1
您好我目前在工作CSRFGuard 3,令牌驗證正常,但我得到錯誤以下。CSRF令牌不起作用?
java.lang.RuntimeException: unable to locate expected parameter Message
at org.owasp.csrfguard.action.AbstractAction.getParameter(AbstractAction.java:61)
at org.owasp.csrfguard.action.Log.execute(Log.java:44)
at org.owasp.csrfguard.CsrfGuard.isValidRequest(CsrfGuard.java:373)
at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:78)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
請檢查下面
Owasp.CsrfGuard.properties
org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.ConsoleLogger
org.owasp.csrfguard.ProtoctedMethod=POST,PUT,DELETE
org.owasp.csrfguard.TokenPerPage=true
org.owasp.csrfguard.Rotate=false
org.owasp.csrfguard.Ajax=true
org.owasp.csrfguard.action.Log=org.owasp.csrfguard.action.Log
org.owasp.csrfguard.Log.Message=potential cross-site request forgery attack thwarted(user %user%, ip %remote_ip%)
org.owasp.csrfguard.Redirect=org.owasp.csrfguard.action.Redirect
org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN
org.owasp.csrfguard.SessionKey=OWASP_CSRFTOKEN
org.owasp.csrfguard.TokenLength=32
org.owasp.csrfguard.PRNG=SHA1PRNG
**org.owasp.csrfguard.Protect=false**
org.owasp.csrfguard.unprotected.index=/contectpath/index.jsp
我的代碼時,馬克org.owasp.csrfguard.Protect =真.Token驗證方法,它的自我不是要求。
的web.xml
<listener>
<listener-class>org.owasp.csrfguard.CsrfGuardServletContextListener</listener-class>
</listener>
<listener>
<listener-class>org.owasp.csrfguard.CsrfGuardHttpSessionListener</listener-class>
</listener>
<context-param>
<param-name>Owasp.CsrfGuard.Config</param-name>
<param-value>/WEB-INF/config/Owasp.CsrfGuard.properties</param-value>
</context-param>
<context-param>
<param-name>Owasp.CsrfGuard.Config.Print</param-name>
<param-value>true</param-value>
</context-param>
<filter>
<filter-name>CSRFGuard</filter-name>
<filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CSRFGuard</filter-name>
<url-pattern>*.html</url-pattern>
</filter-mapping>
同時點擊F12,我能看到CSRF:令牌值值。
任何一個可以幫助me.What我做了錯誤