Java apache CsrfPreventionFilter和404错误
我正在使用Java apache CsrfPreventionFilter和404错误,java,jsp,tomcat7,Java,Jsp,Tomcat7,我正在使用org.apache.catalina.filters.CsrfPreventionFilter来防止跨站点请求伪造,但当用户单击将其连接到HTTP 404的链接时,会遇到问题。之后,对于所有请求,它开始抛出403 例如,当用户尝试下载不再存在的csv文件时,他会被重定向到404.jsp页面。指向csv文件的链接如下所示: http://localhost:8080/mc-portal/uploaded_numbers/03002790541_20150509144859.csv?or
org.apache.catalina.filters.CsrfPreventionFilter
来防止跨站点请求伪造,但当用户单击将其连接到HTTP 404的链接时,会遇到问题。之后,对于所有请求,它开始抛出403
例如,当用户尝试下载不再存在的csv文件时,他会被重定向到404.jsp页面。指向csv文件的链接如下所示:
http://localhost:8080/mc-portal/uploaded_numbers/03002790541_20150509144859.csv?org.apache.catalina.filters.CSRF_NONCE=5F5CC51CFC21FD96B09E93F40666DC44
之后,无论用户尝试访问哪个链接,始终抛出以下403:
"NetworkError: 403 Forbidden - http://localhost:8080/mc-portal/logout?org.apache.catalina.filters.CSRF_NONCE=8A9F00AA9B26A285D7FC0C3FBE160E61"
404.jsp错误页已放置在web.xml的entryPoints参数值中:
<filter>
<filter-name>CsrfFilter</filter-name>
<filter-class>org.apache.catalina.filters.CsrfPreventionFilter</filter-class>
<init-param>
<param-name>entryPoints</param-name>
<param-value>/index.jsp,/login,/home.jsp,/logout,/404.jsp</param-value>
</init-param>
<init-param>
<param-name>nonceCacheSize</param-name>
<param-value>
5
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CsrfFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
CsrfFilter
org.apache.catalina.filters.CsrfPreventionFilter
入口点
/jsp、/login、/home.jsp、/logout、/404.jsp
非等长尺寸
5.
CsrfFilter
/*