skyzhang92 2016-06-02 02:47 采纳率: 0%
浏览 8182

在struts2.5版本中使用DMI遇到问题

用struts2.5版本,试了很久,一直报This method: add for action user1 is not allowed!
url:http://localhost:8888/struts2_0200_namespace/user/user1!add.action

struts.xml

  <?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
    "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
    "http://struts.apache.org/dtds/struts-2.0.dtd">

<struts>
    <constant name="struts.devMode" value="true" />
    <constant name="struts.enable.DynamicMethodInvocation" value="true"></constant>
    <package name="user" extends="struts-default" namespace="/user">

        <action name="userAdd" class="struts2_0200_namespace.IndexAction" method="add">
            <result>/hello.jsp</result>
        </action>

        <action name="user1" class="struts2_0200_namespace.IndexAction">
            <result>/hello.jsp</result>

        </action>
    </package>
</struts>

IndexAction.java

 package struts2_0200_namespace;
import com.opensymphony.xwork2.ActionSupport;

public class IndexAction extends ActionSupport {


      public String add(){

          return "success";
      }


}   

hello.jsp

<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>  

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">  
<html>  
  <head>        
    <title>My JSP 'hello.jsp' starting page</title>       
    <meta http-equiv="pragma" content="no-cache">  
    <meta http-equiv="cache-control" content="no-cache">  
    <meta http-equiv="expires" content="0">      
    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">  
    <meta http-equiv="description" content="This is my page">  
  </head>  

  <body>  
    hello <br>  

  </body>  
</html> 

错误信息

Struts Problem Report

Struts has detected an unhandled exception:

Messages: •This method: add for action user1 is not allowed!

Stacktraces

This method: add for action user1 is not allowed! - [unknown location]
com.opensymphony.xwork2.DefaultActionProxy.prepare(DefaultActionProxy.java:200)
org.apache.struts2.factory.StrutsActionProxy.prepare(StrutsActionProxy.java:63)
org.apache.struts2.factory.StrutsActionProxyFactory.createActionProxy(StrutsActionProxyFactory.java:37)
com.opensymphony.xwork2.DefaultActionProxyFactory.createActionProxy(DefaultActionProxyFactory.java:58)
org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:546)
org.apache.struts2.dispatcher.ExecuteOperations.executeAction(ExecuteOperations.java:81)
org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:113)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:617)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1527)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1484)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:745)

You are seeing this page because development mode is enabled. Development mode, or devMode, enables extra debugging behaviors and reports to assist developers. To disable this mode, set:
struts.devMode=false

in your WEB-INF/classes/struts.properties file.

展开全部

  • 写回答

5条回答 默认 最新

  • 隽永I 2016-06-02 18:02
    关注

    user1 没有method action里的方法吧

    评论
  • _______-- 2016-06-12 02:13
    关注

    这是因为 struts2.5 为了提升安全性,添加了 allomethod 这么个玩意。

    解决方法是在配置文件中添加:

    
       <package name="exam" extends="json-default">
    
            <global-allowed-methods>regex:.*</global-allowed-methods>
    
        <action name="user" class="userAction">
                ...
        </action>
    
        </package>
    

    或者,针对action,在 action 块中添加

    <allowed-methods>regex:.*</allowed-methods>
    

    同样也支持在你的 action 上使用 @AllowedMethods 注解
    默认的设置为

    <global-allowed-methods>execute,input,back,cancel,browse,save,delete,list,index</global-allowed-methods>
    

    全局设置是增量而不是覆盖的,支持正则和直接匹配方法,
    源码在这两段

    // com.opensymphony.xwork2.DefaultActionProxy#prepare
    // com.opensymphony.xwork2.config.entities.ActionConfig#isAllowedMethod
    

    老项目因为爆出漏洞然后我找了一下午这个问题,最终打开研发模式,并搜索官网文档解决。
    struts 真是个坑啊。

    评论
  • yangzhouxjx 2016-08-15 23:35
    关注

    图片说明
    纯属补充楼上的说明,debug出来的默认允许的allowedMethods范围
    allowedMethods=[LiteralAllowedMethod{allowedMethod='index'}, LiteralAllowedMethod{allowedMethod='input'}, LiteralAllowedMethod{allowedMethod='execute'}, LiteralAllowedMethod{allowedMethod='save'}, LiteralAllowedMethod{allowedMethod='browse'}, LiteralAllowedMethod{allowedMethod='delete'}, LiteralAllowedMethod{allowedMethod='back'}, LiteralAllowedMethod{allowedMethod='list'}, LiteralAllowedMethod{allowedMethod='cancel'}]

    评论
  • yangzhouxjx 2016-08-15 23:54
    关注

    图片说明

    评论
  • CtrlZ1 2018-09-13 03:57
    关注
    评论
编辑
预览

报告相同问题?

手机看
程序员都在用的中文IT技术交流社区

程序员都在用的中文IT技术交流社区

专业的中文 IT 技术社区,与千万技术人共成长

专业的中文 IT 技术社区,与千万技术人共成长

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

客服 返回
顶部