我正在使用org.apache.catalina.filters.CsrfPreventionFilter来阻止跨站点请求伪造,但是当用户点击链接时遇到问题,该链接将他置于HTTP 404.在此之后,对于所有请求,它开始抛出403.
例如,当用户尝试下载不再存在的csv文件时,他将被重定向到404.jsp页面。 csv文件的链接是这样的:
http://localhost:8080/mc-portal/uploaded_numbers/03002790541_20150509144859.csv?org.apache.catalina.filters.CSRF_NONCE=5F5CC51CFC21FD96B09E93F40666DC44
之后无论哪个链接用户尝试访问它,总是抛出以下403:
"NetworkError: 403 Forbidden - http://localhost:8080/mc-portal/logout?org.apache.catalina.filters.CSRF_NONCE=8A9F00AA9B26A285D7FC0C3FBE160E61"
404.jsp错误页面已放在web.xml中的entryPoints参数值中:
<filter>
<filter-name>CsrfFilter</filter-name>
<filter-class>org.apache.catalina.filters.CsrfPreventionFilter</filter-class>
<init-param>
<param-name>entryPoints</param-name>
<param-value>/index.jsp,/login,/home.jsp,/logout,/404.jsp</param-value>
</init-param>
<init-param>
<param-name>nonceCacheSize</param-name>
<param-value>
5
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CsrfFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>