j2ee里面的安全保护机制，导致LR定位不成功

Wins · 发表于 2005-9-9 17:27:44

我在解决了登录时候图片校验码的关联后（见上帖），在重现“新增”功能的时候，LR总是定位到原来的登录校验界面，这里面涉及了一个安全校验机制。可能因为我关联了原来init时候的登录校验码，或者导致不同的session（可能都不是这两个问题）。请教高手，如何避免J2EE的这个安全机制??系统是：tomcat+oracle

Wins · 发表于 2005-9-11 11:25:17

我想通过以下脚本的diff比较中，但是找不到任何有关session的异同。但在execution log里面的不同点，有sessionid (见下一段),这个数值是什么意思？据我所知，系统又自定义的session设置，也有j2ee的安全认证机制，从“在重现“新增”功能的时候，LR总是定位到原来的登录校验界面。。”提示来看，应该是后者校验上通不过，问一个额外的话题：自定义的session需要不需要关联？为什么没有关联到？第二段执行的日志中那个sessionid是自定义的还是j2ee自带的？有没做过session关联的朋友，提供一些信息？？
vuser_init:
....
web_url("17DPSYSMANAGE",
"URL=http://192.168.1.222/17DPSYSMANAGE/",
"Resource=0",
"RecContentType=text/html",
"Referer=",
"Snapshot=t1.inf",
"Mode=HTML",
LAST);
...

