• 转--struts2出现的漏洞以及影响

    struts2出现的漏洞以及影响:
    http://www.iteye.com/news/28053#comments
    http://baike.baidu.com/link?url=6-45Efjxfsz2J74shu4sfd9G4ASrYig3ovFgBZASXbYGhGXeB368Glur39lakBEmntTDl_EIHro78o0tcyoCcK
    项目中的struts版本是struts2.0.11,要求升级到目前最新的版本struts2.3.15.2。
    工程修改内容:
        新增的jar包:
            struts2-core-2.3.15.2.jar
            struts2-spring-plugin-2.3.15.2.jar
            struts2-json-plugin-2.3.15.2.jar
            xwork-core-2.3.15.2.jar
            ognl-3.0.6.jar
            javassist-3.11.0.GA
            commons-lang3-3.1.jar
        配置文件修改:
            web.xml
            struts.xml
        Java文件修改:
        ExceptionLogger.java

    工程中需删除的jar包:
    struts-core-2.0.11.jar
    struts-spring-plugin-2.0.11.jar
    xwork-2.0.4.jar
    jsonplugin-0[1].32.jar

    升级过程中遇到的问题及其解决办法:
    1. - Cannot reduce the visibility of the inherited method from ExceptionMappingInterceptor
     【将ExceptionLogger类,由于继承了ExceptionMappingInterceptor并且重写了findResultFromExceptions(List exceptionMappings, Throwable t) 方法, 父类该方法的作用域是protected,所以子类必须将原来的private修改为protected或者public】
    2.java.lang.NullPointerException
        edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:409)
        com.ccms.base.filter.EncodingFilter.doFilter(EncodingFilter.java:53)
     【
        web.xml中将struts2 prepare filter放到cas filter前面,将struts executer filter放到cas filter后面
        这样配置之后,启动服务器后重新访问bcec url,形如:http://localhost:8080/bcec/zoneAction!initZone.action?function=zone 不会出现自动不转向到cas然后登陆的情况。     因为CasFilter.java过滤器中获取了ActionContext对象,但是此时如果先走这个filter的话Struts还没有初始化,所有ActionContext对象为null。
        

    <filter>         <filter-name>struts-prepare</filter-name>         <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter</filter-class>     </filter>      <filter-mapping>         <filter-name>struts-prepare</filter-name>         <url-pattern>/*</url-pattern>     </filter-mapping>
        <filter>       <filter-name>CASFilter</filter-name>       <filter-class>         edu.yale.its.tp.cas.client.filter.CASFilter       </filter-class>             </filter>      <filter-mapping>       <filter-name>CASFilter</filter-name>       <url-pattern>/*</url-pattern>     </filter-mapping>          <filter>         <filter-name>struts-execute</filter-name>         <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter</filter-class>     </filter>     <filter-mapping>         <filter-name>struts-execute</filter-name>         <url-pattern>/*</url-pattern>     </filter-mapping>

       】
    3. Caused by java.lang.ClassNotFoundException javassist.ClassPool   【新增javassist-3.11.0.GA.jar】 4. java.lang.NoSuchMethodError: ognl.SimpleNode.isEvalChain(Lognl/OgnlContext;)   【OGNL包不兼容,删除原来的ognl-2.6.11.jar,新增ognl-3.0.6.jar】 5. HTTP Status 404 - There is no Action mapped for namespace [/] and action name [loginAction!login] associated with context path [/bcec].   【<constant name="struts.enable.DynamicMethodInvocation" value="true"/> 增加该项表示开启动态方法调用(形如:XXAction!xxx.action)。struts2.3.15.2版本中默认为false(不支持动态方法调用),而struts2.0.11中默认值是true(支持动态方法调用)】         这个耗费了多些时间,跟踪了下源码. 6.java.lang.ClassNotFoundException: com.opensymphony.xwork2.util.TextUtils   【新增struts2-json-plugin-2.3.15.2.jar,删除jsonplugin-0.3x.jar包】 7.Caused by: No object in the CompoundRoot has a publicly accessible property named 'datetime' (no setter could be found). - [unknown location]   【<constant name="struts.devMode" value="false" /> 将value修改为false或者将该条配置去掉。】  

