<rt id="bn8ez"></rt>
<label id="bn8ez"></label>
  • 

    • <span id="bn8ez"></span>
    

    <label id="bn8ez"><meter id="bn8ez"></meter></label>
    

    
    

    




    







												


        


    

    
	
	



	

    

    


    
	
		
    
			


    
posts - 167, 
comments - 30, 
trackbacks - 0


    
	

    

    
	
					


    
	
	
    struts2出現(xiàn)的漏洞以及影響:
    http://www.iteye.com/news/28053#comments

    http://baike.baidu.com/link?url=6-45Efjxfsz2J74shu4sfd9G4ASrYig3ovFgBZASXbYGhGXeB368Glur39lakBEmntTDl_EIHro78o0tcyoCcK

    項(xiàng)目中的struts版本是struts2.0.11,要求升級(jí)到目前最新的版本struts2.3.15.2。
    工程修改內(nèi)容:
        新增的jar包:
            struts2-core-2.3.15.2.jar
            struts2-spring-plugin-2.3.15.2.jar
            struts2-json-plugin-2.3.15.2.jar
            xwork-core-2.3.15.2.jar
            ognl-3.0.6.jar
            javassist-3.11.0.GA
            commons-lang3-3.1.jar
        配置文件修改:
            web.xml
            struts.xml
        Java文件修改:
        ExceptionLogger.java

    工程中需刪除的jar包:
    struts-core-2.0.11.jar
    struts-spring-plugin-2.0.11.jar
    xwork-2.0.4.jar
    jsonplugin-0[1].32.jar

    升級(jí)過(guò)程中遇到的問(wèn)題及其解決辦法:
    1. - Cannot reduce the visibility of the inherited method from ExceptionMappingInterceptor
     【將ExceptionLogger類(lèi),由于繼承了ExceptionMappingInterceptor并且重寫(xiě)了findResultFromExceptions(List exceptionMappings, Throwable t) 方法, 父類(lèi)該方法的作用域是protected,所以子類(lèi)必須將原來(lái)的private修改為protected或者public】
    2.java.lang.NullPointerException
        edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:409)
        com.ccms.base.filter.EncodingFilter.doFilter(EncodingFilter.java:53)
     【
        web.xml中將struts2 prepare filter放到cas filter前面,將struts executer filter放到cas filter后面
        這樣配置之后,啟動(dòng)服務(wù)器后重新訪(fǎng)問(wèn)bcec url,形如:http://localhost:8080/bcec/zoneAction!initZone.action?function=zone 不會(huì)出現(xiàn)自動(dòng)不轉(zhuǎn)向到cas然后登陸的情況。
        因?yàn)镃asFilter.java過(guò)濾器中獲取了ActionContext對(duì)象,但是此時(shí)如果先走這個(gè)filter的話(huà)Struts還沒(méi)有初始化,所有ActionContext對(duì)象為null。
        
    <filter>
            <filter-name>struts-prepare</filter-name>
            <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter</filter-class>
        </filter>
         <filter-mapping>
            <filter-name>struts-prepare</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>

        <filter>
          <filter-name>CASFilter</filter-name>
          <filter-class>
            edu.yale.its.tp.cas.client.filter.CASFilter
          </filter-class>
           
        </filter>
         <filter-mapping>
          <filter-name>CASFilter</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>
        
        <filter>
            <filter-name>struts-execute</filter-name>
            <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>struts-execute</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
       
