Struts 2：上傳文件被Spring Security阻止

我使用Spring和Struts2，hibernate，Spring Security。我的問題是當我點擊提交他海報JSP頁面被阻止的訪問。我覺得resultAction這個問題沒有執行。Struts 2：上傳文件被Spring Security阻止

DocumentAction.java

package com.web.actions; 


import java.io.File; 

import com.opensymphony.xwork2.ActionSupport; 

public class DocumentAction extends ActionSupport { 


     /** 
    * 
    */ 
    private static final long serialVersionUID = -8801071547543777086L; 
     private File fileUpload; 
     private String fileUploadContentType; 
     private String fileUploadFileName; 

     public String getFileUploadContentType() { 
      return fileUploadContentType; 
     } 

     public void setFileUploadContentType(String fileUploadContentType) { 
      this.fileUploadContentType = fileUploadContentType; 
     } 

     public String getFileUploadFileName() { 
      return fileUploadFileName; 
     } 

     public void setFileUploadFileName(String fileUploadFileName) { 
      this.fileUploadFileName = fileUploadFileName; 
     } 

     public File getFileUpload() { 
      return fileUpload; 
     } 

     public void setFileUpload(File fileUpload) { 
      this.fileUpload = fileUpload; 
     } 

     public String execute() throws Exception{ 
      System.out.println("Votre Fichier est bien telecharger"); 
      return SUCCESS; 

     } 

     public String display() { 
      return NONE; 
     } 

    }

的security.xml

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd 
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security-4.2.xsd"> 
    <http> 

     <access-denied-handler error-page="/private/accessDenied.jsp" /> 

     <!-- permettre l'acces aux feuille de style, img, page public et JS à tous 
      le monde --> 
     <!-- isAnonymous() or hasRole('ROLE_ANONYMOUS') --> 
     <intercept-url pattern="/css/**" access="permitAll" /> 
     <intercept-url pattern="/js/**" access="permitAll" /> 
     <intercept-url pattern="/img/**" access="permitAll" /> 
     <intercept-url pattern="/login*" access="isAnonymous()" /> 
     <intercept-url pattern="/logout*" access="isAuthenticated()" /> 





     <!-- permettre l'acces aux actions public --> 
     <intercept-url pattern="/public/**" access="isAnonymous()" /> 

     <!-- zone privée user --> 
     <intercept-url pattern="/private/user/*" access="hasRole('ROLE_USER')" /> 
     <intercept-url pattern="/private/user/**" access="hasRole('ROLE_USER')" /> 
     <intercept-url pattern="/private/user/professeur/*" access="hasRole('ROLE_USER')" /> 
     <intercept-url pattern="/private/user/professeur/**" access="hasRole('ROLE_USER')" /> 
     <!-- zone privée admin --> 

     <intercept-url pattern="/private/admin/*" access="hasRole('ROLE_ADMIN')" /> 
     <intercept-url pattern="/private/admin/**" access="hasRole('ROLE_USER')" /> 
     <intercept-url pattern="/private/**" access="isAuthenticated()" /> 

     <intercept-url pattern="/**" access="denyAll" /> 

     <form-login login-page="/public/showLoginPage" 
      default-target-url="/private/initUserHome" 
      authentication-failure-url="/public/loginFailure.jsp" /> 

     <logout logout-success-url="/public/showLoginPage" logout-url="/logout" 
      delete-cookies="JSESSIONID" /> 

    </http> 

    <authentication-manager> 
     <authentication-provider user-service-ref="utlisateurService"> 
      <password-encoder hash="sha"> 
       <salt-source user-property="username" /> 
      </password-encoder> 

     </authentication-provider> 
    </authentication-manager> 

    <authentication-manager> 
    <authentication-provider> 
    <user-service> 
    <user name="admin" password="admin" authorities="ROLE_ADMIN" /> 
    <user name="user" password="user" authorities="ROLE_USER" /> 
    </user-service> 
    </authentication-provider> 
    </authentication-manager> 
</beans:beans>

struts.xml中

<package name="ProfesseurPackage" namespace="/private/user/professeur" extends="struts-default"> 

    <action name="fileUploadAction" class="com.web.actions.DocumentAction" method="display"> 
      <result name="none">fileupload.jsp</result> 
     </action> 

     <action name="resultAction" class="com.web.actions.DocumentAction" method="execute"> 

      <interceptor-ref name="exception"/> 
      <interceptor-ref name="i18n"/> 
      <interceptor-ref name="fileUpload"> 
       <param name="allowedTypes">text/plain</param> 
       <param name="maximumSize">10240</param> 
      </interceptor-ref> 
      <interceptor-ref name="params"> 
       <param name="excludeParams">dojo\..*,^struts\..*</param> 
      </interceptor-ref> 
      <interceptor-ref name="validation"> 
       <param name="excludeMethods">input,back,cancel,browse</param> 
      </interceptor-ref> 
      <interceptor-ref name="workflow"> 
       <param name="excludeMethods">input,back,cancel,browse</param> 
      </interceptor-ref> 

      <result name="success">result.jsp</result> 
      <result name="input">fileupload.jsp</result> 

     </action> 


    </package>

fileupload.jsp

<%@ taglib prefix="s" uri="/struts-tags" %> 
<html> 
<head> 
<s:head /> 
</head> 

<body> 
<h1>Struts 2 &lt;s:file&gt; file upload example</h1> 

<s:form action="resultAction" method="POST" enctype="multipart/form-data"> 
<input type="hidden" name="${_csrf.parameterName}" 
        value="${_csrf.token}" /> 
<s:file name="fileUpload" label="Select a File to upload" size="40" /> 

<s:submit value="submit" name="submit" /> 

</s:form> 

</body> 
</html

來源

2017-06-04 malkimou

將namespace屬性添加到<s:form>標記。由於上傳操作在/private/user/professeur下配置。應該標識用戶使用該名稱空間。

<s:form action="resultAction" namespace="/private/user/professeur" method="POST" enctype="multipart/form-data">

來源

2017-06-06 10:03:17

Struts 2：上傳文件被Spring Security阻止

回答

相關問題