我正在使用Dojo上传器。它在HTML5插件方面运行得很好。但是,如果我强制使用Flash插件,它将失败并显示下一条消息:
“服务器无法响应”
在服务器端,Spring安全性正在抛出这个:
Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
22:33:06,375 DEBUG ty.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at com.springsource.insight.collection.tcserver.request.HttpRequestOperationCollectionValve.traceNextValve(HttpRequestOperationCollectionValve.java:116)
at com.springsource.insight.collection.tcserver.request.HttpRequestOperationCollectionValve.invoke(HttpRequestOperationCollectionValve.java:98)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
flash插件是否缺少会话ID?
这是我的js代码:
forma = new Form({
method: 'post',
enctype: 'multipart/form-data',
'class': 'Uploader',
action: dojo.config.app.urlBase + 'upload/cargaArchivos'
}, 'cargaForm');
btnCargar = new Button({
type: 'submit',
label: 'Cargar'
}, 'submitCarga');
btnReset = new Button({
type: 'reset',
label: 'Limpiar',
onClick: function(){
// limpiamos el array de archivos agregados
uploader.reset();
console.log(uploader.getFileList());
}
}, 'resetForm');
uploader = new dojox.form.Uploader({
id: 'uploader',
name: 'uploadedfile',
showInput: 'before',
isDebug: true,
url: dojo.config.app.urlBase + 'upload/cargaArchivos',
multiple: true,
force: 'flash',
onComplete: function(respuesta){
// Aqui se puede hacer algo con el objeto de respuesta que se devuelve.
console.log(respuesta);
},
onChange: function(archivos){
// Aquí se podrían listar los archivos en alguna tabla.
console.log(archivos);
}
}, 'uploader');
uploader.startup();
}
更新,我没有使用FileUploader因为它已被弃用,但Uploader.upload()方法也会收到一个formData对象。
首先我要尝试的是阅读cookie。检查其他请求的标题:
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language es-mx,en-us;q=0.7,en;q=0.3
Connection keep-alive
Content-Type application/x-www-form-urlencoded
**Cookie undefined=root; undefined=6%2C6%2F4; JSESSIONID=9F0E7745730639A3D0989C5D379A74FB**
Host localhost:8080
Referer http://localhost:8080/sep-sajja-web/
User-Agent Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:14.0) Gecko/20100101 Firefox/14.0.1
X-Requested-With XMLHttpRequest
因此cookie名称是JSESSIONID。但是当我尝试
时dojo.cookie('JSESSIONID');
它返回undefined ......我会继续尝试。
普通javascript:
document.cookie.split(";")
只给我一个饼干:[“undefined = 6%2C6%2F4”]
也许权限很重要?
...更新 是的,它看起来像 - > how can i read JSESSIONID with javascript?
答案 0 :(得分:2)
这是如何通过Flash插件将数据发送到服务器的示例
http://livedocs.dojotoolkit.org/dojox/form/FileUploader#server-side
我无法找到关于是否使用帖子发送cookie(从调用窗口继承)的信息 - 但应该有一个可能的解决方案,通过GET查询参数或自定义 POST数据。
new dojox.form.Uploader( {
// ... your configurations
postData: {
sessionid: dojo.cookie('JSPCOOKIENAME_UNKNOWN_TO_ME')
});
您可能已经注意到,springframework对我来说并不熟悉,但是通过简单搜索如何基于令牌创建身份验证,我认为您正在寻找与以下内容的相似之处。至少会有一些类别流行语来搜索
Authentication authentication = this.authenticationProvider.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authentication);
如果您启用了登录功能,我相信令牌可以通过
进行审核UsernamePasswordAuthenticationToken token =
new UsernamePasswordAuthenticationToken(username, password);
User details = new User(username);
token.setDetails(details);
您需要知道servlet使用了哪个authenticationprovider,并且在<filters>