    3. Caused by java.lang.ClassNotFoundException javassist.ClassPool
      【新增javassist-3.11.0.GA.jar】
    4. java.lang.NoSuchMethodError: ognl.SimpleNode.isEvalChain(Lognl/OgnlContext;)
      【OGNL包不兼容,刪除原來(lái)的ognl-2.6.11.jar,新增ognl-3.0.6.jar】
    5. HTTP Status 404 - There is no Action mapped for namespace [/] and action name [loginAction!login] associated with context path [/bcec].
      【<constant name="struts.enable.DynamicMethodInvocation" value="true"/> 增加該項(xiàng)表示開(kāi)啟動(dòng)態(tài)方法調(diào)用(形如:XXAction!xxx.action)。struts2.3.15.2版本中默認(rèn)為false(不支持動(dòng)態(tài)方法調(diào)用),而struts2.0.11中默認(rèn)值是true(支持動(dòng)態(tài)方法調(diào)用)】     
       這個(gè)耗費(fèi)了多些時(shí)間,跟蹤了下源碼.
    6.java.lang.ClassNotFoundException: com.opensymphony.xwork2.util.TextUtils
      【新增struts2-json-plugin-2.3.15.2.jar,刪除jsonplugin-0.3x.jar包】
    7.Caused by: No object in the CompoundRoot has a publicly accessible property named 'datetime' (no setter could be found). - [unknown location]
      【<constant name="struts.devMode" value="false" /> 將value修改為false或者將該條配置去掉。】  
    8. [2013-10-15 18:11:48] [WARN ] Error setting expression 'struts.token.name' with value '[Ljava.lang.String;@14057e5' - at com.opensymphony.xwork2.util.logging.commons.CommonsLogger.warn(CommonsLogger.java:64) 
    ognl.OgnlException: source is null for getProperty(null, "token")
    【struts.xml中修改params參數(shù)攔截器配置如下:
    <interceptor-ref name="params">
    					<param name="excludeParams">
    						dojo\..*,.*\\u0023.*,struts.token,struts.token.name
    					</param>
    </interceptor-ref>
    9. [2013-10-16 10:38:19] [WARN ] Could not find token name in params. - at com.opensymphony.xwork2.util.logging.commons.CommonsLogger.warn(CommonsLogger.java:56) 
    【struts.xml中修改token攔截器中增加對(duì)防止重復(fù)提交方法的攔截配置:
    <interceptor-ref name="token">
    					<param name="includeParams">
                                                      allocate,create
    					</param>
    </interceptor-ref>

    10. 當(dāng)rest接口發(fā)送請(qǐng)求參數(shù)格式形如:hostId.1、hostId.2....
    后臺(tái)會(huì)遇到ognl解析錯(cuò)誤,警告級(jí)錯(cuò)誤如下,很眼暈啊 ~~.
    \--------------------------------------/
    [2013-10-25 10:32:47] [WARN ] Error setting expression 'instanceId.6' with value '[Ljava.lang.String;@7a151289' - at com.opensymphony.xwork2.util.logging.commons.CommonsLogger.warn(CommonsLogger.java:64) 
    ognl.ExpressionSyntaxException: Malformed OGNL expression: instanceId.6 [ognl.ParseException: Encountered " <FLT_LITERAL> ".6 "" at line 1, column 11.
    Was expecting one of:
        <EOF> 
        "," ...
        "=" ...
        "?" ...
        "||" ...
        "or" ...
        "&&" ...
        "and" ...
        "|" ...
        "bor" ...
        "^" ...
        "xor" ...
        "&" ...
        "band" ...
        "==" ...
        "eq" ...
        "!=" ...
        "neq" ...
        "<" ...
        "lt" ...
        ">" ...
        "gt" ...
        "<=" ...
        "lte" ...
        ">=" ...
        "gte" ...
        "in" ...
        "not" ...
        "<<" ...
        "shl" ...
        ">>" ...
        "shr" ...
        ">>>" ...
        "ushr" ...
        "+" ...
        "-" ...
        "*" ...
        "/" ...
        "%" ...
        "instanceof" ...
        "." ...
        "(" ...
        "[" ...
        <DYNAMIC_SUBSCRIPT> ...
        "(" ...
        ]
    at ognl.Ognl.parseExpression(Ognl.java:112)
    at com.opensymphony.xwork2.ognl.OgnlUtil.compile(OgnlUtil.java:268)
    at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:230)
    at com.opensymphony.xwork2.ognl.OgnlValueStack.trySetValue(OgnlValueStack.java:183)
    at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:170)
    at com.opensymphony.xwork2.ognl.OgnlValueStack.setParameter(OgnlValueStack.java:148)
    at com.opensymphony.xwork2.interceptor.ParametersInterceptor.setParameters(ParametersInterceptor.java:318)
    at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:231)
    at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:239)
    at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:191)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:73)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:91)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:141)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
    at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:161)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:193)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:189)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.ccms.systemlog.action.InterfaceInterceptor.intercept(InterfaceInterceptor.java:81)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
    at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:563)
    at org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:77)
    at org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter.doFilter(StrutsExecuteFilter.java:93)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:351)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter.doFilter(StrutsPrepareFilter.java:91)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at com.ccms.base.filter.EncodingFilter.doFilter(EncodingFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
    at java.lang.Thread.run(Thread.java:679)
    Caused by: ognl.ParseException: Encountered " <FLT_LITERAL> ".6 "" at line 1, column 11.
    Was expecting one of:
        <EOF> 
        "," ...
        "=" ...
        "?" ...
        "||" ...
        "or" ...
        "&&" ...
        "and" ...
        "|" ...
        "bor" ...
        "^" ...
        "xor" ...
        "&" ...
        "band" ...
        "==" ...
        "eq" ...
        "!=" ...
        "neq" ...
        "<" ...
        "lt" ...
        ">" ...
        "gt" ...
        "<=" ...
        "lte" ...
        ">=" ...
        "gte" ...
        "in" ...
        "not" ...
        "<<" ...
        "shl" ...
        ">>" ...
        "shr" ...
        ">>>" ...
        "ushr" ...
        "+" ...
        "-" ...
        "*" ...
        "/" ...
        "%" ...
        "instanceof" ...
        "." ...
        "(" ...
        "[" ...
        <DYNAMIC_SUBSCRIPT> ...
        "(" ...
        
