春季MVC - 上傳文件被春季安全阻止

我在嘗試上傳文件。它適用於我，但如果我想使用上傳文件，它不起作用。我得到這個錯誤春季MVC - 上傳文件被春季安全阻止

HTTP Status 405 - Request method 'POST' not supported

但是，如果我在web.xml評論這些行它的工作原理：

<filter> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter> 


    <filter-mapping> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping>

我嘗試添加該配置，但它並沒有幫助

<filter> 
    <display-name>springMultipartFilter</display-name> 
    <filter-name>springMultipartFilter</filter-name> 
    <filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>springMultipartFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

這是我所有的web.xml

<?xml version="1.0" encoding="UTF-8"?> 
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> 

    <!-- The definition of the Root Spring Container shared by all Servlets 
     and Filters --> 
    <context-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value> 
      /WEB-INF/spring/root-context.xml, 
      /WEB-INF/spring-security.xml 
     </param-value> 
    </context-param> 

    <!-- Creates the Spring Container shared by all Servlets and Filters --> 
    <listener> 
     <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
    </listener> 

    <!-- Processes application requests --> 
    <servlet> 
     <servlet-name>appServlet</servlet-name> 
     <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
     <init-param> 
      <param-name>contextConfigLocation</param-name> 
      <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value> 
     </init-param> 
     <load-on-startup>1</load-on-startup> 
    </servlet> 

    <servlet-mapping> 
     <servlet-name>appServlet</servlet-name> 
     <url-pattern>/</url-pattern> 
    </servlet-mapping> 

     <filter> 
    <filter-name>encodingFilter</filter-name> 
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 
    <init-param> 
     <param-name>encoding</param-name> 
     <param-value>UTF-8</param-value> 
    </init-param> 
    <init-param> 
     <param-name>forceEncoding</param-name> 
     <param-value>true</param-value> 
    </init-param> 
</filter> 

<filter-mapping> 
    <filter-name>encodingFilter</filter-name> 
    <url-pattern>/</url-pattern> 
</filter-mapping> 

    <!-- Spring Security --> 
     <filter> 
     <display-name>springMultipartFilter</display-name> 
     <filter-name>springMultipartFilter</filter-name> 
     <filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class> 
    </filter> 
    <filter> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter> 

    <filter-mapping> 
     <filter-name>springMultipartFilter</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 

    <filter-mapping> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 



</web-app>

你有什麼想法在哪裏可能是一個問題？我使用這些版本的春春的安全：

<org.springframework.version>4.0.4.RELEASE</org.springframework.version> 
<org.springframework.security.version>3.2.3.RELEASE</org.springframework.security.version>

控制器

@Controller 
public class FileUploadController { 

    private static final Logger logger = LoggerFactory 
      .getLogger(FileUploadController.class); 

    @RequestMapping(value = "/uploadOneFile", method = RequestMethod.POST) 
    public @ResponseBody 
    String uploadFileHandler(@RequestParam("name") String name, 
      @RequestParam("file") MultipartFile file) { 

     if (!file.isEmpty()) { 
      try { 
       byte[] bytes = file.getBytes(); 

       // Creating the directory to store file 
       String rootPath = System.getProperty("catalina.home"); 
       File dir = new File(rootPath + File.separator + "tmpFiles"); 
       if (!dir.exists()) 
        dir.mkdirs(); 

       // Create the file on server 
       File serverFile = new File(dir.getAbsolutePath() 
         + File.separator + name); 
       BufferedOutputStream stream = new BufferedOutputStream(
         new FileOutputStream(serverFile)); 
       stream.write(bytes); 
       stream.close(); 

       logger.info("Server File Location=" 
         + serverFile.getAbsolutePath()); 

       return "You successfully uploaded file=" + name; 
      } catch (Exception e) { 
       return "You failed to upload " + name + " => " + e.getMessage(); 
      } 
     } else { 
      return "You failed to upload " + name 
        + " because the file was empty."; 
     } 
    } 

}

JSP

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> 
<%@ page session="false" %> 
<html> 
<head> 
<title>Upload File Request Page</title> 
</head> 
<body> 

    <form method="POST" action="uploadOneFile" enctype="multipart/form-data"> 
     File to upload: <input type="file" name="file"><br /> 
     Name: <input type="text" name="name"><br /> <br /> 
     <input type="submit" value="Upload"> Press here to upload the file! 
    </form> 

</body> 
</html>

春季安全配置

<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.2.xsd"> 

    <!-- enable use-expressions --> 
    <http auto-config="true" use-expressions="true"> 

     <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" /> 

     <!-- access denied page --> 
     <access-denied-handler error-page="/403" /> 

     <form-login 
      login-page="/login" 
      default-target-url="/admin/goods" 
      authentication-failure-url="/login?error" 
      username-parameter="username" 
      password-parameter="password" /> 
     <logout logout-success-url="/login?logout" /> 
     <!-- enable csrf protection --> 
     <csrf/> 
    </http> 

    <!-- Select users and user_roles from database --> 
    <authentication-manager> 
     <authentication-provider> 
     <jdbc-user-service data-source-ref="dataSource" 
      users-by-username-query= 
      "select username,password, enabled from admin where username=?" 
      authorities-by-username-query= 
      "select username, role from user_roles where username =? " /> 
     </authentication-provider> 
    </authentication-manager> 

</beans:beans>

來源

2014-09-01 user1604064

您需要向我們展示您生成將用於提交文件的表單的JSP/HTML頁面代碼。 – Aeseir 2014-09-02 02:41:19

您還需要粘貼您的控制器代碼，以便我們可以看到它是如何處理的 – Aeseir 2014-09-02 02:43:03

我更新了我的問題（已添加jsp，控制器和安全配置） – user1604064 2014-09-02 18:04:55

我解決了這個問題，我說？$ {_ csrf.parameterName} = $ {_ csrf.token}結束我的形態動作

<form method="POST" action="uploadOneFile**?${_csrf.parameterName}=${_csrf.token}**" enctype="multipart/form-data">

現在它的作品的！

來源

2014-09-13 08:34:10 user1604064

爲什麼有這些星號？它只有在我將它們移除時才適用於我。 – 2016-01-14 18:51:53

-1

更改以下

<form method="POST" action="uploadOneFile" enctype="multipart/form-data">

到以下

<form method="POST" action="/uploadOneFile" enctype="multipart/form-data">

讓我知道如果這樣的作品，如果沒有的話，我會建議另一回事。

來源

2014-09-03 01:12:41 Aeseir

它沒有幫助。我的應用程序在 'http：// localhost：8080/spring-hibernate4 /' 上運行，所以當我設置爲

春季MVC - 上傳文件被春季安全阻止

回答

相關問題