在"struts2学习笔记-Action的配置及基础应用和原理"篇学习笔记中的动态方法调用部分曾经提到过一个安全问题,其原文:
For Struts 2, we added a switch to disable DMI for two reasons. First, DMI can cause security issues if POJO actions are used. Second, DMI overlaps with the Wildcard Method feature that we brought over from Struts 1 (and from Cocoon before that). If you have security concerns, or would like to use the "!" character with Wildcard Method actions, then set struts.enable.DynamicMethodInvocation to FALSE in the application configuration.
昨天在进行struts2和Spring2整合的过程中也发现一个问题,就是当把Struts2的action交给Spring进行管理时,
发现当在Struts2中通过配置逻辑action调用同一个action类中的不同方法时,出现一旦给一个action中的类变量赋值后,在下次调用同一个action中的另外一个方法时,该变量的值仍然存在,action类并没有被重新实例化,后来经过不断的日志分析和测试,发现问题竟然出现在Spring对Action的配置管理上,将Spring中的Action配置改为如下:
<bean id="SysUserAction" class="com.web.actions.SysUserAction" scope="prototype"> <property name="boSYS_USER" ref="IBoSYS_USER"/> </bean>
重新部署运行,K,问题终于解决了,真弱智!只顾着去怪Struts2,居然忘记Spring了,看来以后查问题还得先好好分析确定问题的边界,不能太盲目...