    8. [2013-10-15 18:11:48] [WARN ] Error setting expression 'struts.token.name' with value '[Ljava.lang.String;@14057e5' - at com.opensymphony.xwork2.util.logging.commons.CommonsLogger.warn(CommonsLogger.java:64) 
    ognl.OgnlException: source is null for getProperty(null, "token")
    【struts.xml中修改params参数拦截器配置如下:
    <interceptor-ref name="params">
    <param name="excludeParams">
    dojo..*,.*\u0023.*,struts.token,struts.token.name
    </param>
    </interceptor-ref>
    9. [2013-10-16 10:38:19] [WARN ] Could not find token name in params. - at com.opensymphony.xwork2.util.logging.commons.CommonsLogger.warn(CommonsLogger.java:56) 
    【struts.xml中修改token拦截器中增加对防止重复提交方法的拦截配置:
    <interceptor-ref name="token">
    <param name="includeParams">
                                                      allocate,create
    </param>
    </interceptor-ref>
    】 10. 当rest接口发送请求参数格式形如:hostId.1、hostId.2....
    后台会遇到ognl解析错误,警告级错误如下,很眼晕啊 ~~.
    --------------------------------------/
    [2013-10-25 10:32:47] [WARN ] Error setting expression 'instanceId.6' with value '[Ljava.lang.String;@7a151289' - at com.opensymphony.xwork2.util.logging.commons.CommonsLogger.warn(CommonsLogger.java:64) 
    ognl.ExpressionSyntaxException: Malformed OGNL expression: instanceId.6 [ognl.ParseException: Encountered " <FLT_LITERAL> ".6 "" at line 1, column 11.
    Was expecting one of:
        <EOF> 
        "," ...
        "=" ...
        "?" ...
        "||" ...
        "or" ...
        "&&" ...
        "and" ...
        "|" ...
        "bor" ...
        "^" ...
        "xor" ...
        "&" ...
        "band" ...
        "==" ...
        "eq" ...
        "!=" ...
        "neq" ...
        "<" ...
        "lt" ...
        ">" ...
        "gt" ...
        "<=" ...
        "lte" ...
        ">=" ...
        "gte" ...
        "in" ...
        "not" ...
        "<<" ...
        "shl" ...
        ">>" ...
        "shr" ...
        ">>>" ...
        "ushr" ...
        "+" ...
        "-" ...
        "*" ...
        "/" ...
        "%" ...
        "instanceof" ...
        "." ...
        "(" ...
        "[" ...
        <DYNAMIC_SUBSCRIPT> ...
        "(" ...
        ]
    at ognl.Ognl.parseExpression(Ognl.java:112)
    at com.opensymphony.xwork2.ognl.OgnlUtil.compile(OgnlUtil.java:268)
    at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:230)
    at com.opensymphony.xwork2.ognl.OgnlValueStack.trySetValue(OgnlValueStack.java:183)
    at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:170)
    at com.opensymphony.xwork2.ognl.OgnlValueStack.setParameter(OgnlValueStack.java:148)
    at com.opensymphony.xwork2.interceptor.ParametersInterceptor.setParameters(ParametersInterceptor.java:318)
    at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:231)
    at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:239)
    at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:191)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:73)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:91)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:141)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
    at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:161)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:193)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:189)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.ccms.systemlog.action.InterfaceInterceptor.intercept(InterfaceInterceptor.java:81)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
    at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:563)
    at org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:77)
    at org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter.doFilter(StrutsExecuteFilter.java:93)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:351)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter.doFilter(StrutsPrepareFilter.java:91)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at com.ccms.base.filter.EncodingFilter.doFilter(EncodingFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
    at java.lang.Thread.run(Thread.java:679)
    Caused by: ognl.ParseException: Encountered " <FLT_LITERAL> ".6 "" at line 1, column 11.
    Was expecting one of:
        <EOF> 
        "," ...
        "=" ...
        "?" ...
        "||" ...
        "or" ...
        "&&" ...
        "and" ...
        "|" ...
        "bor" ...
        "^" ...
        "xor" ...
        "&" ...
        "band" ...
        "==" ...
        "eq" ...
        "!=" ...
        "neq" ...
        "<" ...
        "lt" ...
        ">" ...
        "gt" ...
        "<=" ...
        "lte" ...
        ">=" ...
        "gte" ...
        "in" ...
        "not" ...
        "<<" ...
        "shl" ...
        ">>" ...
        "shr" ...
        ">>>" ...
        "ushr" ...
        "+" ...
        "-" ...
        "*" ...
        "/" ...
        "%" ...
        "instanceof" ...
        "." ...
        "(" ...
        "[" ...
        <DYNAMIC_SUBSCRIPT> ...
        "(" ...
        
    at ognl.OgnlParser.generateParseException(OgnlParser.java:3172)
    at ognl.OgnlParser.jj_consume_token(OgnlParser.java:3051)
    at ognl.OgnlParser.topLevelExpression(OgnlParser.java:16)
    at ognl.Ognl.parseExpression(Ognl.java:110)
    ... 64 more
    /-- Encapsulated exception ------------
    ognl.ParseException: Encountered " <FLT_LITERAL> ".6 "" at line 1, column 11.
    Was expecting one of:
        <EOF> 
        "," ...
        "=" ...
        "?" ...
        "||" ...
        "or" ...
        "&&" ...
        "and" ...
        "|" ...
        "bor" ...
        "^" ...
        "xor" ...
        "&" ...
        "band" ...
        "==" ...
        "eq" ...
        "!=" ...
        "neq" ...
        "<" ...
        "lt" ...
        ">" ...
        "gt" ...
        "<=" ...
        "lte" ...
        ">=" ...
        "gte" ...
        "in" ...
        "not" ...
        "<<" ...
        "shl" ...
        ">>" ...
        "shr" ...
        ">>>" ...
        "ushr" ...
        "+" ...
        "-" ...
        "*" ...
        "/" ...
        "%" ...
        "instanceof" ...
        "." ...
        "(" ...
        "[" ...
        <DYNAMIC_SUBSCRIPT> ...
        "(" ...
        
