I have recently upgraded to Spring from Spring 3. Earlier i was able to post and get resources when the url values contained a semicolon. But after upgrade i am getting 500 error. Below is my get request
/rest/logindomains/grouptorolemapping/13/Atl;BasGroup
Does anyone know how to resolve this issue?
Solved the issue by adding the below xml to security-config.xml. This will allow semicolon and percentage character in the url.
<bean id="myHttpFirewall" class="org.springframework.security.web.firewall.StrictHttpFirewall">
<property name="allowSemicolon" value="true"/>
<property name="allowUrlEncodedPercent" value="true"/>
</bean>
<security:http-firewall ref="myHttpFirewall"/>
Java Solution:
@Component
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
{
private static final DebugLog LOG = new DebugLog("WebSecurityConfig", WebSecurityConfig.class);
@Bean
public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
StrictHttpFirewall firewall = new StrictHttpFirewall();
firewall.setAllowUrlEncodedPercent(true);;
firewall.setAllowSemicolon(true);
return firewall;
}
@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
// @formatter:off
web.httpFirewall(allowUrlEncodedSlashHttpFirewall());
}
Spring 5 contains StrictHttpFirewall which is enabled by default. In order to allow using a semicolon in URL, it is required to use setAllowSemicolon(boolean) method.
For enabling semicolon in url u must tune UrlPathHelper. For example:
@Configuration
public class WebConfig implements WebMvcConfigurer {
@Override
public void configurePathMatch(PathMatchConfigurer configurer) {
UrlPathHelper urlPathHelper = new UrlPathHelper();
urlPathHelper.setRemoveSemicolonContent(false);
configurer.setUrlPathHelper(urlPathHelper);
}
}
