According to https://tomcat.apache.org/tomcat-8.5-doc/config/systemprops.html, requestTargetAllow is deprecated. For me, the other solutions presented here did not work either. According to the Tomcat documentation I found a way to set the property relaxedQueryChars instead:
@Bean
public ConfigurableServletWebServerFactory webServerFactory() {
TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
factory.addConnectorCustomizers(new TomcatConnectorCustomizer() {
@Override
public void customize(Connector connector) {
connector.setProperty("relaxedQueryChars", "|{}[]");
}
});
return factory;
}