struts2.5加强了安全性,导致某些方法被禁用,我在实例课本重定向的寻找错误(课本版本实在太老了)
web.xml
<filter-name>struts2</filter-name>
<!--注意指定 struts2.5的类和以前比少了.ng -->
<filter-class>org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
index.jsp
<body>
<center>
<s:a action="login">login</s:a><br>
<s:a action="login!redirect.action">redirect</s:a><!-- 动态调用 -->
</center>
</html>
struts.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.5//EN"
"http://struts.apache.org/dtds/struts-2.5.dtd"><!-- 注意版本,不然错误-->
<struts>
<!-- 开启动态调用-->
<constant name="struts.enable.DynamicMethodInvocation" value="true" />
<!-- 开启开发者模式,方便查看问题,不影响 -->
<constant name="struts.devMode" value="true" />
<!-- 添加通配符-->
<constant name="struts.strictMethodInvocation.methodRegex"
value="([A-Za-z0-9_$]*)" />
<!-- 禁用struts2的某些安全设置-->
<package name="default" namespace="/" extends="struts-default"
strict-method-invocation="false">
<!-- 下面不用管 -->
<action name="login" class="com.action.LoginAction">
<action name="login" class="com.action.LoginAction">
<result type="redirectAction">
......
</action>
</package>
</struts>
LoginAction.java
package com.action;
import com.opensymphony.xwork2.ActionSupport;
public class LoginAction extends ActionSupport{
private static final long serialVersionUID=1L;
public String execute() throws Exception{
return SUCCESS;
}
public String redirect() throws Exception{
return ERROR;
}
}