    at ognl.OgnlParser.generateParseException(OgnlParser.java:3172)
    at ognl.OgnlParser.jj_consume_token(OgnlParser.java:3051)
    at ognl.OgnlParser.topLevelExpression(OgnlParser.java:16)
    at ognl.Ognl.parseExpression(Ognl.java:110)
    ... 64 more
    /-- Encapsulated exception ------------\
    ognl.ParseException: Encountered " <FLT_LITERAL> ".6 "" at line 1, column 11.
    Was expecting one of:
        <EOF> 
        "," ...
        "=" ...
        "?" ...
        "||" ...
        "or" ...
        "&&" ...
        "and" ...
        "|" ...
        "bor" ...
        "^" ...
        "xor" ...
        "&" ...
        "band" ...
        "==" ...
        "eq" ...
        "!=" ...
        "neq" ...
        "<" ...
        "lt" ...
        ">" ...
        "gt" ...
        "<=" ...
        "lte" ...
        ">=" ...
        "gte" ...
        "in" ...
        "not" ...
        "<<" ...
        "shl" ...
        ">>" ...
        "shr" ...
        ">>>" ...
        "ushr" ...
        "+" ...
        "-" ...
        "*" ...
        "/" ...
        "%" ...
        "instanceof" ...
        "." ...
        "(" ...
        "[" ...
        <DYNAMIC_SUBSCRIPT> ...
        "(" ...
        
