在Spring MVC + Spring Security中使用参数进行重定向

时间:2012-11-26 12:17:13

标签: spring security parameters

我正在使用Spring MVC + Spring Security 3.1开发应用程序,我的应用程序通过某个URL调用,该URL包含一个XML文件作为字符串的参数。

我正在测试环境中开发,所以我构建了一个测试控制器,我做了:

String parameter = "<Usuario>\n\t<ID>primaria</ID>\n</Usuario>";
return "redirect:/autenticacion/primaria?parametro=" + parameter;

我得到以下例外:

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.IllegalArgumentException: Invalid characters (CR/LF) in redirect location
    org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:894)
    org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:88)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
    org.springframework.security.config.debug.DebugFilter.doFilterInternal(DebugFilter.java:45)
    org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
    org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)

我可以做些什么来模拟它?

编辑:我改变了实际的参数内容。问题是我无法删除\ t和\ r \ n字符,因为该参数是由外部应用生成的,因此我必须“接受”包含\ r和\ t的参数...我该怎么做?

2 个答案:

答案 0 :(得分:1)

看起来这只是一个编码问题,所以你可以自己手动完成。但Spring默认会将模型属性添加到重定向URI中,因此您可能只需执行此操作

@RequestMapping(...)
public String handle(Model model, ...) {
    ...
    String parameter = "<Usuario>\n\t<ID>primaria</ID>\n</Usuario>";
    model.addAttribute("parametro", parameter);
    return "redirect:/autenticacion/primaria";
}

答案 1 :(得分:0)

好吧,最后我发现了一个解决方法......

我已经构建了一个捕获“冲突”调用的过滤器,并用'\ 0'字符替换'\ r'字符,它可以正常工作! Spring Security不会抱怨:)

@Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        HttpServletRequest httpRequest = (HttpServletRequest) request;

        String incomingUrl = httpRequest.getRequestURI();
        // Se comprueba si la url original tiene caracter de retorno de carro
        if (incomingUrl.indexOf('\r') >= 0) {
            //Sustituye todos los caracteres retorno de carro por caracter vacío.
            String newUrl = incomingUrl.replaceAll("\r", "");
            //Asigna una nueva url a la petición.
            RequestDispatcher requestDispatcher = request
                    .getRequestDispatcher(newUrl);
            requestDispatcher.forward(request, response);
        }
        //Sique adelante la cadena de filtros.
        chain.doFilter(request, response);
    }
相关问题
最新问题