如下所示,服务中使用得strtus2先被攻击,然后导致] Could not find action or result
Posted content type isn't multipart/form-data
java.io.IOException: Posted content type isn't multipart/form-data
at com.oreilly.servlet.multipart.MultipartParser.<init>(MultipartParser.java:166)
at com.oreilly.servlet.MultipartRequest.<init>(MultipartRequest.java:222)
at com.oreilly.servlet.MultipartRequest.<init>(MultipartRequest.java:129)
at com.airtalkee.util.CosMultiPartRequest.parse(CosMultiPartRequest.java:83)
at org.apache.struts2.dispatcher.multipart.MultiPartRequestWrapper.<init>(MultiPartRequestWrapper.java:84)
at org.apache.struts2.dispatcher.Dispatcher.wrapRequest(Dispatcher.java:849)
at org.apache.struts2.dispatcher.ng.PrepareOperations.wrapRequest(PrepareOperations.java:138)
at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:91)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:662)
2018-08-10 14:16:15 [ http-4480-18:11622462 ] - [ WARN ] Could not find action or result: /station/logoutAction_logoutEn.action
No result defined for action com.airtalkee.web.action.LogoutAction and result input - action - file:/root/http/station/webapps/station/WEB-INF/classes/struts.xml:82:67
at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:276)
at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInte
struts2配置如下:
<action name="logoutAction_*" class="logoutAction" method="{1}">
<!-- <interceptor-ref name="permissionStack"/>-->
<result name="toLogin">/login_aly.jsp</result>
<result name="toLogin2">/login_2.jsp</result>
<result name="toLoginZq">/login.jsp</result>
<result name="toLoginZq_PC">/login_PC.jsp</result>
<result name="toLoginFr">/login_fr.jsp</result>
<result name="toLoginEn">/login_en.jsp</result>
<result name="toLoginCCS">/login_ccs.jsp</result>
<result name="toLoginTw">/login_tw.jsp</result>
<result name="toLoginRu">/login_ru.jsp</result>
<result name="toLoginTr">/login_tr_tongli.jsp</result>
<result name="imageUI">/image.jsp</result>
</action>
代码侧:
public String logoutEn() {
ActionContext.getContext().getSession()
.remove(SessionUtil.SESSION_USER);
return "toLoginEn";
}
一旦服务日志出现Posted content type isn't multipart/form-data,过个一两分钟就会出现Could not find action or result,重启服务后就能正常访问/station/logoutAction_logoutEn.action,
项目框架spring+struts2
struts2 版本:2.3.36
服务器:tomcat6
感觉和之前struts2报的漏洞(struts2 s2-045和struts2 s2-046)有关,但是我已经按照网上修复方案 升级了struts2 版本,但还是频繁出现上述问题。
请各位同学看一下,是否遇到类似情况,请注意,配置应该没有错,不然上线后就不能使用,这个问题是产生于服务正常使用一段时间后,出现这种情况,重启后就正常。