ThingWorx平台中“验证HTTP标头时出错”消息的故障排除

• 以下错误消息之一会记录在 ThingWorx应用程序日志或错误日志中：

Error occurred while validating HTTP header: authorization
Error occurred while validating HTTP header: referer
Error occurred while validating HTTP header: cookie
Error occurred while validating HTTP header: subject
Error occurred while validating HTTP header: remote_user
Error occurred while validating HTTP header: uid

• 如何排查 ESAPI 错误
• <tomcat_home>\logs\ thingworx-foundation-stdout日志中报告了过多错误
• <ThingworxStorage>\logs\ApplicationLog.log显示以下内容：

[L: ERROR] [O: E.c.t.s.f.ValidatingHttpRequest] [I: ] [U: <User>] [S: ] [T: https-jsse-nio-443-exec-5] Error occurred while validating HTTP header: subject
WARN  IntrusionDetector:65 - [SECURITY FAILURE Anonymous:null@unknown -> /ExampleApplication/IntrusionDetector] Invalid input: context=HTTP header value: <Invalid Header>, type(HTTPHeaderValue)=^[a-zA-Z0-9()\-=\*\.\?;,+\/:&_ % ¡-'"]*$, input=<Invalid Header Value>
org.owasp.esapi.errors.ValidationException: HTTP header value: remote_user: Invalid input. Please conform to regex ^[a-zA-Z0-9()\-=\*\.\?;,+\/:&_ % ¡-'"]*$ with a maximum length of 2000
                at org.owasp.esapi.reference.validation.StringValidationRule.checkWhitelist(StringValidationRule.java:144)
                at org.owasp.esapi.reference.validation.StringValidationRule.checkWhitelist(StringValidationRule.java:160)
                at org.owasp.esapi.reference.validation.StringValidationRule.getValid(StringValidationRule.java:284)
                at com.thingworx.security.filter.ESAPICustomValidator.getValidInput(ESAPICustomValidator.java:29)
                at com.thingworx.security.filter.ValidatingHttpRequest.getValidInput(ValidatingHttpRequest.java:127)
                at com.thingworx.security.filter.ValidatingHttpRequest.getValidHeaderInput(ValidatingHttpRequest.java:143)
                at com.thingworx.security.filter.ValidatingHttpRequest.getHeader(ValidatingHttpRequest.java:85)
                ...