    at ognl.OgnlParser.generateParseException(OgnlParser.java:3172)
    at ognl.OgnlParser.jj_consume_token(OgnlParser.java:3051)
    at ognl.OgnlParser.topLevelExpression(OgnlParser.java:16)
    at ognl.Ognl.parseExpression(Ognl.java:110)
    at com.opensymphony.xwork2.ognl.OgnlUtil.compile(OgnlUtil.java:268)
    at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:230)
    at com.opensymphony.xwork2.ognl.OgnlValueStack.trySetValue(OgnlValueStack.java:183)
    at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:170)
    at com.opensymphony.xwork2.ognl.OgnlValueStack.setParameter(OgnlValueStack.java:148)
    at com.opensymphony.xwork2.interceptor.ParametersInterceptor.setParameters(ParametersInterceptor.java:318)
    at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:231)
    at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:239)
    at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:191)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:73)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:91)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:141)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
    at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:161)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:193)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:189)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.ccms.systemlog.action.InterfaceInterceptor.intercept(InterfaceInterceptor.java:81)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
    at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:563)
    at org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:77)
    at org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter.doFilter(StrutsExecuteFilter.java:93)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:351)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter.doFilter(StrutsPrepareFilter.java:91)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at com.ccms.base.filter.EncodingFilter.doFilter(EncodingFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
    at java.lang.Thread.run(Thread.java:679)
    \--------------------------------------/
    解決方式:
    【在strurts.xml的攔截器中覆蓋struts2的默認(rèn)攔截器棧,并在params方法中過(guò)濾掉相應(yīng)的請(qǐng)求參數(shù)(正則表達(dá)式編寫(xiě)),這樣就可以屏蔽OGNL表達(dá)式的解析。
    <interceptor-stack name="fixDefaultStack">
    	                <interceptor-ref name="exception"/>
    	                <interceptor-ref name="alias"/>
    	                <interceptor-ref name="servletConfig"/>
    	                <interceptor-ref name="i18n"/>
    	                <interceptor-ref name="prepare"/>
    	                <interceptor-ref name="chain"/>
    	                <interceptor-ref name="scopedModelDriven"/>
    	                <interceptor-ref name="modelDriven"/>
    	                <interceptor-ref name="fileUpload"/>
    	                <interceptor-ref name="checkbox"/>
    	                <interceptor-ref name="multiselect"/>
    	                <interceptor-ref name="staticParams"/>
    	                <interceptor-ref name="actionMappingParams"/>
    	                <interceptor-ref name="params">
    	                    <!-- Rest接口使用,解決【hostId.1】這類(lèi)請(qǐng)求參數(shù)出現(xiàn)OGNL解析異常問(wèn)題 -->
    	                    <param name="excludeParams">
    	                    	dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,parameters\...*,
    	                    	^zoneId\..*, ^clusterId\..*, ^hostId\..*, ^instanceId\..*,
    	                    </param>
    	                </interceptor-ref>
    	                <interceptor-ref name="conversionError"/>
    	                <interceptor-ref name="validation">
    	                    <param name="excludeMethods">input,back,cancel,browse</param>
    	                </interceptor-ref>
    	                <interceptor-ref name="workflow">
    	                    <param name="excludeMethods">input,back,cancel,browse</param>
    	                </interceptor-ref>
    	                <interceptor-ref name="debugging"/>
    	        </interceptor-stack>
    再在struts-query.xml配置的Action文件中引用上述攔截器:
    <package name="query" namespace="/query" extends="default">
    		<action name="instancesAction" class="instancesAction">
    			<interceptor-ref name="li"/>
    	        <interceptor-ref name="fixDefaultStack"></interceptor-ref>
    		</action>
    ... ...
    </package>
    
	
    posted on 2013-10-14 09:50 David1228 閱讀(21753) 評(píng)論(6)  編輯  收藏  所屬分類(lèi): StrutsJ2EE 
    

    







    
	    
    


    
FeedBack:

    
	

		
    
			
    # re: struts2漏洞版本升級(jí)過(guò)程
    
			
    
				2013-10-14 10:21 | 零柒鎖業(yè)
    
				
    支持博主  回復(fù)  更多評(píng)論
      
    
			
    
			
			
		
    
	
		
    
			
    # re: struts2漏洞版本升級(jí)過(guò)程
    
			
    
				2013-10-22 18:21 | yotta
    
				
    come on!@零柒鎖業(yè)
      回復(fù)  更多評(píng)論
      
    
			
    
			
			
		
    
	
		
    
			
    # re: struts2漏洞版本升級(jí)過(guò)程
    
			
    
				2013-10-22 18:21 | sohu88
    
				
    不錯(cuò)不錯(cuò)~哈  回復(fù)  更多評(píng)論
      
    
			
    
			
			
		
    
	
		
    
			
    # re: struts2漏洞版本升級(jí)過(guò)程
    
			
    
				2014-02-28 10:14 | zl007_ml
    
				
    真是幫我了大忙了。
    5. HTTP Status 404 這個(gè)問(wèn)題我追查了好久。非常感謝  回復(fù)  更多評(píng)論
      
    
			
    
			
			
		
    
	
		
    
			
    # re: struts2漏洞版本升級(jí)過(guò)程
    
			
    
				2014-07-18 10:23 | JeffenCheung
    
				
    樓主這個(gè)問(wèn)題見(jiàn)過(guò)沒(méi):
    通過(guò)頁(yè)面按鈕action手動(dòng)啟動(dòng)調(diào)度job是可以取到資源文件的內(nèi)容的,可以正常跑該任務(wù)。但spring代理調(diào)度該job時(shí)無(wú)法取得properties的資源文件,struts2.3出現(xiàn)此問(wèn)題,struts2.0的版本沒(méi)問(wèn)題。
    Locale com.opensymphony.xwork2.ActionSupport.getLocale() = null   回復(fù)  更多評(píng)論
      
