Struts2安全漏洞:
http://struts.apache.org/release/2.3.x/docs/s2-020.html
将Struts2 由2.3.15.2升级到2.3.16.1找不到Action,报如下错误:
2014-03-14 10:48:59,146 [http-8090-1] WARN [org.apache.struts2.dispatcher.Dispatcher] - Could not find action or result: /Test/system/test-notice!check.action
There is no Action mapped for namespace [/system] and action name [test-notice!check] associated with context path [/Test]. - [unknown location]
at com.opensymphony.xwork2.DefaultActionProxy.prepare(DefaultActionProxy.java:185)
at org.apache.struts2.impl.StrutsActionProxy.prepare(StrutsActionProxy.java:63)
at org.apache.struts2.impl.StrutsActionProxyFactory.createActionProxy(StrutsActionProxyFactory.java:37)
at com.opensymphony.xwork2.DefaultActionProxyFactory.createActionProxy(DefaultActionProxyFactory.java:58)
at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:552)
at org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:77)
at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:99)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.sinosoft.fw.utils.server.FwServerRequestFilter.doFilter(FwServerRequestFilter.java:79)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:99)
at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:67)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:116)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.ui.basicauth.BasicProcessingFilter.doFilterHttp(BasicProcessingFilter.java:174)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:278)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.concurrent.ConcurrentSessionFilter.doFilterHttp(ConcurrentSessionFilter.java:99)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at com.sinosoft.fw.utils.server.FwServerSessionTimeoutFilter.doFilterHttp(FwServerSessionTimeoutFilter.java:46)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)
at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:595)
现已解决,在struts.xml中增加如下配置:
<constant name="struts.enable.DynamicMethodInvocation" value="true" />
分享到:
相关推荐
Struts2的架构设计非常清晰,主要由以下几个部分组成: - **拦截器(Interceptor)**:拦截器用于处理HTTP请求,可以对请求进行预处理或后处理。 - **Action**:处理业务逻辑的核心组件。 - **配置文件(struts.xml...
充满了其他地方找不到的技术细节,而且深入剖析了Struts的内部机理。强烈推荐” ——JosephBrutto,资深程序员 作者简介 作者:(加拿大)Budi Kurniawan 译者:杨涛 王建桥 杨晓云 Budi Kurniawan,世界知名的...
本书是广受赞誉的Struts 2优秀教程,它全面而深入地阐述了Struts 2的各个特性,并指导开发人员如何根据遇到的问题对症下药,选择使用最合适的特性。作者处处从实战出发,在丰富的示例中直观地探讨了许多实用的技术,...
A.2 把Spring添加为一个Maven 2依赖项 A.3 Spring与Ant A.4 Spring与Log4j 附录B 用(和不用)Spring进行测试 B.1 测试简介 B.1.1 理解不同类型的测试 B.1.2 使用JUnit B.1.3 Spring在测试中的角色 B.2 单元...
A.2 把Spring添加为一个Maven 2依赖项 A.3 Spring与Ant A.4 Spring与Log4j 附录B 用(和不用)Spring进行测试 B.1 测试简介 B.1.1 理解不同类型的测试 B.1.2 使用JUnit B.1.3 Spring在测试中的角色 B.2 单元...
a.2把spring添加为一个maven2依赖项 a.3spring与ant a.4spring与log4j 附录b用(和不用)spring进行测试 b.1测试简介 b.1.1理解不同类型的测试 b.1.2使用junit b.1.3spring在测试中的角色 b.2单元测试...
406 20.3 系统设计 407 20.3.1 系统用例分析 407 20.3.2 持久化数据分析 413 20.3.3 系统操作序列描述 413 20.3.4 业务接口设计 419 20.4 数据库设计 421 20.4.1 数据库规划 421 20.4.2 具体数据库表 423 20.4.3 SQL...
20.10.2 将用户评论信息插入到数据库中的Servlet类Comment 381 20.11 后台管理模块的实现 384 20.11.1 后台管理模块的用户登录页面index.jsp 384 20.11.2 后台管理模块的首页面default.jsp 385 20.11.3 输入要添加的...
10.2 实例——Struts 2的“Hello World” 143 10.3 小结 151 第11章 利用JDBC访问数据库 152 11.1 JDBC基础 152 11.1.1 如何用JDBC访问数据库 152 11.2 实例——利用JDBC访问SQL Server数据库 154 11.3 ...
11.4 Action 数据获取与传递 11.5 Struts 表单验证 第12章 标签库及其应用 12.1 Struts标签库基础知识 12.2 Struts标签库应用实例 12.3 JSTL基础知识 12.4 EL表达式基础知识 12.5 JSTL核心标签库 12.6 网络...
9.10.2、实现过滤器 9.10.3、过滤器的应用 9.11、监听器 9.11.1、对application监听 9.11.2、对session监听 9.11.3、对request监听 9.11.4、监听器实例 —— 在线人员统计 9.12、本章摘要 9.13、开发...
9.10.2、实现过滤器 9.10.3、过滤器的应用 9.11、监听器 9.11.1、对application监听 9.11.2、对session监听 9.11.3、对request监听 9.11.4、监听器实例 —— 在线人员统计 9.12、本章摘要 9.13、开发...
9.10.2、实现过滤器 9.10.3、过滤器的应用 9.11、监听器 9.11.1、对application监听 9.11.2、对session监听 9.11.3、对request监听 9.11.4、监听器实例 —— 在线人员统计 9.12、本章摘要 9.13、开发...
9.10.2、实现过滤器 9.10.3、过滤器的应用 9.11、监听器 9.11.1、对application监听 9.11.2、对session监听 9.11.3、对request监听 9.11.4、监听器实例 —— 在线人员统计 9.12、本章摘要 9.13、开发实战...
9.10.2、实现过滤器 9.10.3、过滤器的应用 9.11、监听器 9.11.1、对application监听 9.11.2、对session监听 9.11.3、对request监听 9.11.4、监听器实例 —— 在线人员统计 9.12、本章摘要 9.13、开发实战...
9.10.2、实现过滤器 9.10.3、过滤器的应用 9.11、监听器 9.11.1、对application监听 9.11.2、对session监听 9.11.3、对request监听 9.11.4、监听器实例 —— 在线人员统计 9.12、本章摘要 9.13、开发实战...
9.10.2、实现过滤器 9.10.3、过滤器的应用 9.11、监听器 9.11.1、对application监听 9.11.2、对session监听 9.11.3、对request监听 9.11.4、监听器实例 —— 在线人员统计 9.12、本章摘要 9.13、开发实战...