我最近通过添加csrf支持对我的spring应用程序进行了一些更改。为此,我还必须改变以前处理多部分请求的方式。
为了确保多部分请求正常通过,我将org.springframework.web.multipart.support.MultipartFilter放在org.springframework.web.filter.DelegatingFilterProxy之前web.xml
虽然它对大多数请求工作正常,但有些请求没有在控制器级别接收任何请求参数。我调试了一下,发现在这段代码
HttpServletRequest processedRequest = request;
if (multipartResolver.isMultipart(processedRequest)) {
if (logger.isDebugEnabled()) {
logger.debug("Resolving multipart request [" + processedRequest.getRequestURI() +
"] with MultipartFilter");
}
processedRequest = multipartResolver.resolveMultipart(processedRequest);
}
else {
// A regular request...
if (logger.isDebugEnabled()) {
logger.debug("Request [" + processedRequest.getRequestURI() + "] is not a multipart request");
}
}
MultipartFilter内的未将我的请求作为multipart处理。在进行multipartResolver.isMultipart(processedRequest)检查时,请求将转到else部分。
JSP中的表单包含enctype="multipart/form-data"参数。
<form:form modelAttribute="configVO" name="ConfigForm" method="post" enctype="multipart/form-data" action="${contextPath}/project/urlConfig">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<div class="urldivSales">
<div class="main-subdiv-urls-msa">
<div class="leftlable">
<span>Website Name</span>
</div>
</div>
<div class="main-subdiv-urls-msa">
<div class="leftlable">
<span>Request URL</span>
</div>
</div>
<div class="main-subdiv-urls-msa">
<div class="leftlable">
<span>Response URL</span>
</div>
</div>
<div class="main-subdiv-urls-msa">
<div class="leftlable">
<span>Image Name</span>
</div>
</div>
<div class="main-subdiv-urls-msa">
<div class="leftlable">
<span>Image File</span>
</div>
</div>
<div class="main-subdiv-urls-msa">
<div class="rightbox">
<div id='url'></div>
</div>
</div>
<div class="main-subdiv-urls-msa">
<div class="rightbox">
<div id='req'></div>
</div>
</div>
<div class="main-subdiv-urls-msa">
<div class="rightbox">
<div id='res'></div>
</div>
</div>
<div class="main-subdiv-urls-msa">
<div class="rightbox">
<div id='image'></div>
</div>
</div>
<div class="main-subdiv-urls-msa">
<div class="rightbox">
<div id='imageFile'></div>
</div>
</div>
<div class="form3buttons">
<input type="button" name="button" id="save" value="Save" onclick="validateForm();" />
<input type="button" name="cancel" id="cancel" value="Cancel" />
</div>
</div>
</form:form>
javascript验证方法
function validateForm() {
$('#save').attr('disabled', 'disabled');
var isValid = false;
var noOfRows = '${num}';
var webSiteArray = new Array();
var imageNameArray = new Array();
for(var i=0; i<noOfRows; i++) {
var web = "web"+i;
var req = "req"+i;
var res = "res"+i;
var image = "image"+i;
var webSiteUrl = document.getElementById(web).value;
var imageNameValue = document.getElementById(image).value;
webSiteArray[i]= webSiteUrl;
imageNameArray[i]= imageNameValue;
var newReqUrl = document.getElementById(req).value;
var newResUrl = document.getElementById(res).value;
isValid = checkParm(webSiteUrl,newReqUrl,newResUrl);
if (!isValid) {
$('#save').removeAttr("disabled");
break;
}
}
if (isValid) {
if (checkValueisEqual(webSiteArray, imageNameArray)) {
var contextPath = '${contextPath}'+'/project/urlConfig';
document.forms[0].action= contextPath;
document.forms[0].submit();
}
}
}
在web.xml中过滤映射
<filter>
<filter-name>MultipartFilter</filter-name>
<filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class>
</filter>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>MultipartFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这里唯一特别的事情是<input type="file">元素是使用javascript动态添加的。
我在这里遗漏了什么......最后要注意的是 - 在添加csrf支持之前,代码运行正常并且在控制器端接收到请求参数
答案 0 :(得分:0)
感谢M.Deinum询问提交请求的方式。
我设法通过改变表单的提交方式来实现它。
这是改变 用于验证的javascript函数
function validateForm() {
$('#save').attr('disabled', 'disabled');
var isValid = false;
var noOfRows = '${num}';
var webSiteArray = new Array();
var imageNameArray = new Array();
for(var i=0; i<noOfRows; i++) {
var web = "web"+i;
var req = "req"+i;
var res = "res"+i;
var image = "image"+i;
var webSiteUrl = document.getElementById(web).value;
var imageNameValue = document.getElementById(image).value;
webSiteArray[i]= webSiteUrl;
imageNameArray[i]= imageNameValue;
var newReqUrl = document.getElementById(req).value;
var newResUrl = document.getElementById(res).value;
isValid = checkParm(webSiteUrl,newReqUrl,newResUrl);
if (!isValid) {
$('#save').removeAttr("disabled");
return false;
}
}
if (isValid) {
if (checkValueisEqual(webSiteArray, imageNameArray)) {
return true;
}
return false;
} }
表单更改
<form:form modelAttribute="configVO" name="ConfigForm" method="post" enctype="multipart/form-data" action="${contextPath}/project/urlConfig" onsubmit = "return validateForm();">
<input type="submit" name="button" id="save" value="Save" />