Illegal character in wildfly with GZIP Encoding 在 Wildfly 中使用 GZIP 编码出现非法字符

huangapple go评论88阅读模式
英文:

Illegal character in wildfly with GZIP Encoding

问题

I have a client that sends a request to a REST webservice using Encoding: gzip. This triggers an exception in Wildfly:

> org.jboss.resteasy.spi.ReaderException: com.fasterxml.jackson.core.JsonParseException: Illegal character ((CTRL-CHAR, code 31)): only regular white space (\r, \n, \t) is allowed between tokens

英文:

I have a client that sends a request to a REST webservice using Encoding: gzip. This triggers an exception in Wildfly:

> org.jboss.resteasy.spi.ReaderException: com.fasterxml.jackson.core.JsonParseException: Illegal character ((CTRL-CHAR, code 31)): only regular white space (\r, \n, \t) is allowed between tokens

答案1

得分: 2

默认情况下,出于安全原因,Wildfly/RESTEasy禁用了GZIP编码/解码:

解压缩存在来自恶意行为者的攻击风险,他们可以打包一个将大幅膨胀的实体。因此,RESTEasy默认禁用了GZIP压缩/解压缩。

您的服务器接收到一个压缩的流并尝试将其解析为JSON字符串。

在Wildfly中启用GZIP处理有几种方法之一是在META-INF/services/javax.ws.rs.ext.Providers中包括编码器/解码器类名并修改deployment-structure.xml文件。

或者您可以将提供程序添加到您的代码中(以下是Kotlin示例):

import org.jboss.resteasy.plugins.interceptors.GZIPDecodingInterceptor
import org.jboss.resteasy.plugins.interceptors.GZIPEncodingInterceptor
import javax.ws.rs.ext.Provider

@Provider class GZIPDecoder : GZIPDecodingInterceptor()
@Provider class GZIPEncoder : GZIPEncodingInterceptor()

并在pom.xml中添加RESTEasy核心依赖项:

<dependency>
  <groupId>org.jboss.resteasy</groupId>
  <artifactId>resteasy-core</artifactId>
  <version>5.0.0.Final</version>
  <scope>provided</scope>
</dependency>

或者您可以创建自己的拦截器,例如(基本实现,仅适用于简单情况):

@Provider
public class GZIPDecoder implements ReaderInterceptor {
  @Override
  public Object aroundReadFrom(ReaderInterceptorContext ctx) throws IOException, WebApplicationException {
    if (ctx.getHeaders().getOrDefault("Content-Encoding", emptyList()).contains("gzip")) {
      GZIPInputStream is = new GZIPInputStream(ctx.getInputStream());
      ctx.setInputStream(is);
    }
    return ctx.proceed();
  }
}
英文:

By default, GZIP encoding/decoding is disabled in Wildfly/RESTEasy for security reasons:

> Decompression carries a risk of attack from a bad actor that can package an entity that will expand greatly. Consequently, RESTEasy disables GZIP compression / decompression by default.

Your server receives a zipped stream and tries to parse it as a JSON string.

There are several ways to enable GZIP handling in Wildfly. One is to include the Encoder/Decoder classnames in a META-INF/services/javax.ws.rs.ext.Providers and amend the deployment-structure.xml file.

Or you can add providers to your code (kotlin example below):

import org.jboss.resteasy.plugins.interceptors.GZIPDecodingInterceptor
import org.jboss.resteasy.plugins.interceptors.GZIPEncodingInterceptor
import javax.ws.rs.ext.Provider

@Provider class GZIPDecoder : GZIPDecodingInterceptor()
@Provider class GZIPEncoder : GZIPEncodingInterceptor()

And add RESTEasy core dependency in pom.xml:

&lt;dependency&gt;
  &lt;groupId&gt;org.jboss.resteasy&lt;/groupId&gt;
  &lt;artifactId&gt;resteasy-core&lt;/artifactId&gt;
  &lt;version&gt;5.0.0.Final&lt;/version&gt;
  &lt;scope&gt;provided&lt;/scope&gt;
&lt;/dependency&gt;

Or you could create your own Interceptors, for example (basic implementation, should only be used in simple cases):

@Provider
public class GZIPDecoder implements ReaderInterceptor {
  @Override
  public Object aroundReadFrom(ReaderInterceptorContext ctx) throws IOException, WebApplicationException {
    if (ctx.getHeaders().getOrDefault(&quot;Content-Encoding&quot;, emptyList()).contains(&quot;gzip&quot;)) {
      GZIPInputStream is = new GZIPInputStream(ctx.getInputStream());
      ctx.setInputStream(is);
    }
    return ctx.proceed();
  }
}

huangapple
  • 本文由 发表于 2023年7月6日 19:34:37
  • 转载请务必保留本文链接:https://go.coder-hub.com/76628403.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定