6

我有两台服务器——一台生产服务器和一台开发服务器——在 Windows Server 2008 R2 上的 IIS 7.5 上运行 ColdFusion 9.0.1。两者配置相同。我们有一个短暂的问题,在几周到几个月的正常运行时间之后,网站的某些部分(特别是 CFIDE 管理员门户和任何带有 cfwindow 标签的页面)将开始在日志。

根据一些 建议,我几个月前卸载并重新安装了所有热修复程序,五次检查我是否以正确的顺序应用它们并遵循正确的说明集。

这并没有解决问题,但是当我梳理日志文件时,我注意到另一个与 ESAPI 相关的错误(“ESAPI.properties 无法以任何方式加载。失败。”)在 jRun 重新启动后出现在日志中。我尝试将以下声明添加到java.argsin jvm.config

-Dorg.owasp.esapi.resources=E:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib

这似乎解决了几个月的问题;没有错误,一切正常。然后,昨天生产服务器再次开始抛出错误。我尝试重新启动 JRun 并重新启动服务器,但错误仍然存​​在。开发服务器非常好。

我尝试创建一个仅实例化和 cfdump 一个 ESAPIUtils 实例的脚本。在开发上,它会转储有关对象的元数据;在生产中,页面会导致错误。

我已经断断续续地与这个问题作斗争了将近一年。有时它会在几天后自行解决,有时会持续数周。我还没有想出一种“诱导”这种情况的方法,所以我们陷入了无法测试的“修复”,这些修复似乎可以工作一段时间,然后就不行了。

这似乎完全相切,但我们已经有内置IsImageFile()函数为有效图像返回 false 的实例。IsImageFile() 怪异似乎在“无法初始化类coldfusion.security.ESAPIUtils”疯狂开始之前就开始了。

以下是服务器版本:

ColdFusion Version: 9,0,1,274733
Operating System:   Windows Server 2008 R2 amd64 6.1
Web Server Software:    Microsoft-IIS/7.5
Java JVM:   1.8.0_05 Oracle Corporation 
JEE Server: JRun/4.0
Security Hotfixes (9.0.1):  APSB13-27, APSB13-19, APSB13-13, APSB13-10, ColdFusion 9.0.1     Cumulative Hotfix 4  (APSB13-03, APSB12-26, APSB12-21, APSB12-06, APSB11-29, APSB11-14, APSB11-04, APSB10-18), ColdFusion 9.0.1 Cumulative Hotfix 3, ColdFusion 9.0.1 Cumulative Hotfix 2, ColdFusion 9.0.1 Cumulative Hotfix 1
Connectors: JRun IIS 64 Bit Connector (Build 108858)

以及来自的堆栈跟踪cfusion-out.log

08/27 11:37:52 Error [jrpp-58] - Could not initialize class     08/27 11:37:52 Error [jrpp-58] - Could not initialize class coldfusion.security.ESAPIUtils The specific sequence of files included or processed is: E:\web\cfadmin\webroot\CFIDE\administrator\index.cfm, line: 30
08/27 11:37:52 error ROOT CAUSE: 
java.lang.NoClassDefFoundError: Could not initialize class coldfusion.security.ESAPIUtils
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at coldfusion.runtime.java.JavaProxy.invoke(JavaProxy.java:97)
at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:2360)
at cflogin2ecfm1599616868.runPage(C:\work\ColdFusion\cf9_u1_final_hotfix\cfusion\wwwroot\CFIDE\administrator\login.cfm:30)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:231)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:416)
at coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:2722)
at cfApplication2ecfm1920815415._factor5(C:\work\cf9_u1_final_hotfix\cfusion\wwwroot\CFIDE\administrator\Application.cfm:210)
at cfApplication2ecfm1920815415._factor9(C:\work\cf9_u1_final_hotfix\cfusion\wwwroot\CFIDE\administrator\Application.cfm:202)
at cfApplication2ecfm1920815415.runPage(C:\work\cf9_u1_final_hotfix\cfusion\wwwroot\CFIDE\administrator\Application.cfm:1)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:231)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:416)
at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
at coldfusion.filter.CfincludeFilter.include(CfincludeFilter.java:33)
at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:297)
at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
at coldfusion.filter.PathFilter.invoke(PathFilter.java:94)
at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)
at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62)
at coldfusion.CfmServlet.service(CfmServlet.java:201)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
javax.servlet.ServletException: ROOT CAUSE: 
java.lang.NoClassDefFoundError: Could not initialize class coldfusion.security.ESAPIUtils
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at coldfusion.runtime.java.JavaProxy.invoke(JavaProxy.java:97)
at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:2360)
at cflogin2ecfm1599616868.runPage(C:\work\ColdFusion\cf9_u1_final_hotfix\cfusion\wwwroot\CFIDE\administrator\login.cfm:30)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:231)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:416)
at coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:2722)
at cfApplication2ecfm1920815415._factor5(C:\work\cf9_u1_final_hotfix\cfusion\wwwroot\CFIDE\administrator\Application.cfm:210)
at cfApplication2ecfm1920815415._factor9(C:\work\cf9_u1_final_hotfix\cfusion\wwwroot\CFIDE\administrator\Application.cfm:202)
at cfApplication2ecfm1920815415.runPage(C:\work\cf9_u1_final_hotfix\cfusion\wwwroot\CFIDE\administrator\Application.cfm:1)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:231)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:416)
at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
at coldfusion.filter.CfincludeFilter.include(CfincludeFilter.java:33)
at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:297)
at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
at coldfusion.filter.PathFilter.invoke(PathFilter.java:94)
at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)
at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62)
at coldfusion.CfmServlet.service(CfmServlet.java:201)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:70)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
4

1 回答 1

1

为每个沙箱的 <CF_HOME>\lib 目录中的 esapi.properties 文件添加文件读取权限。如果您无法访问 CF 管理控制台,请在 neo-security.xml 中手动添加此权限,该文件可在 <CF_HOME>\lib 目录中找到。

于 2014-08-28T20:23:37.553 回答