2013年9月28日星期六

High-end atmosphere on the grade BUG -> Action in Service sporadic null pointer error

java.lang.NullPointerException
    at com.sunwave.action.privilege.UserAction.findUserPageInfo(UserAction.java:78)

omit the N word
Frame : SSH, service injection in the Action , the configuration file is as follows:
<!--用户管理-->
<bean id="userAction" class="com.sunwave.action.privilege.UserAction" scope="prototype">
<property name="userService" ref="userService"/>
<property name="systemParameterService" ref="systemParameterService"></property>
</bean>
<bean id="userService" class="com.sunwave.service.impl.privilege.UserServiceImpl"
parent="baseService">
<property name="roleService" ref="roleService"/>
<property name="empService" ref="empService"/>
<property name="systemParameterService" ref="systemParameterService"/>
<property name="userDao"><ref bean="userDao"/></property>
</bean>    
<bean id="userDao" class="com.sunwave.dao.impl.privilege.UserDaoHibImpl" 
  parent="baseDAO">
</bean>

Under normal circumstances, the error does not occur , the system posted to the public network even now , initially suspected to be high-traffic concurrency errors, doubts whether the single-case model and service related to solving ~ ~
------ Solution ------------------------------------------- -
code, and information should be posted all right,
example at com.sunwave.action.privilege.UserAction.findUserPageInfo (UserAction.java: 78) This is a code
------ Solution --------- -----------------------------------
first , perhaps , when you're testing a parameter not used to , used it on the line before this problem occurred
The second , and perhaps really high concurrent access problems , that no way to solve it on their own .
------ Solution ---------------------------------------- ----
scope = "prototype" you configure this, to break the single-case model . Which each request to create a new action a .
------ Solution ---------------------------------------- ----
method parameter problem ?
------ Solution ----------------------------- ---------------
may be timing problem
------ Solution ----------------- ---------------------------
UserAction.java: 78 is infoMap = userService.findUserByCon (start, limit, user ) ; this line ?
------ Solution ------------------------------- -------------
in this method will be added before logging parameters to a log file to facilitate later
------ Solution ------- -------------------------------------
whether through stress tests to reproduce the problem ? ;
------ Solution --------------------------------------- -----
Map session = ActionContext.getContext (). getSession ();
......
infoMap = userService.findUserByCon (start, limit, user);

you this action I have seen at least two potential safety hazard .

1. Struts has not recommended action in passing ActionContext.getContext () Gets the session . Officials have said that the phenomenon may appear empty , can go to the official website to see Kang .
2. use userService should determine whether the former is empty, it is good programming practice .
------ Solution ---------------------------------------- ----
missing jar package you carefully look at the lack of spring and struts may be associated with the package
------ For reference only -------- -------------------------------

followed conventional null pointer error message should not the code error, because the time is running locally is normal , there are other commonly used modules have similar problems
------ For reference only ----------------- ----------------------

parameters of the problem should be unlikely, even if there is , it should be ACTION mismatch , the current situation is action into the future service is null, and is even now . . .
------ For reference only -------------------------------------- -

Yes , action is polymorphic , but the service and dao default is a single case of
------ For reference only ----------- ----------------------------

not . . .
------ For reference only -------------------------------------- -

public String findUserPageInfo(){		
Map session = ActionContext.getContext().getSession();

user.setUserLevel((Integer)session.get(USER_LEVEL));
user.setLcId((Integer)session.get(USER_ID));
Integer userType = (Integer)session.get(USER_TYPE);
user.setCpUserType(userType);
if((user.getUserLevel().equals(Common.SUPER_USER_LEVEL) || user.getUserLevel().equals(Common.SYSTEM_ADMIN_LEVEL))
&& userType.equals(Common.COMPANY_USER_TYPE)){
}else{
user.setUserType(userType);
}
user.setCpTopId((Integer)session.get(Common.USER_TOPID));
if(user.getCorpId()== null)
user.setCorpId((Integer)session.get(Common.USER_COMPANYID));
infoMap=userService.findUserByCon(start,limit,user);
return SUCCESS;
}

------ For reference only ----------------------------------- ----

seeking Comments ?

------ For reference only ---------------------------------- -----


Yes

------ For reference only ---------------------------------- -----

let me testers to try, I add a catch to the exception breakpoint
------ For reference only ---------- -----------------------------

1. ah , thanks for suggestions , which are generally taken from the request session , non- I code, to make improvements
2. from a security perspective , userService is the first judgment null, but normal logic , spring injected service is not empty , we can not because some parts of the BUG and add some empty judgment redundant code bar
------ For reference only --------------------------------------- < br>
lack the nerve to stand how this kind of thing happen package . . . struts2-spring-plugin-2.0.11.1.jar I use this
------ For reference only ---------------------- -----------------
after repeated testing, I found the following situation will arise as BUG, is user login system , the establishment of session, and then use that error action directly in the web browser address input access , because without an argument , so there will be a null pointer error . As to the circumstances under which the action occurs is not clear , I think the user should not be boring to manually enter an ACTION address. . .

If this is the cause , the problem becomes how to shield focus of these operations , such as a user logs in, he wanted to try to obtain greater rights to the data , and then he would enter the user management module action addresses or is deliberately attack the server , continue to produce abnormal or even write a script, stop hair ajax request , but his address is also requested action is in line with struts blocking rules , and even a little wrong parameters , OH, MY GOD
------ For reference only ---------------------------------------




parameters of the problem , after all, still and scattered it, but the trigger is a bit more special

没有评论:

发表评论