JBoss 6.1.0 AS 过滤器在 web.xml 中的位置
Posted
技术标签:
【中文标题】JBoss 6.1.0 AS 过滤器在 web.xml 中的位置【英文标题】:JBoss 6.1.0 AS filter position in web.xml 【发布时间】:2019-11-13 01:32:36 【问题描述】:尝试在 JBoss 6.1.0 中部署 WAR 时显示以下错误
DEPLOYMENTS IN ERROR:
Deployment
"vfs:///D:/workspace/.metadata/.plugins/org.jboss.ide.eclipse.as.core/JBoss_AS_6.x1555321418499/deploy/MyProject.war" is in error due to the following reason(s):
org.jboss.xb.binding.JBossXBRuntimeException: filter cannot appear in this position. Expected content of web-app is unordered_sequence: error-page* welcome-file-list? servlet-mapping* login-config? mime-mapping* distributable? session-config? security-role* taglib* security-constraint* context-param* servlet* all descriptionGroup? unordered_sequence jndiEnvironmentRefsGroup?
以下是web.xml文件
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:web="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<param-name>resteasy.scan</param-name>
<param-value>false</param-value>
</context-param>
<filter>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>mypackage.restauthentication.RestAuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/services/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>REST Service</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>mypackage.restauthentication</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>REST Service</servlet-name>
<url-pattern>/service/*</url-pattern>
</servlet-mapping>
</web-app>
根据错误信息,<filter> 被错误地放置在web.xml 中。 web-app 的预期内容是 unordered_sequence: error-page* welcome-file-list? servlet 映射* 登录配置? mime-mapping* 可分发?会话配置? security-role* taglib* security-constraint* context-param* servlet* all descriptionGroup? unordered_sequence jndiEnvironmentRefsGroup?
放置相同物品的正确顺序是什么?这是一个使用基本身份验证部署 Jersey REST Web 服务的 Web 存档。
【问题讨论】:
【参考方案1】:试试这个..
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:web="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<param-name>resteasy.scan</param-name>
<param-value>false</param-value>
</context-param>
<servlet>
<servlet-name>REST Service</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>mypackage.restauthentication</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>REST Service</servlet-name>
<url-pattern>/service/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>mypackage.restauthentication.RestAuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/services/*</url-pattern>
</filter-mapping>
</web-app>
【讨论】:
以上是关于JBoss 6.1.0 AS 过滤器在 web.xml 中的位置的主要内容,如果未能解决你的问题,请参考以下文章
CVE-2017-12149 JBOOS AS 6.X 反序列化漏洞利用--自测
如何将X-Frame-Options标头设置为Jboss-as-7.1.1.Final?要求是在服务器的欢迎页面中设置此标头