关闭

DWR CSRF Security Error

标签: csrfsecuritydwrservletprocessingexception
251人阅读 评论(0) 收藏 举报
分类:

错误描述:

org.directwebremoting.dwrp.BaseDwrpHandler - A request has been denied as a potential CSRF attack.
org.directwebremoting.dwrp.BaseCallHandler - Exception while processing batch
java.lang.SecurityException: CSRF Security Error

  at org.directwebremoting.dwrp.BaseDwrpHandler.checkNotCsrfAttack(BaseDwrpHandler.java:85)
  at org.directwebremoting.dwrp.BaseCallHandler.handle(BaseCallHandler.java:76)
  at org.directwebremoting.servlet.UrlProcessor.handle(UrlProcessor.java:120)
  at org.directwebremoting.servlet.DwrServlet.doPost(DwrServlet.java:141)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:99)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
  at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
  at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process  (Http11Protocol.java:581)
  at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
  at java.lang.Thread.run(Thread.java:619)

 

解决办法:

修改 web.xml 中 DWR 配置信息

原:

<servlet> 
      <servlet-name>dwr-invoker</servlet-name> 
     <servlet-class>org.directwebremoting.spring.DwrSpringServlet</servlet-class> 
     <init-param>
      <param-name>debug</param-name>
      <param-value>true</param-value>
  </init-param>
</servlet>

 

加入跨域调用配置信息(红色部分),修改为:

<servlet> 
      <servlet-name>dwr-invoker</servlet-name> 
      <servlet-class>org.directwebremoting.spring.DwrSpringServlet</servlet-class> 
      <init-param>
             <param-name>debug</param-name>
             <param-value>true</param-value>
      </init-param>
      <init-param>
             <param-name>crossDomainSessionSecurity</param-name>
             <param-value>false</param-value>
      </init-param>
      <init-param>
            <param-name>allowScriptTagRemoting</param-name>
            <param-value>true</param-value>
      </init-param>

</servlet>

0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:3668次
    • 积分:51
    • 等级:
    • 排名:千里之外
    • 原创:1篇
    • 转载:8篇
    • 译文:0篇
    • 评论:0条
    文章分类
    文章存档