tomcat7 dwr Session error错误
发布时间:2015-04-29 16:01:15
发布时间:2015-04-29 16:01:15
一》》》》》》》》》
运行debug弹出对话框CSRF Security Error
不过换个TOMCAT6.0 就好了!
异常:严重: A request has been denied as a potential CSRF attack.
2010-8-3 20:08:18 org.directwebremoting.dwrp.BaseCallHandler marshallException
警告: Exception while processing batch
java.lang.SecurityException:CSRFSecurityError
at org.directwebremoting.dwrp.BaseDwrpHandler.checkNotCsrfAttack(BaseDwrpHandler.java:85)
at org.directwebremoting.dwrp.BaseCallHandler.handle(BaseCallHandler.java:76)
at org.directwebremoting.servlet.UrlProcessor.handle(UrlProcessor.java:120)
at org.directwebremoting.servlet.DwrServlet.doPost(DwrServlet.java:141)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:201)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:163)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:108)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:556)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:402)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:249)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:267)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:245)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:260)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:717)
你没有配置dwr的相关安全设置参数。所以会出现这异常。
解决方法:修改 web.xml中 DWR 配置信息
修改为:
参考资料:http://darkmasky.javaeye.com/blog/464669
二》》》》》》》》》
在JBoss上用的是DWR 2.0, lib里有dwr20.tld, dwr-2.0.1.jar,转到Tomcat 7后,总是在DWR调用处出现session error,无法成功。我初步猜测是不是DWR跟这么新的Tomcat不兼容,所以就升到DWR 3.0(dwr3.0.jar),结果DWR调用处出现CSRF Security Error,网上一查,才知道是跨域安全验证错误,在DWR文档网站(http://directwebremoting.org/dwr/documentation/server/configuration/servlet/index.html )上看到是两个参数配置作祟。在web.xml里的DWR servlet配置里加上初始化参数如下
…
….
…
问题解决。
三》》》》》》》》》
在tomcat 7中报出跨域安全异常,是由于tomcat 安全机制所制,可以使用以下配置来解决
web.xml中配置
[html] view plaincopyprint?
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.