注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

love3400wind的blog

like

 
 
 

日志

 
 
 
 

java.lang.SecurityException: CSRF Security Error  

2012-06-11 18:18:53|  分类: IT |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

整合dwr时报错:

 2012-06-11 18:17:42,981 ERROR (BaseDwrpHandler.java:84) - A request has been denied as a potential CSRF attack.
 2012-06-11 18:17:42,981  WARN (BaseCallHandler.java:380) - Exception while processing batch
 java.lang.SecurityException: CSRF Security Error
 at org.directwebremoting.dwrp.BaseDwrpHandler.checkNotCsrfAttack(BaseDwrpHandler.java:85)
 at org.directwebremoting.dwrp.BaseCallHandler.handle(BaseCallHandler.java:76)
 at org.directwebremoting.servlet.UrlProcessor.handle(UrlProcessor.java:120)
 at org.directwebremoting.servlet.DwrServlet.doPost(DwrServlet.java:141)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
 at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
 at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
 at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
 at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
 at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
 at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588)
 at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
 at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
 at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
 at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
 at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
 at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
 at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
2012-06-11 18:17:42,981 DEBUG (CachingHandler.java:189) - Sending content for /interface/DwrDemo.js, If-Modified-Since=1339409518000, Last Modified=1339409862000, Old ETag="1339409518000", New ETag="1339409862000"
 2012-06-11 18:17:42,981 DEBUG (CachingHandler.java:64) - Generating contents for /interface/DwrDemo.js. It is not currently cached.
 



解决办法:

修改 web.xml 中 DWR 配置信息

原:

<servlet>  
      <servlet-name>dwr-invoker</servlet-name>  
     <servlet-class>org.directwebremoting.spring.DwrSpringServlet</servlet-class>  
     <init-param> 
      <param-name>debug</param-name> 
      <param-value>true</param-value> 
  </init-param>
</servlet>

 

加入跨域调用配置信息(红色部分),修改为:

<servlet>  
      <servlet-name>dwr-invoker</servlet-name>  
      <servlet-class>org.directwebremoting.spring.DwrSpringServlet</servlet-class>  
      <init-param> 
             <param-name>debug</param-name> 
             <param-value>true</param-value> 
      </init-param>
      <init-param>
             <param-name>crossDomainSessionSecurity</param-name>
             <param-value>false</param-value>
      </init-param>
      <init-param>
            <param-name>allowScriptTagRemoting</param-name>
            <param-value>true</param-value>
      </init-param>

</servlet>

  评论这张
 
阅读(1200)| 评论(2)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017