一》》》》》》》》》

运行debug弹出对话框CSRF Security Error

不过换个TOMCAT6.0 就好了！

异常：严重: A request has been denied as a potential CSRF attack.

2010-8-3 20:08:18 org.directwebremoting.dwrp.BaseCallHandler marshallException

警告: Exception while processing batch

java.lang.SecurityException:CSRFSecurityError

at org.directwebremoting.dwrp.BaseDwrpHandler.checkNotCsrfAttack(BaseDwrpHandler.java:85)

at org.directwebremoting.dwrp.BaseCallHandler.handle(BaseCallHandler.java:76)

at org.directwebremoting.servlet.UrlProcessor.handle(UrlProcessor.java:120)

at org.directwebremoting.servlet.DwrServlet.doPost(DwrServlet.java:141)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:201)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:163)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:108)

at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:556)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:402)

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:249)

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:267)

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:245)

at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:260)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)

at java.lang.Thread.run(Thread.java:717)

你没有配置dwr的相关安全设置参数。所以会出现这异常。

解决方法：修改 web.xml中 DWR 配置信息

dwr-invoker

org.directwebremoting.spring.DwrSpringServlet

debug

true

修改为:

dwr-invoker

org.directwebremoting.spring.DwrSpringServlet

debug

true

crossDomainSessionSecurity

false

allowScriptTagRemoting

true

参考资料：http://darkmasky.javaeye.com/blog/464669

二》》》》》》》》》

在JBoss上用的是DWR 2.0, lib里有dwr20.tld, dwr-2.0.1.jar，转到Tomcat 7后，总是在DWR调用处出现session error，无法成功。我初步猜测是不是DWR跟这么新的Tomcat不兼容，所以就升到DWR 3.0(dwr3.0.jar)，结果DWR调用处出现CSRF Security Error，网上一查，才知道是跨域安全验证错误，在DWR文档网站（http://directwebremoting.org/dwr/documentation/server/configuration/servlet/index.html ）上看到是两个参数配置作祟。在web.xml里的DWR servlet配置里加上初始化参数如下

…

dwr-invoker

org.directwebremoting.servlet.DwrServlet

….

crossDomainSessionSecurity

false

allowScriptTagRemoting

true

…

问题解决。

三》》》》》》》》》

在tomcat 7中报出跨域安全异常，是由于tomcat 安全机制所制，可以使用以下配置来解决

web.xml中配置

[html] view plaincopyprint?

1.   

2.     dwr  

3.     org.directwebremoting.servlet.DwrServlet  

4.       

5.         debug  

6.         true  

7.       

8.       

9.         crossDomainSessionSecurity  

10.         false  

11.       

12.       

13.         allowScriptTagRemoting  

14.         true  

15.       

16.   

17.   

18.     dwr  

19.     /dwr/*  

20.   

tomcat7 dwr Session error错误