Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RequestRejectedException #7975

Closed
ga-ram opened this issue Jun 23, 2021 · 3 comments
Closed

RequestRejectedException #7975

ga-ram opened this issue Jun 23, 2021 · 3 comments

Comments

@ga-ram
Copy link
Contributor

ga-ram commented Jun 23, 2021

What version of pinpoint are you using?

master

Describe the bug

RequestRejectedException occurs in certain environment after updating spring security version from 5.3.6 to 5.4.6.
Although it does not occur all the time, temporary workaround to allow all header values in Spring HttpFirewall might be useful.

06-16 18:44:22.022 [nio-9000-exec-3] ERROR o.a.c.c.C.[.[.[.[dispatcherServlet] -- Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.web.socket.server.HandshakeFailureException: Uncaught failure for request http://pinpoint.navercorp.com/agent/activeThread.pinpointws; nested exception is org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the header value "ì<86>¡í<98><9c>ì§<84>" is not allowed.] with root cause
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the header value "ì<86>¡í<98><9c>ì§<84>" is not allowed.
at org.springframework.security.web.firewall.StrictHttpFirewall$StrictFirewalledRequest.validateAllowedHeaderValue(StrictHttpFirewall.java:739) ~[spring-security-web-5.4.6.jar!/:5.4.6]
at org.springframework.security.web.firewall.StrictHttpFirewall$StrictFirewalledRequest.access$000(StrictHttpFirewall.java:605) ~[spring-security-web-5.4.6.jar!/:5.4.6]
at org.springframework.security.web.firewall.StrictHttpFirewall$StrictFirewalledRequest$1.nextElement(StrictHttpFirewall.java:647) ~[spring-security-web-5.4.6.jar!/:5.4.6]
at org.springframework.security.web.firewall.StrictHttpFirewall$StrictFirewalledRequest$1.nextElement(StrictHttpFirewall.java:637) ~[spring-security-web-5.4.6.jar!/:5.4.6]
at org.springframework.security.web.firewall.StrictHttpFirewall$StrictFirewalledRequest$1.nextElement(StrictHttpFirewall.java:646) ~[spring-security-web-5.4.6.jar!/:5.4.6]
at org.springframework.security.web.firewall.StrictHttpFirewall$StrictFirewalledRequest$1.nextElement(StrictHttpFirewall.java:637) ~[spring-security-web-5.4.6.jar!/:5.4.6]
@yjqg6666
Copy link
Contributor

yjqg6666 commented Jun 24, 2021
edited
Loading

org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the header value "ì<86>¡í<98><9c>ì§<84>" is not allowed.

@ga-ram ga-ram linked a pull request Jun 24, 2021 that will close this issue
[#7075] Allow all header values #7976
Closed
@ga-ram
Copy link
Contributor Author

ga-ram commented Jul 2, 2021

This happens when ServerHttpRequest.getHeaders() tries to validate all headers (even the ones I don't use) via spring-projects/spring-security#8644, and it seems like the custom nginx filter puts korean characters into the header value.

Since I found the source of these weird characters, this commit is not needed, thereby closing this issue.

@ga-ram ga-ram closed this as completed Jul 2, 2021
@yjqg6666
Copy link
Contributor

yjqg6666 commented Jul 2, 2021

@ga-ram Thanks for the further info link.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[#7075] Allow all header values ga-ram/pinpoint
2 participants
@yjqg6666 @ga-ram