    at ognl.OgnlParser.generateParseException(OgnlParser.java:3172)
    at ognl.OgnlParser.jj_consume_token(OgnlParser.java:3051)
    at ognl.OgnlParser.topLevelExpression(OgnlParser.java:16)
    at ognl.Ognl.parseExpression(Ognl.java:110)
    at com.opensymphony.xwork2.ognl.OgnlUtil.compile(OgnlUtil.java:268)
    at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:230)
    at com.opensymphony.xwork2.ognl.OgnlValueStack.trySetValue(OgnlValueStack.java:183)
    at com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:170)
    at com.opensymphony.xwork2.ognl.OgnlValueStack.setParameter(OgnlValueStack.java:148)
    at com.opensymphony.xwork2.interceptor.ParametersInterceptor.setParameters(ParametersInterceptor.java:318)
    at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:231)
    at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:239)
    at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:191)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:73)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:91)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:141)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
    at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:161)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:193)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:189)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at com.ccms.systemlog.action.InterfaceInterceptor.intercept(InterfaceInterceptor.java:81)
    at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
    at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
    at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:563)
    at org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:77)
    at org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter.doFilter(StrutsExecuteFilter.java:93)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:351)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter.doFilter(StrutsPrepareFilter.java:91)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at com.ccms.base.filter.EncodingFilter.doFilter(EncodingFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
    at java.lang.Thread.run(Thread.java:679)
    --------------------------------------/
    解决方式:
    【在strurts.xml的拦截器中覆盖struts2的默认拦截器栈,并在params方法中过滤掉相应的请求参数(正则表达式编写),这样就可以屏蔽OGNL表达式的解析。
    <interceptor-stack name="fixDefaultStack">
                    <interceptor-ref name="exception"/>
                    <interceptor-ref name="alias"/>
                    <interceptor-ref name="servletConfig"/>
                    <interceptor-ref name="i18n"/>
                    <interceptor-ref name="prepare"/>
                    <interceptor-ref name="chain"/>
                    <interceptor-ref name="scopedModelDriven"/>
                    <interceptor-ref name="modelDriven"/>
                    <interceptor-ref name="fileUpload"/>
                    <interceptor-ref name="checkbox"/>
                    <interceptor-ref name="multiselect"/>
                    <interceptor-ref name="staticParams"/>
                    <interceptor-ref name="actionMappingParams"/>
                    <interceptor-ref name="params">
                        <!-- Rest接口使用,解决【hostId.1】这类请求参数出现OGNL解析异常问题 -->
                        <param name="excludeParams">
                         dojo..*,^struts..*,^session..*,^request..*,^application..*,^servlet(Request|Response)..*,parameters...*,
                         ^zoneId..*, ^clusterId..*, ^hostId..*, ^instanceId..*,
                        </param>
                    </interceptor-ref>
                    <interceptor-ref name="conversionError"/>
                    <interceptor-ref name="validation">
                        <param name="excludeMethods">input,back,cancel,browse</param>
                    </interceptor-ref>
                    <interceptor-ref name="workflow">
                        <param name="excludeMethods">input,back,cancel,browse</param>
                    </interceptor-ref>
                    <interceptor-ref name="debugging"/>
            </interceptor-stack>
     
    再在struts-query.xml配置的Action文件中引用上述拦截器:
    <package name="query" namespace="/query" extends="default">
    <action name="instancesAction" class="instancesAction">
    <interceptor-ref name="li"/>
            <interceptor-ref name="fixDefaultStack"></interceptor-ref>
    </action>
    ... ...
    </package> 】
  • 相关阅读:
    轻松把你的项目升级到PWA
    聊聊React高阶组件(Higher-Order Components)
    java NIO系列教程2
    java NIO系列教程1
    个人笔记
    onclick时间加return和不加return的区别
    URL编码分析与乱码解决方案
    第九天 1-8 RHEL7软件包管理
    第八天 RHEL7.2 文件权限管理(第一部分)
    第七天 Linux用户管理、RHEL6.5及RHEL7.2 root密码破解、RHEL6.5安装vmware tools
  • 原文地址:https://www.cnblogs.com/csyy/p/4192840.html
Copyright © 2020-2023  润新知