    
			
    
			
			
		
    
	
		
    
			
    # re: struts2漏洞版本升級(jí)過(guò)程
    
			
    
				2016-04-07 15:04 | 清澈希望
    
				
    樓主寫(xiě)的真好,404這個(gè)我也遇到了,想知道樓主在登錄頁(yè)面都沒(méi)打開(kāi)的情況下是在哪設(shè)置的斷點(diǎn),怎么分析找到的問(wèn)題的根本原因的?怎么跟的代碼?  回復(fù)  更多評(píng)論
      
    
			
    
			
			
		
    
	








    





    


    

	
    
		
    
				
		
	
		
    
		
		
    只有注冊(cè)用戶(hù)登錄后才能發(fā)表評(píng)論。
    
		
    
			
		
    
			
		
    
		
		
    
		


    

		    		
		
    
		
    			
		
		
		
		
    
		
    
		
		
    
		
    
			網(wǎng)站導(dǎo)航:
		
		
    
		
    
			


		
    	
		
    
			 
		
    
		
    
			
		
    
		
    
			
				
		
    		
	
    	

    



    

				

    

    
	
		
    
			
    			
			
    
	
    
		
    <2016年4月>
    
	
    272829303112
    3456789
    10111213141516
    17181920212223
    24252627282930
    1234567
    

    

			

    常用鏈接
    


    留言簿(4)
    




		
    隨筆分類(lèi)
    
		
				
			
	
		
    隨筆檔案
    
		
				
			
	
		
    文章檔案
    
		
				
			
	
		
    新聞分類(lèi)
    
		
				
			
	
		
    新聞檔案
    
		
				
			
	
		
    相冊(cè)
    
		
				
			
	
		
    收藏夾
    
		
				
			
	
		
    Java
    
		
				
			
	
		
    Linux知識(shí)相關(guān)
    
		
				
			
	
		
    Spring相關(guān)
    
		
				
			
	
		
    云計(jì)算/Linux/虛擬化技術(shù)/
    
		
				
			
	
		
    友情博客
    
		
				
			
	
		
    多線(xiàn)程并發(fā)編程
    
		
				
			
	
		
    開(kāi)源技術(shù)
    
		
				
			
	
		
    持久層技術(shù)相關(guān)
    
		
				
      
			
				
    
			
	




    搜索
    

      
	
    • 
		
    •  
	
      • 

    


    積分與排名
    

      
	
    • 
		積分 -
		358541
	
    • 
		排名 -
		154
	
      • 

    


    最新評(píng)論
	
    

    
	
			
		

    


    閱讀排行榜
    



    評(píng)論排行榜
    


    
	

    




    







    
        
	



主站蜘蛛池模板:
亚洲国产成人久久77|
亚洲综合色婷婷七月丁香|
亚洲第一香蕉视频|
人妻丰满熟妇无码区免费|
亚洲精品高清无码视频|
久久国产精品国产自线拍免费|
亚洲精品自在在线观看|
久久免费99精品国产自在现线|
最新国产AV无码专区亚洲|
三年在线观看免费观看完整版中文|
中文字幕不卡亚洲
|
足恋玩丝袜脚视频免费网站|
亚洲色图黄色小说|
一个人免费高清在线观看|
亚洲精品精华液一区二区|
免费国产小视频在线观看|
国产日韩久久免费影院|
亚洲精选在线观看|
国拍在线精品视频免费观看|
亚洲成a人无码亚洲成www牛牛
|
狠狠色伊人亚洲综合网站色|
国产青草视频在线观看免费影院|
成年大片免费视频播放一级|
久久亚洲高清观看|
在线看片v免费观看视频777|
色窝窝亚洲av网|
亚洲色婷婷综合久久|
2021在线永久免费视频|
亚洲gay片在线gv网站|
亚洲日本中文字幕天堂网|
日本xxxx色视频在线观看免费|
亚洲人成网站免费播放|
国产亚洲精久久久久久无码AV|
99精品视频在线观看免费播放|
亚洲一卡一卡二新区无人区|
jlzzjlzz亚洲乱熟在线播放|
国产乱子精品免费视观看片|
一区二区免费国产在线观看|
亚洲国产精品白丝在线观看|
亚洲高清最新av网站|
91免费国产自产地址入|