0

I have a URL from a third party so no option of removing the nasty characters. For security purposes I have put a dummy company in mybadurl.com and also replaced the account number with AccountNo.

https://mybadurl.com/(Portfolios=['AccountNo'],FromDate=2022-09-20,ToDate=2022-09-20,ClassificationID=-8)?$expand=Portfolio($select=PortfolioCode,ReconciliationStatus),security($select=*)

The ? is causing the bad response below. I need a way of turning this off so that Java HTTP Client will accept my URL. Note I have already encoded with URLEncoder

A potentially dangerous Request.Path value was detected from the client (?).
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

Below is my complete code

import java.net.*;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;

public String getAdventPerformanceData(@RequestBody AdventDataRequest requestMessage) throws IOException, ParseException, InterruptedException {
HttpClient httpClient = HttpClient.newBuilder()
        .version(HttpClient.Version.HTTP_2)
        .proxy(ProxySelector.of(new InetSocketAddress(adventAuthenticator.getProxyURL(),
                adventAuthenticator.getProxyPort())))
        .build();

String query2 = "(Portfolios=['AccountNo'],FromDate=2022-09-20,ToDate=2022-09-20,ClassificationID=-8)?" +
        "$expand=Portfolio($select=PortfolioCode,ReconciliationStatus),security($select=*)";

HttpRequest request = HttpRequest.newBuilder()
        .GET()
        .uri(URI.create("mybadurl.com/Performance" + URLEncoder.encode(query2, StandardCharsets.UTF_8)
                ))
        .header("authorization", "BEARER " + adventAuthenticator.getToken())
        .build();

HttpResponse<String> response = httpClient.send(request, HttpResponse.BodyHandlers.ofString());

return response.body();
}

I have tried using URLEncoder.encode this works for some special characters such as [ but seemingly you still have a problem with ?.

I have researched around and found a few examples of how to fix in ASP but not Java.

I have tried a modified version of the URL without the ? and I am able to get some sort of response without an error so i know the issue is with the ?. Unfortunately though I need to include the ? in the syntax to get the response I need from the third party.

President James K. Polk
  • 40,516
  • 21
  • 95
  • 125
Sankster
  • 13
  • 4
  • Try creating the URI this way: https://stackoverflow.com/a/25735202/460557 instead of what you doing right now – Jorge Campos Dec 07 '22 at 20:22
  • Thanks looking at the site and absorbing the information. Will comment back if this resolves the issue. – Sankster Dec 07 '22 at 20:35
  • Thanks Jorge. This works :) . Please post this as an answer so I can give you the credit. – Sankster Dec 07 '22 at 20:44
  • Better just to mark you question as duplicate as that is already answered. I will add a vote to close it referring that answer! – Jorge Campos Dec 07 '22 at 21:16
  • 1
    Thanks done now. Please note scroll down the question to the answer 112. The answer 1307 that is marked as correct at the top will not work – Sankster Dec 08 '22 at 01:16

0 Answers0