gpt4 book ai didi

java - Token/TokenSession 拦截器导致 HttpSession 上出现空指针

转载 作者:塔克拉玛干 更新时间:2023-11-02 08:08:57 27 4
gpt4 key购买 nike

我正在开发 struts2 web 应用程序,我正在使用 token 拦截器处理 CSRF 漏洞。

我正在做的是关于成功和错误,我将将用户重定向到同一页面,但会出现操作错误或成功消息。

<action name="saveApplicationForm" class="action.ApplicationFormAction" 
method="saveApplicationForm">
<interceptor-ref name="token" />
<result name="invalid.token" type="tiles">applicationForm.tiles</result>
<result name="input" type="tiles">applicationForm.tiles</result>
</action>

没有 token /tokenSession 拦截器,一切正常,但是当我使用拦截器时,我得到 NullPointerException。

堆栈跟踪

java.lang.NullPointerException: null
at action.ApplicationFormAction.saveApplicationForm(ApplicationFormAction.java:218) ~[ApplicationFormAction.class:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_67]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_67]
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67]
at com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultActionInvocation.java:450) [xwork-core-2.3.16.3.jar:2.3.16.3]
at com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(DefaultActionInvocation.java:289) [xwork-core-2.3.16.3.jar:2.3.16.3]
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:252) [xwork-core-2.3.16.3.jar:2.3.16.3]
at org.apache.struts2.interceptor.TokenInterceptor.handleValidToken(TokenInterceptor.java:193) [struts2-core-2.3.16.3.jar:2.3.16.3]
at org.apache.struts2.interceptor.TokenInterceptor.handleToken(TokenInterceptor.java:154) [struts2-core-2.3.16.3.jar:2.3.16.3]
at org.apache.struts2.interceptor.TokenInterceptor.doIntercept(TokenInterceptor.java:142) [struts2-core-2.3.16.3.jar:2.3.16.3]
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) [xwork-core-2.3.16.3.jar:2.3.16.3]
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) [xwork-core-2.3.16.3.jar:2.3.16.3]
at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54) [struts2-core-2.3.16.3.jar:2.3.16.3]
at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:562) [struts2-core-2.3.16.3.jar:2.3.16.3]
at org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:77) [struts2-core-2.3.16.3.jar:2.3.16.3]
at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:99) [struts2-core-2.3.16.3.jar:2.3.16.3]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.63]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.63]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) [catalina.jar:7.0.63]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) [catalina.jar:7.0.63]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) [catalina.jar:7.0.63]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) [catalina.jar:7.0.63]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) [catalina.jar:7.0.63]
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:957) [catalina.jar:7.0.63]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) [catalina.jar:7.0.63]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423) [catalina.jar:7.0.63]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079) [tomcat-coyote.jar:7.0.63]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:620) [tomcat-coyote.jar:7.0.63]
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318) [tomcat-coyote.jar:7.0.63]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_67]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_67]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-coyote.jar:7.0.63]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_67]

Action 类

public class ApplicationFormAction extends ActionSupport implements ModelDriven<ApplicationFormBean>, SessionAware
{
private Map<String, Object> session;
// getter and setter

public String saveApplicationForm()
{
// getting nullpointer here
ApplicationFormBean sessApplicationFormBean = (ApplicationFormBean) this.session.get(SESSION_KEY_APPLICANT);
}

}
  1. 代码有什么问题?

  2. 不在同一页面上重定向会导致问题(提交的 token 会与新生成的 token 不同)?

  3. 如果是,那么我应该如何处理这种情况而不重定向到其他页面?

最佳答案

<action name="saveApplicationForm" class="action.ApplicationFormAction" 
method="saveApplicationForm">
<interceptor-ref name="token" />
<result name="invalid.token" type="tiles">applicationForm.tiles</result>
<result name="input" type="tiles">applicationForm.tiles</result>
</action>

您正在仅运行 token 拦截器。您需要改为运行整个堆栈,其中包含 token 拦截器。否则像参数拦截器和模型驱动拦截器这样的强制拦截器(因为你使用的是模型驱动)将不会运行,参数不会被设置,你将得到 NullPointerException。将其更改为:

<action name="saveApplicationForm" class="action.ApplicationFormAction"
method="saveApplicationForm">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="token" />
<result name="invalid.token" type="tiles">applicationForm.tiles</result>
<result name="input" type="tiles">applicationForm.tiles</result>
</action>

还要注意术语,您不是在重定向任何东西,您只是在调度。重定向意味着一系列完全不同的问题,例如丢失参数,并且它只发生在 redirectredirectAction 结果中。

关于java - Token/TokenSession 拦截器导致 HttpSession 上出现空指针,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31602767/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com