK8w%22%7D%7D
It works fine.
Why is this happening? What's wrong with first encoding?
Since server is not able to handle the request, it returns 400. I need to capture such requests and then handle them by encoding them properly. What can be way forward?
I am new to Spring boot/Spring and Java itself. Would be great if I can get some insight.
Also, I can decode both of them online here without any issues- https://www.urldecoder.org/
Edit: Basically, the request that has issue getting through has { and } instead of %7Band %7D.
My question is instead of application failing with 400 bad request,how do I capture such requests in my app, encode them properly and then process them.
spring-boot is very much concerned about security. Adding double quote / single quotes or either escaping won't work I guess.
Please go through : https://tools.ietf.org/html/rfc1738
I think you should try the manual encoding
{to%7Band}to%7DThis is not related to Java nor the Spring itself but the HTML URL Encoding Reference. URLs can only be sent over the Internet using the ASCII character set.
The unsafe characters are defined in the beginning of RFC-1738 and here is the list:
Aside from those, there are also reserved characters where belong the following ones and are used to distinguish the parameters, the key-value representation, the port etc.
The unsafe characters you have used are
{and}which are equal to%7Band%7D.Essentially, you should not be concerned about the data the client sends you in the way you describe. The server must demand the correct form and URL passed. Although, the browsers and REST clients encode those characters automatically, sending them programmatically might cause errors. The only two available solutions in Spring I am aware of is through registering the
CharacterEncodingFilterbean (already answered) or the Spring-Boot configuration:You need to enable the encoding first and force on HTTP requests and responses.