Opened 5 years ago

Closed 5 years ago

#2179 closed defect (fixed)

HTTP Status 400 - Bad request when logging in

Reported by: Nicklas Nordborg Owned by: everyone
Priority: major Milestone: BASE 3.15.1
Component: web Version:
Keywords: Cc:

Description

I got the following error message one day when trying to log in:

HTTP Status 400 – Bad Request

java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
	org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:467)
	org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:294)
...

Investigations showed that the user lacked permission to use the web client which caused BASE to generate an URL with an error message that contained the string &error=Permission+denied:+Not+allowed+to+use+Client[externalId=net.sf.basedb.clients.web]

The problems seems to be that [ and ] must be encoded. I guess that the reason that we have not seen this before is that newer versions of Tomcat are more picky about this.

Change History (4)

comment:1 by Nicklas Nordborg, 5 years ago

Resolution: fixed
Status: newclosed

In 7710:

Fixes #2179: HTTP Status 400 - Bad request when logging in

Fixed in the HTML.urlEncode() function which only encoded a few specific characters. We now forward the encoding to the built-in java.net.URLEncoder implementation.

Also fixed a incorrect calls to HTML.encodeTags() in the login code.

comment:2 by Nicklas Nordborg, 5 years ago

In 7720:

References #2179: HTTP Status 400 - Bad request when logging in

The original fix used URLEncoder.encode(String, Charset) which didn't appear until Java 10, so we have to revert to URLEncoder.encode(String, String) to be compatible with Java 8.

comment:3 by Nicklas Nordborg, 5 years ago

Resolution: fixed
Status: closedreopened

A side-effect of the fix is that I now get an error when trying to download a file from BASE:

HTTP Status 400 – Bad Request

Type Status Report

Message Invalid URI: noSlash

Description The server cannot or will not process the request due to
something that is perceived to be a client error (e.g., malformed 
request syntax, invalid request message framing, or deceptive request 
routing).

comment:4 by Nicklas Nordborg, 5 years ago

Resolution: fixed
Status: reopenedclosed

In 7723:

Fixes #2179: HTTP Status 400 - Bad request when logging in

Should be fixed now. There was an existing method that was already used when using the "view file" function. For some reason the "download file" function was not using the same.

Note: See TracTickets for help on using tickets.