Wins · 发表于 2005-9-11 11:25:37

execution log:
......
Web recorder version ID: 3    [MsgId: MMSG-26846]
vuser_init.c(7): t=505ms: Connecting to host 192.168.1.222:80    [MsgId: MMSG-26000]
vuser_init.c(7): t=509ms: Connected socket from 192.168.1.123:2706 to 192.168.1.222:80 in 0 ms    [MsgId: MMSG-26000]
vuser_init.c(7): t=511ms: 154-byte request headers for "http://192.168.1.222/17DPSYSMANAGE/" (RelFrameId=1)
vuser_init.c(7):    GET /17DPSYSMANAGE/ HTTP/1.1\r\n
vuser_init.c(7):    Accept: */*\r\n
vuser_init.c(7):    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n
vuser_init.c(7):    Connection: Keep-Alive\r\n
vuser_init.c(7):    Host: 192.168.1.222\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7): t=529ms: 173-byte response headers for "http://192.168.1.222/17DPSYSMANAGE/" (RelFrameId=1)
vuser_init.c(7):    HTTP/1.1 302 Moved Temporarily\r\n
vuser_init.c(7):    Location: http://192.168.1.222/17DPSYSMANAGE/index.jsp\r\n
vuser_init.c(7):    Content-Length: 0\r\n
vuser_init.c(7):    Date: Fri, 09 Sep 2005 10:15:27 GMT\r\n
vuser_init.c(7):    Server: Apache-Coyote/1.1\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7): Redirecting "http://192.168.1.222/17DPSYSMANAGE/" (redirection depth=0)    [MsgId: MMSG-26694]
vuser_init.c(7): To location "http://192.168.1.222/17DPSYSMANAGE/index.jsp"    [MsgId: MMSG-26693]
vuser_init.c(7): t=566ms: Request done "http://192.168.1.222/17DPSYSMANAGE/"    [MsgId: MMSG-26000]
vuser_init.c(7): t=569ms: Connecting to host 192.168.1.222:80    [MsgId: MMSG-26000]
vuser_init.c(7): t=572ms: Connected socket from 192.168.1.123:2707 to 192.168.1.222:80 in 0 ms    [MsgId: MMSG-26000]
vuser_init.c(7): t=574ms: 163-byte request headers for "http://192.168.1.222/17DPSYSMANAGE/index.jsp" (RelFrameId=1)
vuser_init.c(7):    GET /17DPSYSMANAGE/index.jsp HTTP/1.1\r\n
vuser_init.c(7):    Accept: */*\r\n
vuser_init.c(7):    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n
vuser_init.c(7):    Connection: Keep-Alive\r\n
vuser_init.c(7):    Host: 192.168.1.222\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7): t=592ms: 219-byte response headers for "http://192.168.1.222/17DPSYSMANAGE/index.jsp" (RelFrameId=1)
vuser_init.c(7):    HTTP/1.1 200 OK\r\n
vuser_init.c(7):    Set-Cookie: JSESSIONID=F6B0CA206E729F03C35979F73FE475AF; Path=/17DPSYSMANAGE\r\n
vuser_init.c(7):    Content-Type: text/html;charset=GBK\r\n
vuser_init.c(7):    Content-Length: 189\r\n
vuser_init.c(7):    Date: Fri, 09 Sep 2005 10:15:27 GMT\r\n
vuser_init.c(7):    Server: Apache-Coyote/1.1\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7): t=616ms: 189-byte response body for "http://192.168.1.222/17DPSYSMANAGE/index.jsp" (RelFrameId=1)
vuser_init.c(7):    \r\n
vuser_init.c(7):    <html>\r\n
vuser_init.c(7):    <head>\r\n
vuser_init.c(7):    <title>17DP电子交易系统</title>\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    <meta http-equiv="refresh" content="0;URL=http://192.168.1.222:80/17DPSYSMANAGE/sysmanage/
vuser_init.c(7):    index.jsp">\r\n
vuser_init.c(7):    </head>\r\n
vuser_init.c(7):    <body>\r\n
vuser_init.c(7):    </body>\r\n
vuser_init.c(7):    </html>
vuser_init.c(7): Detected non-resource "http://192.168.1.222:80/17DPSYSMANAGE/sysmanage/index.jsp" in "http://192.168.1.222/17DPSYSMANAGE/index.jsp"    [MsgId: MMSG-26574]
vuser_init.c(7): t=650ms: Request done "http://192.168.1.222/17DPSYSMANAGE/index.jsp"    [MsgId: MMSG-26000]
vuser_init.c(7): t=654ms: Already connected to 192.168.1.222:80    [MsgId: MMSG-26000]
vuser_init.c(7): t=657ms: 281-byte request headers for "http://192.168.1.222:80/17DPSYSMANAGE/sysmanage/index.jsp" (RelFrameId=1)
vuser_init.c(7):    GET /17DPSYSMANAGE/sysmanage/index.jsp HTTP/1.1\r\n
vuser_init.c(7):    Referer: http://192.168.1.222/17DPSYSMANAGE/index.jsp\r\n
