url请求参数值进行urlEncode, 可解决下列异常,当然也能解决参数值含有&, = 或其他特殊符号的问题
情况一:参数中url的参数丢失
package com.xxxxx.controller;
import io.swagger.annotations.Api;
import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping(path = "v1/test")
@Api(value = "测试接口", tags = {"测试接口"})
public class TestController {
@GetMapping("/func")
public void func(@RequestParam("redirectUri") String redirectUri,
@RequestParam("name") String name) {
}
}
想得到业务取值是:
redirectUri=www.xxx.com?code=c1000&type=t1000
name=n1000
浏览器直接请求:
http://192.168.88.63:5090/v1/test/func?redirectUri=www.xxx.com?code=c1000&type=t1000&name=n1000 或
http://192.168.88.63:5090/v1/test/func?name=n1000&redirectUri=www.xxx.com?code=c1000&type=t1000
但是运行后得到是:
redirectUri=www.xxx.com?code=c1000
name=n1000
异常:
redirectUri的type参数丢失, 因为www.xxx.com?的问号后只会默认取第一个参数,&type=t1000的作用域划分到了test/aa1的接口
解决办法:参数值进行urlEncode
http://192.168.88.63:5090/v1/test/func?redirectUri=www.xxx.com%3Fcode%3Dc1000%26type%3Dt1000&name=n1000 或
http://192.168.88.63:5090/v1/test/func?name=n1000&redirectUri=www.xxx.com%3Fcode%3Dc1000%26type%3Dt1000
情况二:参数相同,出现异常
package com.xxxxx.controller;
import io.swagger.annotations.Api;
import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping(path = "v1/test")
@Api(value = "测试接口", tags = {"测试接口"})
public class TestController {
@GetMapping("/func")
public void func(@RequestParam("code") String code,
@RequestParam("redirectUri") String redirectUri) {
}
}
想得到业务取值是:
code=c2000
redirectUri=www.xxx.com?type=t1000&code=c1000
浏览器直接请求:
http://192.168.88.63:5090/v1/test/func?&code=c2000&redirectUri=www.xxx.com?type=t1000&code=c1000
但是运行后得到是:
code=c2000,c1000
redirectUri=www.xxx.com?type=t1000
异常:
两个参数code都在作用于test/aa1的接口,redirectUri参数也异常
解决办法:参数值进行urlEncode
http://192.168.88.63:5090/v1/test/func?&code=c2000&redirectUri=www.xxx.com%3Ftype%3Dt1000%26code%3Dc1000
情况三:恰好结果正常, 可能存在异常风险
package com.xxxxx.controller;
import io.swagger.annotations.Api;
import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping(path = "v1/test")
@Api(value = "测试接口", tags = {"测试接口"})
public class TestController {
@GetMapping("/func")
public void func(@RequestParam("redirectUri") String redirectUri,
@RequestParam("type") String type,
@RequestParam("name") String name) {
}
}
想得到业务取值是:
redirectUri=www.xxx.com?code=c1000
type=t1000
name=n1000
浏览器直接请求:
http://192.168.88.63:5090/v1/test/func?redirectUri=www.xxx.com?code=c1000&type=t1000&name=n1000 或
http://192.168.88.63:5090/v1/test/func?name=n1000&redirectUri=www.xxx.com?code=c1000&type=t1000
但是运行后得到是:
redirectUri=www.xxx.com?code=c1000
type=t1000
name=n1000
恰好结果正常, 可能存在异常风险
情况四、五、六,不一一列举
这些种异常情况,归结起来就是因为请求参数值未进行urlEncode
请求参数值进行urlEncode, 可解决,当然也能解决参数值有特殊符号的问题