【bug】CSRF Security Error解决办法

转载 2015年07月10日 11:23:01

在myeclipse上部署项目,遇到如下问题:

错误描述:

org.directwebremoting.dwrp.BaseDwrpHandler - A request has beendenied as a potential CSRF attack.
org.directwebremoting.dwrp.BaseCallHandler - Exception whileprocessing batch
java.lang.SecurityException: CSRF Security Error

  atorg.directwebremoting.dwrp.BaseDwrpHandler.checkNotCsrfAttack(BaseDwrpHandler.java:85)
  atorg.directwebremoting.dwrp.BaseCallHandler.handle(BaseCallHandler.java:76)
  atorg.directwebremoting.servlet.UrlProcessor.handle(UrlProcessor.java:120)
  atorg.directwebremoting.servlet.DwrServlet.doPost(DwrServlet.java:141)
  atjavax.servlet.http.HttpServlet.service(HttpServlet.java:710)
  atjavax.servlet.http.HttpServlet.service(HttpServlet.java:803)
  atorg.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
  atorg.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  atorg.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:99)
  atorg.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
  atorg.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  atorg.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
  atorg.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
  atorg.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
  atorg.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
  atorg.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
  atorg.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
  atorg.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
  atorg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process (Http11Protocol.java:581)
  atorg.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
  at java.lang.Thread.run(Thread.java:619)

 

解决办法:

修改 web.xml 中 DWR 配置信息

原:

<servlet>  
     <servlet-name>dwr-invoker</servlet-name>  
    <servlet-class>org.directwebremoting.spring.DwrSpringServlet</servlet-class>  
    <init-param> 
     <param-name>debug</param-name> 
     <param-value>true</param-value> 
  </init-param>
</servlet>

 

加入跨域调用配置信息(红色部分),修改为:

<servlet>  
     <servlet-name>dwr-invoker</servlet-name>  
     <servlet-class>org.directwebremoting.spring.DwrSpringServlet</servlet-class>  
    <init-param> 
           <param-name>debug</param-name> 
           <param-value>true</param-value> 
     </init-param>
      <init-param>
            <param-name>crossDomainSessionSecurity</param-name>
           <param-value>false</param-value>
     </init-param>
     <init-param>
           <param-name>allowScriptTagRemoting</param-name>
          <param-value>true</param-value>
     </init-param>

</servlet>

相关文章推荐

DWR 弹出 "CSRF Security Error"

打开浏览器,然后输入"localhost",然后删除,然后输入"www.baidu.com".我勒个去的! ---xingyunpi 利用DWR实现无刷新动态提交,结果,配置到远程服务器上竟然出现...

DWR CSRF Security Error(tomcat7中会出现这个错误)

错误描述: org.directwebremoting.dwrp.BaseDwrpHandler - A request has been denied as a potential CSRF ...
  • frinder
  • frinder
  • 2011年11月28日 17:58
  • 3949

CSRF security error

在myeclipse上部署项目,遇到如下问题: 错误描述: org.directwebremoting.dwrp.BaseDwrpHandler - A request has been ...

海康摄像头视频调用出错,Jni Error(app bug): accessed stale local reference解决办法

项目中要在Android手机中调用海康摄像头拍摄的画面,在公司网管配置好了网络地址(不要与其他局域网内地址冲突)和端口,并激活摄像头设备后,通过SADPTool(海康提供的摄像头搜索工具)可以自动检索...

罕见bug解决办法: kienct 1代运行错误Failed to claim camera interface: LIBUSB_ERROR_NOT_FOUND

原链接: http://community.bwbot.org/topic/172安装完kienct 1代驱动后(驱动安装教程),运行freenect-glview测试设备时,如果出现Failed t...

django post出现403的解决办法 据说,从django1.x开始,加入了CSRF保护。

django post出现403的解决办法 据说,从django1.x开始,加入了CSRF保护。 CSRF(Cross-site request forgery跨站请求伪造,也被称成为“one ...
  • WY00703
  • WY00703
  • 2015年04月16日 20:06
  • 742
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:【bug】CSRF Security Error解决办法
举报原因:
原因补充:

(最多只允许输入30个字)