文件上载(multipart)不适用于Zuul Proxy

时间:2016-05-09 11:28:57

标签: spring spring-security

我在Spring Boot和Angular JS中使用Spring安全性。

在我的应用程序中,每个请求都是使用Zuul代理从Gateway应用程序重定向到其他应用程序。文件上载模块在此体系结构中不起作用。 文件上传javascript代码如下:

if(idProofFile.files.length == 0)
    {
        $scope.alerts = [
                         { type: 'danger', msg: 'No File(s) selected, please Browse and Select ID Proof File(s) first.' },
                         ];
        return;
    }
    else{

        // Upload user's files::
        //create form data to send via POST
        var formData = new FormData();

        for(var i=0; i< idProofFile.files.length; i++){
            if(idProofFile.files[i].size > 31457280) // check for each file size should not be more than 30 MB = 30*1024*1024 bytes
            {
                $scope.alerts = [
                                 { type: 'danger', msg: 'The size of file: '+ idProofFile.files[i].name +' is more than 30 MB. Max limit of a file size is 30 MB.'}
                                 ];
                return;
            }
            else{
                var extension = idProofFile.files[i].name.substr(idProofFile.files[i].name.lastIndexOf('.') + 1).toLowerCase();
                //alert(extension);

                if (idProofFile.files[i].name.length > 0)
                {
                    if (allowedExtensions.indexOf(extension) === -1) 
                    {
                        $scope.alerts = [
                                         { type: 'danger', msg: 'Only PDF files are allowed. Selected file:- '+ idProofFile.files[i].name +' is a .'+extension+' file.'}
                                         ];
                        return;
                    }
                }
            }

            formData.append("idProof",idProofFile.files[i]);
        }

        var request = new XMLHttpRequest();

        request.open('POST', 'resource/upload_id_proof/' +$rootScope.loggedInUserPrimaryKeyId+'/'+$rootScope.loggedInUserId, false);
        request.send(formData);

Spring安全代码如下:

  @Override
public void configure(WebSecurity web) throws Exception {
    web
        .ignoring()
            .antMatchers("/update_new_user/**");
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.httpBasic().and().authorizeRequests()
            //.antMatchers("/index.html", "/", "/login", "/message", "/home")
            //.antMatchers("/index.html", "/", "/login", "/message", "/home", "/css", "/font-awesome/**", "/fonts", "/img/**", "/js/**", "/less", "/mail").permitAll()
            .antMatchers("/index.html", "/", "/css/**", "/font-awesome/**", "/fonts", "/img/**", "/js/**", "/less", "/mail").permitAll()
            //.antMatchers("/ui/", "/ui/public/js/**", "/ui/js/**").permitAll()
            .antMatchers("/ui/public/**").hasAnyAuthority("Admin", "SuperAdmin", "Owner", "Tenant")
            .antMatchers("/ui/private/projectadmin/**").hasAuthority("Admin")
            .antMatchers("/ui/private/superadmin/**").hasAuthority("SuperAdmin")
            .antMatchers("/ui/private/owner/**").hasAuthority("Owner")
            .antMatchers("/ui/private/tenant/**").hasAuthority("Tenant")
            .anyRequest().authenticated()
            .and()
            .csrf()
            .csrfTokenRepository(csrfTokenRepository()).and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);

}

private Filter csrfHeaderFilter() {
    return new OncePerRequestFilter() {
        @Override
        protected void doFilterInternal(HttpServletRequest request,
                HttpServletResponse response, FilterChain filterChain)
                        throws ServletException, IOException {
            CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class
                    .getName());
            if (csrf != null) {
                Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
                String token = csrf.getToken();
                if (cookie == null || token != null
                        && !token.equals(cookie.getValue())) {
                    cookie = new Cookie("XSRF-TOKEN", token);
                    cookie.setPath("/");
                    response.addCookie(cookie);
                }
            }
            filterChain.doFilter(request, response);
        }
    };
}

控制器代码如下:

@RequestMapping(value="/upload_id_proof/{userPrimaryKeyId}/{userId}", method = RequestMethod.POST)
public @ResponseBody String uploadIdProof(
    //@RequestParam(value = "infoClient") String infoClientString,
    @RequestParam(value = "idProof") MultipartFile[] idProofFiles,
    @PathVariable Long userPrimaryKeyId,
    @PathVariable String userId) {

请求在网关&#39;应用程序将请求重定向到资源&#39;应用。网关的例外情况是&#39;应用程序如下:

**Invalid CSRF token found for localhost:8080/resource/upload_id_proof/40/11**

详细日志:

2016-04-29 10:00:05.797 DEBUG 6020 --- [nio-8080-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/configprops.'] 
2016-04-29 10:00:05.797 DEBUG 6020 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/resource/upload_id_proof/40/11'; against '/configprops.' 
2016-04-29 10:00:05.797 DEBUG 6020 --- [nio-8080-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/configprops/'] 
2016-04-29 10:00:05.797 DEBUG 6020 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/resource/upload_id_proof/40/11'; against '/configprops/' 
2016-04-29 10:00:05.797 DEBUG 6020 --- [nio-8080-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : No matches found 
2016-04-29 10:00:05.797 DEBUG 6020 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /resource/upload_id_proof/40/11 at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
2016-04-29 10:00:05.797 DEBUG 6020 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /resource/upload_id_proof/40/11 at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
2016-04-29 10:00:05.800 DEBUG 6020 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@493c907: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@493c907: Principal: org.springframework.security.core.userdetails.User@620: Username: 11; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Owner; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: b6cd10df-a20e-49ae-9212-d32e7520db8f; Granted Authorities: Owner' 
2016-04-29 10:00:05.800 DEBUG 6020 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /resource/upload_id_proof/40/11 at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
2016-04-29 10:00:05.800 DEBUG 6020 --- [nio-8080-exec-1] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@3439c41 
2016-04-29 10:00:05.800 DEBUG 6020 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /resource/upload_id_proof/40/11 at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter' 
2016-04-29 10:00:05.800 DEBUG 6020 --- [nio-8080-exec-1] o.s.security.web.csrf.CsrfFilter : Invalid CSRF token found for http://localhost:8080/resource/upload_id_proof/40/11 
2016-04-29 10:00:05.802 DEBUG 6020 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed

请帮我成功地继续向控制器提出请求。

0 个答案:

没有答案
相关问题
最新问题