vuser_init.c(7):    Accept: */*\r\n
vuser_init.c(7):    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n
vuser_init.c(7):    Connection: Keep-Alive\r\n
vuser_init.c(7):    Host: 192.168.1.222\r\n
vuser_init.c(7):    Cookie: JSESSIONID=F6B0CA206E729F03C35979F73FE475AF\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7): t=675ms: 263-byte response headers for "http://192.168.1.222:80/17DPSYSMANAGE/sysmanage/index.jsp" (RelFrameId=1)
vuser_init.c(7):    HTTP/1.1 302 Moved Temporarily\r\n
vuser_init.c(7):    Pragma: No-cache\r\n
vuser_init.c(7):    Cache-Control: no-cache\r\n
vuser_init.c(7):    Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\n
vuser_init.c(7):    Location: http://192.168.1.222/17DPSYSMANAGE/sysuserLogin.jsp\r\n
vuser_init.c(7):    Content-Length: 0\r\n
vuser_init.c(7):    Date: Fri, 09 Sep 2005 10:15:27 GMT\r\n
vuser_init.c(7):    Server: Apache-Coyote/1.1\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7): Redirecting "http://192.168.1.222:80/17DPSYSMANAGE/sysmanage/index.jsp" (redirection depth=0)    [MsgId: MMSG-26694]
vuser_init.c(7): To location "http://192.168.1.222/17DPSYSMANAGE/sysuserLogin.jsp"    [MsgId: MMSG-26693]
vuser_init.c(7): t=700ms: Request done "http://192.168.1.222:80/17DPSYSMANAGE/sysmanage/index.jsp"    [MsgId: MMSG-26000]
vuser_init.c(7): t=703ms: Already connected to 192.168.1.222:80    [MsgId: MMSG-26000]
vuser_init.c(7): t=704ms: 278-byte request headers for "http://192.168.1.222/17DPSYSMANAGE/sysuserLogin.jsp" (RelFrameId=1)
vuser_init.c(7):    GET /17DPSYSMANAGE/sysuserLogin.jsp HTTP/1.1\r\n
vuser_init.c(7):    Referer: http://192.168.1.222/17DPSYSMANAGE/index.jsp\r\n
vuser_init.c(7):    Accept: */*\r\n
vuser_init.c(7):    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n
vuser_init.c(7):    Connection: Keep-Alive\r\n
vuser_init.c(7):    Host: 192.168.1.222\r\n
vuser_init.c(7):    Cookie: JSESSIONID=F6B0CA206E729F03C35979F73FE475AF\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7): t=724ms: 225-byte response headers for "http://192.168.1.222/17DPSYSMANAGE/sysuserLogin.jsp" (RelFrameId=1)
vuser_init.c(7):    HTTP/1.1 200 OK\r\n
vuser_init.c(7):    Pragma: No-cache\r\n
vuser_init.c(7):    Cache-Control: no-cache\r\n
vuser_init.c(7):    Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\n
vuser_init.c(7):    Content-Type: text/html;charset=GBK\r\n
vuser_init.c(7):    Content-Length: 1380\r\n
vuser_init.c(7):    Date: Fri, 09 Sep 2005 10:15:27 GMT\r\n
vuser_init.c(7):    Server: Apache-Coyote/1.1\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7): t=755ms: 1380-byte response body for "http://192.168.1.222/17DPSYSMANAGE/sysuserLogin.jsp" (RelFrameId=1)
vuser_init.c(7):    \r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    <div align="center">\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    </div>\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    <html>\r\n
vuser_init.c(7):    <head>\r\n
vuser_init.c(7):    <title>运营管理用户登录</title>\r\n
vuser_init.c(7):    </head>\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    <body>\r\n
vuser_init.c(7):    <p> \r\n
vuser_init.c(7):    <p>\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    <p> \r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    <form name="sysuserLoginForm" method="post" action="/17DPSYSMANAGE/sysuserLoginAction.do">
vuser_init.c(7):    \r\n
vuser_init.c(7):    <table width="70%" border="0">\r\n
vuser_init.c(7):    <tr align="center"> \r\n
vuser_init.c(7):       <td colspan="2"><h1><span class="style3">17DP运营管理用户登录</span></h1></td>\r\n
vuser_init.c(7):    </tr>\r\n
vuser_init.c(7):    <tr> \r\n
vuser_init.c(7):       <td width="355" height="35"><div align="right">用户名：</div></td>\r\n

