struts 2.5 动态方法调用

在struts2.5版本中使用DMI遇到问题

回答一

 

用struts2.5版本,试了很久,一直报This method: add for action user1 is not allowed!
url:http://localhost:8888/struts2_0200_namespace/user/user1!add.action

struts.xml

  <?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
    "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
    "http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
    <constant name="struts.devMode" value="true" />
    <constant name="struts.enable.DynamicMethodInvocation" value="true"></constant>
    <package name="user" extends="struts-default" namespace="/user">

        <action name="userAdd" class="struts2_0200_namespace.IndexAction" method="add">
            <result>/hello.jsp</result>
        </action>

        <action name="user1" class="struts2_0200_namespace.IndexAction">
            <result>/hello.jsp</result>

        </action>
    </package>
</struts>

IndexAction.java

 package struts2_0200_namespace;
import com.opensymphony.xwork2.ActionSupport;

public class IndexAction extends ActionSupport {


      public String add(){

          return "success";
      }


}   

hello.jsp

<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>  

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">  
<html>  
  <head>        
    <title>My JSP 'hello.jsp' starting page</title>       
    <meta http-equiv="pragma" content="no-cache">  
    <meta http-equiv="cache-control" content="no-cache">  
    <meta http-equiv="expires" content="0">      
    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">  
    <meta http-equiv="description" content="This is my page">  
  </head>  

  <body>  
    hello <br>  

  </body>  
</html> 

错误信息

Struts Problem Report

Struts has detected an unhandled exception:

Messages: •This method: add for action user1 is not allowed!

Stacktraces

This method: add for action user1 is not allowed! - [unknown location]
com.opensymphony.xwork2.DefaultActionProxy.prepare(DefaultActionProxy.java:200)
org.apache.struts2.factory.StrutsActionProxy.prepare(StrutsActionProxy.java:63)
org.apache.struts2.factory.StrutsActionProxyFactory.createActionProxy(StrutsActionProxyFactory.java:37)
com.opensymphony.xwork2.DefaultActionProxyFactory.createActionProxy(DefaultActionProxyFactory.java:58)
org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:546)
org.apache.struts2.dispatcher.ExecuteOperations.executeAction(ExecuteOperations.java:81)
org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:113)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:617)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1527)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1484)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:745)

You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra debugging behaviors and reports to assist developers. To disable this mode, set:
struts.devMode=false

in your WEB-INF/classes/struts.properties file.

回答二

 

这是因为 struts2.5 为了提升安全性,添加了 allomethod 这么个玩意。

解决方法是在配置文件中添加:


   <package name="exam" extends="json-default">

        <global-allowed-methods>regex:.*</global-allowed-methods>

    <action name="user" class="userAction">
            ...
    </action>

    </package>

或者,针对action,在 action 块中添加

<allowed-methods>regex:.*</allowed-methods>

同样也支持在你的 action 上使用 @AllowedMethods 注解
默认的设置为

<global-allowed-methods>execute,input,back,cancel,browse,save,delete,list,index</global-allowed-methods>

全局设置是增量而不是覆盖的,支持正则和直接匹配方法,
源码在这两段

// com.opensymphony.xwork2.DefaultActionProxy#prepare
// com.opensymphony.xwork2.config.entities.ActionConfig#isAllowedMethod

老项目因为爆出漏洞然后我找了一下午这个问题,最终打开研发模式,并搜索官网文档解决。
struts 真是个坑啊。

 

展开阅读全文

没有更多推荐了,返回首页