英文:
Illegal character in wildfly with GZIP Encoding
问题
I have a client that sends a request to a REST webservice using Encoding: gzip. This triggers an exception in Wildfly:
> org.jboss.resteasy.spi.ReaderException: com.fasterxml.jackson.core.JsonParseException: Illegal character ((CTRL-CHAR, code 31)): only regular white space (\r, \n, \t) is allowed between tokens
英文:
I have a client that sends a request to a REST webservice using Encoding: gzip. This triggers an exception in Wildfly:
> org.jboss.resteasy.spi.ReaderException: com.fasterxml.jackson.core.JsonParseException: Illegal character ((CTRL-CHAR, code 31)): only regular white space (\r, \n, \t) is allowed between tokens
答案1
得分: 2
默认情况下,出于安全原因,Wildfly/RESTEasy禁用了GZIP编码/解码:
解压缩存在来自恶意行为者的攻击风险,他们可以打包一个将大幅膨胀的实体。因此,RESTEasy默认禁用了GZIP压缩/解压缩。
您的服务器接收到一个压缩的流并尝试将其解析为JSON字符串。
在Wildfly中启用GZIP处理有几种方法之一是在META-INF/services/javax.ws.rs.ext.Providers中包括编码器/解码器类名并修改deployment-structure.xml文件。
或者您可以将提供程序添加到您的代码中(以下是Kotlin示例):
import org.jboss.resteasy.plugins.interceptors.GZIPDecodingInterceptorimport org.jboss.resteasy.plugins.interceptors.GZIPEncodingInterceptorimport javax.ws.rs.ext.Provider@Provider class GZIPDecoder : GZIPDecodingInterceptor()@Provider class GZIPEncoder : GZIPEncodingInterceptor()
并在pom.xml中添加RESTEasy核心依赖项:
<dependency><groupId>org.jboss.resteasy</groupId><artifactId>resteasy-core</artifactId><version>5.0.0.Final</version><scope>provided</scope></dependency>
或者您可以创建自己的拦截器,例如(基本实现,仅适用于简单情况):
@Providerpublic class GZIPDecoder implements ReaderInterceptor {@Overridepublic Object aroundReadFrom(ReaderInterceptorContext ctx) throws IOException, WebApplicationException {if (ctx.getHeaders().getOrDefault("Content-Encoding", emptyList()).contains("gzip")) {GZIPInputStream is = new GZIPInputStream(ctx.getInputStream());ctx.setInputStream(is);}return ctx.proceed();}}
英文:
By default, GZIP encoding/decoding is disabled in Wildfly/RESTEasy for security reasons:
> Decompression carries a risk of attack from a bad actor that can package an entity that will expand greatly. Consequently, RESTEasy disables GZIP compression / decompression by default.
Your server receives a zipped stream and tries to parse it as a JSON string.
There are several ways to enable GZIP handling in Wildfly. One is to include the Encoder/Decoder classnames in a META-INF/services/javax.ws.rs.ext.Providers and amend the deployment-structure.xml file.
Or you can add providers to your code (kotlin example below):
import org.jboss.resteasy.plugins.interceptors.GZIPDecodingInterceptorimport org.jboss.resteasy.plugins.interceptors.GZIPEncodingInterceptorimport javax.ws.rs.ext.Provider@Provider class GZIPDecoder : GZIPDecodingInterceptor()@Provider class GZIPEncoder : GZIPEncodingInterceptor()
And add RESTEasy core dependency in pom.xml:
<dependency><groupId>org.jboss.resteasy</groupId><artifactId>resteasy-core</artifactId><version>5.0.0.Final</version><scope>provided</scope></dependency>
Or you could create your own Interceptors, for example (basic implementation, should only be used in simple cases):
@Providerpublic class GZIPDecoder implements ReaderInterceptor {@Overridepublic Object aroundReadFrom(ReaderInterceptorContext ctx) throws IOException, WebApplicationException {if (ctx.getHeaders().getOrDefault("Content-Encoding", emptyList()).contains("gzip")) {GZIPInputStream is = new GZIPInputStream(ctx.getInputStream());ctx.setInputStream(is);}return ctx.proceed();}}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论