日期:2014-05-16  浏览次数:20868 次

Tomcat 7.0不支持DWR吗?
本帖最后由 q543232022 于 2010-08-03 20:20:29 编辑 运行debug弹出对话框CSRF Security Error
不过换个TOMCAT6.0 就好了!

异常:
严重: A request has been denied as a potential CSRF attack.
2010-8-3 20:08:18 org.directwebremoting.dwrp.BaseCallHandler marshallException
警告: Exception while processing batch
java.lang.SecurityException: CSRF Security Error
at org.directwebremoting.dwrp.BaseDwrpHandler.checkNotCsrfAttack(BaseDwrpHandler.java:85)
at org.directwebremoting.dwrp.BaseCallHandler.handle(BaseCallHandler.java:76)
at org.directwebremoting.servlet.UrlProcessor.handle(UrlProcessor.java:120)
at org.directwebremoting.servlet.DwrServlet.doPost(DwrServlet.java:141)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:201)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:163)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:108)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:556)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:402)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:249)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:267)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:245)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:260)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:717)

------解决方案--------------------
该回复于2010-08-04 09:17:52被版主删除
------解决方案--------------------
为什么没人回帖了!
自己顶上去
------解决方案--------------------
在web.xml中增加参数配置:
<servlet>
   <servlet-name>dwr</servlet-name>
     <servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
  
   <init-param>
   <param-name>debug</param-name>
   <param-value>true</param-value>
   </init-param>
   <!-- tomcat7.0中 配置dwr时增加相关安全设置参数  -->
   <init-param>
             <param-name>crossDomainSessionSecurity</param-name>
             <param-value>false</param-value>
      </init-param>
      <init-param>
            <param-name>allowScriptTagRemoting</param-name>
            <