0

After upgrading Tomcat version from 7.0 to 8.5, I found if Chinese or Korean characters are included in GET request parameters, tomcat will throw an IllegalArgumentException: Invalid character found in the request target. 

org.apache.coyote.http11.Http11Processor service
INFO: Error parsing HTTP request header
 Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
 at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:479)
 at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:684)
 at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
 at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806)
 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
 at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
 at java.lang.Thread.run(Thread.java:748)

the reason is that tomcat no longer supports characters other than RFC 7230 and RFC 3986. We tried some solutions:

  1. Configure relaxedQueryChars in server.xml according to 
<Service name="Catalina">
  <Connector port="10001" protocol="HTTP/1.1"
    connectionTimeout="20000"
    maxThreads="1024"
    minSpareThreads="64"
    redirectPort="8443"
    URIEncoding="UTF-8"
    useBodyEncodingForURI="true"
    maxHttpHeaderSize="65536"
    maxPostSize="-1"
    maxParameterCount="10000"
    bindOnInit="false"
    relaxedPathChars="[ \ ] ^ ` { | }"
    relaxedQueryChars="[ \ ] ^ ` { | }" />

However, the value may be any combination of the following characters: " < > [ \ ] ^ { | }`, any other characters present in the value will be ignored. That means Chinese/Korean parameters will still get an error.

  1. Modify the client side and encode each parameter when requesting the api.
    It can solve the problem, but it seems not feasible since we cannot modify all the clients, for example, the released APP cannot be modified.

Is there any good general solution? I hope can change some tomcat configuration to make it support Chinese/Korean characters in GET parameters.

Alpha
  • 1
  • 1
  • 2
  • Please update your question with some actual name/value pair(s) that result in the `IllegalArgumentException`, so that others can try to reproduce your problem. On Tomcat 9.0.27 I can reproduce the `IllegalArgumentException` with specific characters such as **`^`** and **`|`** within the value of a request parameter, but Chinese and Korean characters work fine for me. For example, `myparam=여보세요and你好` works fine with no exception being thrown. (Am I misunderstanding your problem?) – skomisa Nov 06 '19 at 02:34
  • Thanks for your reply. Actually both `|` and `myparam=여보세요and你好` not work on my side. The tomcat version I used is 8.5.34, let me try 9.0.27 – Alpha Nov 07 '19 at 03:11
  • [1] OK. I don't expect `|` to work, so just focus on a parameter value of Chinese characters that gives you the `IllegalArgumentException`. If it is failing for you with 8.5.34 then I also expect it to fail with 9.0.27. [2] Maybe there is something to add/change in your configuration that will fix this. Can you update your question with enough information about your failing web application so that others can try to reproduce your problem? [3] You could try using [the Falkon browser](https://www.falkon.org/) since it encodes Chinese characters before submitting them. Does that fix your problem? – skomisa Nov 07 '19 at 03:33

0 Answers0