CSRF Security Error解决办法
在myeclipse上部署项目,遇到如下问题:
错误描述:
org.directwebremoting.dwrp.BaseDwrpHandler - A request has been denied as a potential CSRF attack.
org.directwebremoting.dwrp.BaseCallHandler - Exception while processing batch
java.lang.SecurityException: CSRF Security Error
? at org.directwebremoting.dwrp.BaseDwrpHandler.checkNotCsrfAttack(BaseDwrpHandler.java:85)
? at org.directwebremoting.dwrp.BaseCallHandler.handle(BaseCallHandler.java:76)
? at org.directwebremoting.servlet.UrlProcessor.handle(UrlProcessor.java:120)
? at org.directwebremoting.servlet.DwrServlet.doPost(DwrServlet.java:141)
? at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
? at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
? at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
? at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
? at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:99)
? at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
? at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
? at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
? at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
? at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
? at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
? at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
? at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
? at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
? at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process? (Http11Protocol.java:581)
? at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
? at java.lang.Thread.run(Thread.java:619)
?
解决办法:
修改 web.xml 中 DWR?配置信息
原:
<servlet>??
????? <servlet-name>dwr-invoker</servlet-name>??
??? ?<servlet-class>org.directwebremoting.spring.DwrSpringServlet</servlet-class>??
??? ?<init-param>?
???? ?<param-name>debug</param-name>?
??? ??<param-value>true</param-value>?
??</init-param>
</servlet>
?
加入跨域调用配置信息(红色部分),修改为:
<servlet>??
????? <servlet-name>dwr-invoker</servlet-name>??
??? ??<servlet-class>org.directwebremoting.spring.DwrSpringServlet</servlet-class>??
??? ? <init-param>?
???? ??????? <param-name>debug</param-name>?
??? ???????? <param-value>true</param-value>?
????? </init-param>
??????<init-param>
??????????? ?<param-name>crossDomainSessionSecurity</param-name>
???????? ??? <param-value>false</param-value>
???? ?</init-param>
???? ?<init-param>
??????????? <param-name>allowScriptTagRemoting</param-name>
???????? ?? <param-value>true</param-value>
???? ?</init-param>
</servlet>