Wins · 发表于 2005-9-11 11:26:03

接上，完整的：
vuser_init.c(7):       <td width="398"><input name="sysuserName" type="text" id="sysuserName"></td>\r\n
vuser_init.c(7):    </tr>\r\n
vuser_init.c(7):    <tr> \r\n
vuser_init.c(7):       <td height="24"><div align="right">密码：</div></td>\r\n
vuser_init.c(7):       <td><input name="password" type="password" id="password"></td>\r\n
vuser_init.c(7):    </tr>\r\n
vuser_init.c(7):    <tr> \r\n
vuser_init.c(7):       <td height="31"><div align="right">验证码：</div></td>\r\n
vuser_init.c(7):       <td><input name="validNum" type="text" id="validNum">\r\n
vuser_init.c(7):       \r\n
vuser_init.c(7):    \r\n
vuser_init.c(7):    <img src='/17DPSYSMANAGE/images/randImg/2.gif '><img src='/17DPSYSMANAGE/images/randImg/3.
vuser_init.c(7):    gif '><img src='/17DPSYSMANAGE/images/randImg/4.gif '><img src='/17DPSYSMANAGE/images/rand
vuser_init.c(7):    Img/4.gif '></td>\r\n
vuser_init.c(7):    </tr>\r\n
vuser_init.c(7):    <tr> \r\n
vuser_init.c(7):       <td><div align="right"> \r\n
vuser_init.c(7):          <input type="submit" name="Submit" value="登录">\r\n
vuser_init.c(7):          </div></td>\r\n
vuser_init.c(7):       <td><input type="reset" name="reset" value="清除"></td>\r\n
vuser_init.c(7):    </tr>\r\n
vuser_init.c(7):    </table>\r\n
vuser_init.c(7):    </form>\r\n
vuser_init.c(7):    </body>\r\n
vuser_init.c(7):    </html>
vuser_init.c(7): Found resource "http://192.168.1.222/17DPSYSMANAGE/images/randImg/2.gif" in HTML "http://192.168.1.222/17DPSYSMANAGE/sysuserLogin.jsp"    [MsgId: MMSG-26659]
vuser_init.c(7): Found resource "http://192.168.1.222/17DPSYSMANAGE/images/randImg/3.gif" in HTML "http://192.168.1.222/17DPSYSMANAGE/sysuserLogin.jsp"    [MsgId: MMSG-26659]
vuser_init.c(7): Found resource "http://192.168.1.222/17DPSYSMANAGE/images/randImg/4.gif" in HTML "http://192.168.1.222/17DPSYSMANAGE/sysuserLogin.jsp"    [MsgId: MMSG-26659]
vuser_init.c(7): t=901ms: Request done "http://192.168.1.222/17DPSYSMANAGE/sysuserLogin.jsp"    [MsgId: MMSG-26000]
vuser_init.c(7): t=905ms: Already connected to 192.168.1.222:80    [MsgId: MMSG-26000]
vuser_init.c(7): t=907ms: 289-byte request headers for "http://192.168.1.222/17DPSYSMANAGE/images/randImg/3.gif" (RelFrameId=)
vuser_init.c(7):    GET /17DPSYSMANAGE/images/randImg/3.gif HTTP/1.1\r\n
vuser_init.c(7):    Referer: http://192.168.1.222/17DPSYSMANAGE/sysuserLogin.jsp\r\n
vuser_init.c(7):    Accept: */*\r\n
vuser_init.c(7):    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n
vuser_init.c(7):    Connection: Keep-Alive\r\n
vuser_init.c(7):    Host: 192.168.1.222\r\n
vuser_init.c(7):    Cookie: JSESSIONID=F6B0CA206E729F03C35979F73FE475AF\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7): t=928ms: Already connected to 192.168.1.222:80    [MsgId: MMSG-26000]
vuser_init.c(7): t=930ms: 289-byte request headers for "http://192.168.1.222/17DPSYSMANAGE/images/randImg/2.gif" (RelFrameId=)
vuser_init.c(7):    GET /17DPSYSMANAGE/images/randImg/2.gif HTTP/1.1\r\n
vuser_init.c(7):    Referer: http://192.168.1.222/17DPSYSMANAGE/sysuserLogin.jsp\r\n
vuser_init.c(7):    Accept: */*\r\n
vuser_init.c(7):    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n
vuser_init.c(7):    Connection: Keep-Alive\r\n
vuser_init.c(7):    Host: 192.168.1.222\r\n
vuser_init.c(7):    Cookie: JSESSIONID=F6B0CA206E729F03C35979F73FE475AF\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7): t=951ms: 206-byte response headers for "http://192.168.1.222/17DPSYSMANAGE/images/randImg/3.gif" (RelFrameId=)
