2016-07-14 104 views
0

我在Spring MVC中正確配置了多部分表單,但是當我將Spring Security添加到我的項目時,我無法再上傳文件。我不知道,什麼會導致這種情況,實際上我嘗試了我在stackoverflow中找到的每個解決方案。Spring Security不檢測多部分配置

Spring MVC的:

public class MvcConfig extends WebMvcConfigurerAdapter { 

@Bean 
public InternalResourceViewResolver viewResolver(){ 
    InternalResourceViewResolver viewResolver = new InternalResourceViewResolver(); 
    viewResolver.setViewClass(JstlView.class); 
    viewResolver.setPrefix("/WEB-INF/views/"); 
    viewResolver.setSuffix(".jsp"); 
    return viewResolver; 
} 

@Bean 
public CommonsMultipartResolver filterMultipartResolver() { 
    CommonsMultipartResolver resolver = new CommonsMultipartResolver(); 
    resolver.setDefaultEncoding("utf-8"); 
    return resolver; 
} 

@Override 
public void addResourceHandlers(final ResourceHandlerRegistry registry) { 
    registry.addResourceHandler("/resources/**").addResourceLocations("/resources/"); 
} 

ServletInitializer:

public class ServletInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { 

@Override 
protected Class<?>[] getServletConfigClasses() { 
    return new Class[]{MvcConfig.class}; 
} 

@Override 
protected String[] getServletMappings() { 
    return new String[]{"/"}; 
} 

@Override 
protected Class<?>[] getRootConfigClasses() { 
    return new Class[]{MessageSecurityWebApplicationInitializer.class, SecurityConfig.class}; 
} 

安全配置:

public class SecurityConfig extends WebSecurityConfigurerAdapter { 

@Autowired 
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
    auth 
      .inMemoryAuthentication() 
      .withUser("user").password("password").roles("USER") 
      .and() 
      .withUser("admin").password("1234").roles("USER", "ADMIN"); 
} 


@Override 
public void configure(WebSecurity web) throws Exception { 
    web 
      .ignoring() 
      .antMatchers("/resources/**"); // #3 
} 

@Override 
protected void configure(HttpSecurity http) throws Exception { 
    http 
      .authorizeRequests() 
      .antMatchers("/", "/login", "/getPhoto/{id}", "/deletePhoto/{id}").permitAll() 
      .antMatchers("/remove").hasRole("ADMIN") 
      .antMatchers("/add/**", "/upload/**").hasAnyRole("ADMIN", "USER") 
      .anyRequest().authenticated() // 7 
      .and() 
      .formLogin() 
      .loginPage("/login") 
      .successForwardUrl("/") 
      .usernameParameter("userLogin") 
      .passwordParameter("userPassword") 
      .failureForwardUrl("/login?error=true"); 
} 

MessageSecurityWebApplicationInitializer

public class MessageSecurityWebApplicationInitializer 
    extends AbstractSecurityWebApplicationInitializer { 


@Override 
protected void beforeSpringSecurityFilterChain(ServletContext servletContext) { 
    insertFilters(servletContext, new MultipartFilter()); 
} 

上傳映射:

@RequestMapping(value = "/upload", method = RequestMethod.POST) 
public String uploadWallpaper(@RequestParam("wallpaperFile") MultipartFile file, 
           @RequestParam("category") String category) { 
    Wallpaper wallpaper = new Wallpaper(); 

    try { 
     wallpaper.setName(file.getOriginalFilename()); 
     wallpaper.setData(file.getBytes()); 
     wallpaper.setCategory(category); 
     serviceDAO.addObject(wallpaper); 

     return "redirect:/"; 
    } catch (IOException e) { 
     return "add_wallpaper"; 
    } 
} 

HTML形式:

<spring:url value="/upload?${_csrf.parameterName}=${_csrf.token}" var="formURL"/> 
    <form method="post" enctype="multipart/form-data" action="/upload?${_csrf.parameterName}=${_csrf.token}"> 
... 

異常我仍然接收:

org.springframework.web.multipart.MultipartException: Could not parse multipart servlet request; nested exception is java.lang.IllegalStateException: Unable to process parts as no multi-part configuration has been provided 
org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.parseRequest(StandardMultipartHttpServletRequest.java:111) 
org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.<init>(StandardMultipartHttpServletRequest.java:85) 
org.springframework.web.multipart.support.StandardServletMultipartResolver.resolveMultipart(StandardServletMultipartResolver.java:76) 
org.springframework.web.multipart.support.MultipartFilter.doFilterInternal(MultipartFilter.java:112) 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
+0

你只有一個mvc配置,'MultipartFilter'查看它沒有的bean的根上下文。因此沒有任何東西會從濾鏡的視角中被檢測到。 –

回答

0

我用這個配置:

@Bean 
public CommonsMultipartResolver multipartResolver(){ 
    CommonsMultipartResolver commonsMultipartResolver = new CommonsMultipartResolver(); 
    commonsMultipartResolver.setMaxInMemorySize(MEMORY_SIZE); 
    commonsMultipartResolver.setMaxUploadSize(UPLOAD_SIZE); 
    return commonsMultipartResolver; 
} 

如果我沒有創建一個擴展類 AbstractSecurityWebApplicationInitializer。儘量不要使用這個類並設置上面的bean。

+0

謝謝,它的工作原理!我認爲這個班是必不可少的。 – Tymek