今天调试程序时遇到了java.lang.IllegalStateException org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:423)这个异常,百度了一下引起这个异常的原因是如下:
jdk5.0文档中很清楚地介绍了出现IllegalStateException异常的可能情况: 1)同一个页面中再次调用response.sendRedirect()方法。 2)提交的URL错误,即不是个有效的URL。 sendRedirect void sendRedirect(java.lang.String location) throws java.io.IOException Sends a temporary redirect response to the client using the specified redirect location URL. This method can accept relative URLs; the servlet container must convert the relative URL to an absolute URL before sending the response to the client. If the location is relative without a leading '/' the container interdivts it as relative to the current request URI. If the location is relative with a leading '/' the container interdivts it as relative to the servlet container root. If the response has already been committed, this method throws an IllegalStateException. After using this method, the response should be considered to be committed and should not be written to. Parameters: location - the redirect location URL Throws: java.io.IOException - If an input or output exception occurs java.lang.IllegalStateException - If the response was committed or if a partial URL is given and cannot be converted into a valid URL
经分析我这边的情况是第一种即在同一个方法中一次以上的连续调用了response.sendRedirect()方法,知道根源解决方法就比较简单了,避免多次连续的调用response.sendRedirect()方法。
这个问题在我们的系统中,是因为判断是否有注入式攻击字符时产生的,因为CR、LF在不同的系统中表示不同的回车换行的意义,在判断是否为注入攻击的字符时他俩也在其列,不过从前台返回的字符中难免不包含这两个字符的,当然,我们现在关心是产生上面的异常的原因,就是上面的1)2)两个原因,而根源和判断是否有注入攻击字符相关
扩展链接:
1:深入理解ServletRequest与ServletResponse
http://lavasoft.blog.51cto.com/62575/275586
2:HttpServletRequest、 ServletRequest、Request
http://blog.163.com/magicc_love/blog/static/185853662201201023521297/
3:关于linux和windows的CR, LF, CR/LF 回车 换行问题
http://www.cnblogs.com/lihong/archive/2011/02/19/1958349.html
http://www.360doc.com/content/11/0113/20/3508740_86319358.shtml
当然,这个问题的解决过程是一个很好的锻炼过程,同时也证明对于问题本身的求解必须具备打破沙锅问到底、不达目的不罢休的态度,才能够对问题本身有比较深入的了解,也才能找到问题的根源,从而从根本上将问题彻底解决!