'SpringMVC Firewall RequestRejectedException
I have developed a Springmvc application and deployed the application in AWS cloud server, the application is running on Tomcat and Apache as the proxy server. Also I have created application loadbalancer URL and registered two under the AWS trusted group and configured Apache loadbalancer configuration.
While testing in the browser, the application is always redirecting to my application error page.
I am getting error message The request was rejected because the URL was not normalized.
My application works well in my desktop but error occurring after deploying in the server.
Spring framework 5.0.4 and Tomcat version 9.x
Please help from which part this error is occurring.
Error Log
SEVERE [http-nio-8880-exec-5] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [dispatcher] in context with path [/BOOKS] threw exception
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not normalized.
at org.springframework.security.web.firewall.StrictHttpFirewall.getFirewalledRequest(StrictHttpFirewall.java:248)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:194)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163)
at org.apache.catalina.core.StandardwrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1723)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runworker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$wrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:750)
INFO (main) org.apache.catalina.core.ApplicationContext.log Destroying Spring FrameworkServlet 'dispatcher'
INFO [main] org.apache.catalina.core.ApplicationContext.log Closing Spring root WebApplicationContext
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<context-param>
<param-name>context ConfigLocation</param-name>
<param-value>/WEB-INF/dispatcher-servlet.xml, /WEB-INF/spring-security.xml</param-value>
</context-param>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>RptDownload</servlet-name>
<servlet-class>com.Books.utils.RptDownload</servlet-class>
</servlet>
<servlet>
<servlet-name>InvView</servlet-name>
<servlet-class>com.Books.utils.InvView</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>InvView</servlet-name>
<url-pattern>/InvView</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>RptDownload</servlet-name>
<url-pattern>/RptDownload</url-pattern>
</servlet-mapping>
<error-page>
<error-code>404</error-code>
<location>/pages/commonerror.jsp</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/pages/commonerror.jsp</location>
</error-page>
<error-page>
<exception-type>java.lang.Exception</exception-type>
<location>/pages/commonerror.jsp</location>
</error-page>
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
<servlet>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>com.Books.filter.CustomHttpSessionListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<listener>
<listener-class>com.Books.web.CleanUpSessionListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
</web-app>
dispatcher-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<mvc: annotation-driven />
<context: annotation-config />
<context:component-scan base-package="com.Books.ui" />
<context:component-scan base-package="com.Books.auth" />
<context:component-scan base-package="com.Books.utils" />
<cache:annotation-driven key-generator="enhancedDefaultKeyGenerator" />
<beans:bean id="enhanced DefaultKeyGenerator" class="com.Books.cache.interceptor.EnhancedDefaultKeyGenerator" />
<beans:bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager" p:cacheManager-ref="ehcache" />
<beans:bean id="ehcache" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" p:configLocation="classpath:ehcache.xml" p:shared="true" />
<beans:bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/pages/" />
<property name="suffix" value=".jsp" />
</beans:bean>
<resources mapping="/resource/** location="/resources/" />
<!-- Database connection -->
<beans:bean id="BooksjdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<property name="dataSource" ref="dataSource" />
</beans:bean>
<beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName">
<value>jdbc/webds</value>
</property>
</beans:bean>
<beans:bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager" scope="singleton">
<property name="dataSource" ref="dataSource" />
</beans:bean>
<tx:annotation-driven transaction-manager="transactionManager" />
<beans:bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="100000000" />
</beans:bean>
<task:executor id="Executor" pool-size="1" />
<task:scheduler id="Scheduler" pool-size="1" />
<task:annotation-driven executor="Executor" scheduler="Scheduler" />
</beans>
Apache Load Balancer Configuration
<Proxy "balancer://mycluster">
BalancerMember "http://192.168.101.xx:80/"
BalancerMember "http://192.168.101.xx:80/"
</Proxy>
ProxyPass "/" "balancer://mycluster"
ProxyPassReverse "/" "balancer://mycluster"
ProxyRequests Off
ProxyPreserveHost off
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|