今天我在Tomcat的catalina.out中找到了一个来自黑客的友好提示。发生异常后必须有一些泄漏,使用户能够写入stderr或stdout。日志文件的部分如下所示:
...
Oct 16, 2018 12:40:21 AM org.apache.coyote.http11.AbstractHttp11Processor process
INFO: Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
at org.apache.coyote.http11.InternalInputBuffer.parseRequestLine(InternalInputBuffer.java:136)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1028)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:662)
**Did you see me on the stderr window?**
**Did you see me on the browser window as well?**
com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Duplicate entry '244790-85.25.210' for key 'PRIMARY'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
...
我怀疑异常使 stderr 保持打开状态,并且用户能够写入日志。我的机器是带有Tomcat 7.077的Debian 8.7。
有谁知道这是怎么发生的?
">你看到我了吗"行由Tomcat示例Web应用程序中的某个页面打印。(默认情况下,该 Web 应用程序存在。如果您使用 Tomcat 服务器进行生产,则应将其删除(。
阅读内容:
- 打印这些消息的 JSP 文件的源代码 来自 Tomcat
- 用户指南的安全操作方法(适用于 Tomcat 9。Tomcat 7也有类似的页面。