struts2.5 为了提升安全性,添加了 allomethod 这么个玩意。
解决方法是在配置文件中添加:
<package name="exam" extends="json-default"> <global-allowed-methods>regex:.*</global-allowed-methods> <action name="user" class="userAction"> ... </action> </package>
或者,针对action,在 action 块中添加
<allowed-methods>regex:.*</allowed-methods>
同样也支持在你的 action 上使用 @AllowedMethods 注解
默认的设置为
<global-allowed-methods>execute,input,back,cancel,browse,save,delete,list,index</global-allowed-methods>
全局设置是增量而不是覆盖的,支持正则和直接匹配方法
默认允许的allowedMethods范围
allowedMethods=[
LiteralAllowedMethod{allowedMethod='index'},
LiteralAllowedMethod{allowedMethod='input'},
LiteralAllowedMethod{allowedMethod='execute'},
LiteralAllowedMethod{allowedMethod='save'},
LiteralAllowedMethod{allowedMethod='browse'},
LiteralAllowedMethod{allowedMethod='delete'},
LiteralAllowedMethod{allowedMethod='back'},
LiteralAllowedMethod{allowedMethod='list'},
LiteralAllowedMethod{allowedMethod='cancel'}]