vuser_init.c(7):    HTTP/1.1 200 OK\r\n
vuser_init.c(7):    ETag: W/"1006-1126078162000"\r\n
vuser_init.c(7):    Last-Modified: Wed, 07 Sep 2005 07:29:22 GMT\r\n
vuser_init.c(7):    Content-Type: image/gif\r\n
vuser_init.c(7):    Content-Length: 1006\r\n
vuser_init.c(7):    Date: Fri, 09 Sep 2005 10:15:27 GMT\r\n
vuser_init.c(7):    Server: Apache-Coyote/1.1\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7): t=972ms: 1006-byte response body for "http://192.168.1.222/17DPSYSMANAGE/images/randImg/3.gif" (RelFrameId=)
vuser_init.c(7): t=975ms: Request done "http://192.168.1.222/17DPSYSMANAGE/images/randImg/3.gif"    [MsgId: MMSG-26000]
vuser_init.c(7): t=977ms: Already connected to 192.168.1.222:80    [MsgId: MMSG-26000]
vuser_init.c(7): t=978ms: 289-byte request headers for "http://192.168.1.222/17DPSYSMANAGE/images/randImg/4.gif" (RelFrameId=)
vuser_init.c(7):    GET /17DPSYSMANAGE/images/randImg/4.gif HTTP/1.1\r\n
vuser_init.c(7):    Referer: http://192.168.1.222/17DPSYSMANAGE/sysuserLogin.jsp\r\n
vuser_init.c(7):    Accept: */*\r\n
vuser_init.c(7):    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n
vuser_init.c(7):    Connection: Keep-Alive\r\n
vuser_init.c(7):    Host: 192.168.1.222\r\n
vuser_init.c(7):    Cookie: JSESSIONID=F6B0CA206E729F03C35979F73FE475AF\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7): t=1000ms: 206-byte response headers for "http://192.168.1.222/17DPSYSMANAGE/images/randImg/2.gif" (RelFrameId=)
vuser_init.c(7):    HTTP/1.1 200 OK\r\n
vuser_init.c(7):    ETag: W/"1005-1126078162000"\r\n
vuser_init.c(7):    Last-Modified: Wed, 07 Sep 2005 07:29:22 GMT\r\n
vuser_init.c(7):    Content-Type: image/gif\r\n
vuser_init.c(7):    Content-Length: 1005\r\n
vuser_init.c(7):    Date: Fri, 09 Sep 2005 10:15:27 GMT\r\n
vuser_init.c(7):    Server: Apache-Coyote/1.1\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7): t=1020ms: 1005-byte response body for "http://192.168.1.222/17DPSYSMANAGE/images/randImg/2.gif" (RelFrameId=)
vuser_init.c(7): t=1023ms: Request done "http://192.168.1.222/17DPSYSMANAGE/images/randImg/2.gif"    [MsgId: MMSG-26000]
vuser_init.c(7): t=1024ms: 206-byte response headers for "http://192.168.1.222/17DPSYSMANAGE/images/randImg/4.gif" (RelFrameId=)
vuser_init.c(7):    HTTP/1.1 200 OK\r\n
vuser_init.c(7):    ETag: W/"1005-1126078162000"\r\n
vuser_init.c(7):    Last-Modified: Wed, 07 Sep 2005 07:29:22 GMT\r\n
vuser_init.c(7):    Content-Type: image/gif\r\n
vuser_init.c(7):    Content-Length: 1005\r\n
vuser_init.c(7):    Date: Fri, 09 Sep 2005 10:15:27 GMT\r\n
vuser_init.c(7):    Server: Apache-Coyote/1.1\r\n
vuser_init.c(7):    \r\n
vuser_init.c(7): t=1052ms: 1005-byte response body for "http://192.168.1.222/17DPSYSMANAGE/images/randImg/4.gif" (RelFrameId=)
vuser_init.c(7): t=1055ms: Request done "http://192.168.1.222/17DPSYSMANAGE/images/randImg/4.gif"    [MsgId: MMSG-26000]
vuser_init.c(7): web_url was successful, 4585 body bytes, 1498 header bytes    [MsgId: MMSG-27176]
vuser_init.c(15): web_set_max_html_param_len was successful    [MsgId: MMSG-27182]

yuxingxin · 发表于 2005-9-12 10:16:25

自言自语。

什么是j2ee的安全保护机制？跟http协议有什么关系？

Wins · 发表于 2005-9-12 12:31:09

这个是引用到java里面的某个安全认证，一般可从数据库中绑定功能角色，然后在界面操作中，凡是涉及到角色权限的话，都要再次验证一次。

[ Last edited by Wins on 2005-9-12 at 12:32 ]

		自动登录	找回密码
密码			(注-册)加入51Testing

j2ee里面的安全保护机制，导致LR定位不成功

相关帖子

站长推荐 /1