我已经阅读了这里的所有帖子,与我的问题相关,并完成了他们的建议,但没有帮助。我是这个方向的新手。我正在使用spring mvc + security。这是我的代码清单。
MVC初始化
import com.company.bank.config.AppConfig;
import org.springframework.web.WebApplicationInitializer;
import org.springframework.web.context.ContextLoaderListener;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import org.springframework.web.filter.CharacterEncodingFilter;
import org.springframework.web.multipart.support.MultipartFilter;
import org.springframework.web.servlet.DispatcherServlet;
import javax.servlet.*;
import java.util.EnumSet;
public class SpringMVCInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
EnumSet<DispatcherType> dispatcherTypes = EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD, DispatcherType.INCLUDE);
//Multipart filter registration (WORK's)
MultipartFilter multipartFilter = new MultipartFilter();
multipartFilter.setMultipartResolverBeanName("filterMultipartResolver");
FilterRegistration.Dynamic multipartDecoder = servletContext.addFilter("multipartResolver", multipartFilter);
multipartDecoder.addMappingForUrlPatterns(dispatcherTypes, true, "/*");
//Decoding filter registration (IT DOESN'T WORK!)
FilterRegistration.Dynamic characterEncoder = servletContext.addFilter("encodingFilter", new CharacterEncodingFilter());
characterEncoder.setInitParameter("encoding", "UTF-8");
characterEncoder.setInitParameter("forceEncoding", "true");
characterEncoder.addMappingForUrlPatterns(dispatcherTypes, true, "/*");
characterEncoder.setAsyncSupported(true);
//Creating root Spring context (WORK's)
AnnotationConfigWebApplicationContext ctx = new AnnotationConfigWebApplicationContext();
ctx.register(AppConfig.class);
ctx.setServletContext(servletContext);
ctx.refresh();
//Dispatcher servllet registration (WORK's)
ServletRegistration.Dynamic dispatcher = servletContext.addServlet("dispatcher", new DispatcherServlet(ctx));
dispatcher.addMapping("/");
dispatcher.setLoadOnStartup(1);
servletContext.addListener(new ContextLoaderListener(ctx));
}
}
安全初始化
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
import org.springframework.web.multipart.support.MultipartFilter;
import javax.servlet.ServletContext;
/**
* Created by OAM on 01.12.2015.
*/
public class SpringSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
//telling spring security to use Multipart Filter before filter chain (for multipart+CSRF) WORK's
@Override
protected void beforeSpringSecurityFilterChain(ServletContext servletContext) {
insertFilters(servletContext, new MultipartFilter());
}
}
应用配置
import com.company.bank.tasks.rates_updater.JAXB.XMLCurrRates;
import com.company.bank.tasks.rates_updater.RatesUpdater;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.jdbc.datasource.DriverManagerDataSource;
import org.springframework.orm.jpa.JpaTransactionManager;
import org.springframework.orm.jpa.JpaVendorAdapter;
import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean;
import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter;
import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.annotation.EnableTransactionManagement;
import org.springframework.web.multipart.commons.CommonsMultipartResolver;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.view.JstlView;
import org.springframework.web.servlet.view.UrlBasedViewResolver;
import javax.persistence.EntityManagerFactory;
import javax.sql.DataSource;
/**
* Created by OAM on 21.11.2015.
*/
@Configuration
@EnableWebMvc
@EnableTransactionManagement
@ComponentScan("com.company.bank")
@EnableScheduling
public class AppConfig {
@Bean
public RatesUpdater update() {
return new RatesUpdater("http://pf-soft.net/service/currency/", XMLCurrRates.class);
}
@Bean
public LocalContainerEntityManagerFactoryBean entityManagerFactory(DataSource dataSource, JpaVendorAdapter adapter) {
LocalContainerEntityManagerFactoryBean emf = new LocalContainerEntityManagerFactoryBean();
emf.setDataSource(dataSource);
emf.setJpaVendorAdapter(adapter);
emf.setPackagesToScan("com.company.bank");
return emf;
}
@Bean
public PlatformTransactionManager transactionManager(EntityManagerFactory emf) {
return new JpaTransactionManager(emf);
}
@Bean
public JpaVendorAdapter jpaVendorAdapter() {
HibernateJpaVendorAdapter adapter = new HibernateJpaVendorAdapter();
adapter.setShowSql(false);
adapter.setGenerateDdl(false);
adapter.setDatabasePlatform("org.hibernate.dialect.MySQLDialect");
return adapter;
}
@Bean
public DataSource dataSource() {
DriverManagerDataSource ds = new DriverManagerDataSource();
ds.setDriverClassName("com.mysql.jdbc.Driver");
ds.setUrl("jdbc:mysql://localhost:3306/bank");
ds.setUsername("******");
ds.setPassword("******");
return ds;
}
@Bean
public UrlBasedViewResolver setupViewResolver() {
UrlBasedViewResolver resolver = new UrlBasedViewResolver();
resolver.setPrefix("/WEB-INF/pages/");
resolver.setSuffix(".jsp");
resolver.setViewClass(JstlView.class);
resolver.setOrder(1);
return resolver;
}
@Bean(name = "filterMultipartResolver")
public CommonsMultipartResolver filterMultipartResolver() {
CommonsMultipartResolver filterMultipartResolver = new CommonsMultipartResolver();
filterMultipartResolver.setMaxUploadSize(100000000);
filterMultipartResolver.setMaxInMemorySize(10000000);
return filterMultipartResolver;
}
}
安全问题
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
/**
* Created by OAM on 01.12.2015.
*/
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("userDetailsService")
UserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService);
}
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/index").permitAll()
.antMatchers("/login**").permitAll()
.antMatchers("/admin**").access("hasRole('ROLE_ADMIN')")
.antMatchers("/client**").access("hasRole('ROLE_CLIENT')")
.antMatchers("/inspector").authenticated()
.anyRequest().authenticated()
.and().csrf()
.and()
.formLogin().loginPage("/login").failureUrl("/login?error").usernameParameter("username")
.passwordParameter("password").permitAll().defaultSuccessUrl("/inspector")
.and().logout().logoutSuccessUrl("/login?logout")
.and().httpBasic()
.and().headers().httpStrictTransportSecurity().includeSubDomains(true).maxAgeInSeconds(31536000)
.and().xssProtection().block(false);
}
}
请帮我解决我的问题
答案 0 :(得分:0)
我会尝试 -
//Decoding filter registration (IT DOESN'T WORK!)
CharacterEncodingFilter cef = new CharacterEncodingFilter();
cef .setEncoding("UTF-8");
cef .setForceEncoding(true);
FilterRegistration.Dynamic characterEncoder = servletContext.addFilter("encodingFilter", cef);
characterEncoder.setInitParameter("encoding", "UTF-8");
characterEncoder.setInitParameter("forceEncoding", "true");
characterEncoder.addMappingForUrlPatterns(dispatcherTypes, true, "/*");
characterEncoder.setAsyncSupported(true);
这应确保过滤器具有编码集