Spring Security不会检测多部分配置

时间:2016-07-14 11:28:03

标签: java spring spring-mvc spring-security multipartform-data

我在Spring MVC中配置了正确的多部分表单,但是当我将Spring Security添加到我的项目中时,我再也无法上传文件了。我不知道,是什么导致这种情况,实际上我尝试了在stackoverflow中找到的每个解决方案。

Spring MVC:

public class MvcConfig extends WebMvcConfigurerAdapter {

@Bean
public InternalResourceViewResolver viewResolver(){
    InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
    viewResolver.setViewClass(JstlView.class);
    viewResolver.setPrefix("/WEB-INF/views/");
    viewResolver.setSuffix(".jsp");
    return viewResolver;
}

@Bean
public CommonsMultipartResolver filterMultipartResolver() {
    CommonsMultipartResolver resolver = new CommonsMultipartResolver();
    resolver.setDefaultEncoding("utf-8");
    return resolver;
}

@Override
public void addResourceHandlers(final ResourceHandlerRegistry registry) {
    registry.addResourceHandler("/resources/**").addResourceLocations("/resources/");
}

ServletInitializer:

public class ServletInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

@Override
protected Class<?>[] getServletConfigClasses() {
    return new Class[]{MvcConfig.class};
}

@Override
protected String[] getServletMappings() {
    return new String[]{"/"};
}

@Override
protected Class<?>[] getRootConfigClasses() {
    return new Class[]{MessageSecurityWebApplicationInitializer.class, SecurityConfig.class};
}

安全配置:

public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth
            .inMemoryAuthentication()
            .withUser("user").password("password").roles("USER")
            .and()
            .withUser("admin").password("1234").roles("USER", "ADMIN");
}


@Override
public void configure(WebSecurity web) throws Exception {
    web
            .ignoring()
            .antMatchers("/resources/**"); // #3
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/", "/login", "/getPhoto/{id}", "/deletePhoto/{id}").permitAll()
            .antMatchers("/remove").hasRole("ADMIN")
            .antMatchers("/add/**", "/upload/**").hasAnyRole("ADMIN", "USER")
            .anyRequest().authenticated() // 7
            .and()
            .formLogin()
            .loginPage("/login")
            .successForwardUrl("/")
            .usernameParameter("userLogin")
            .passwordParameter("userPassword")
            .failureForwardUrl("/login?error=true");
}

MessageSecurityWebApplicationInitializer 

public class MessageSecurityWebApplicationInitializer
    extends AbstractSecurityWebApplicationInitializer {


@Override
protected void beforeSpringSecurityFilterChain(ServletContext servletContext) {
    insertFilters(servletContext, new MultipartFilter());
}

上传映射:

 @RequestMapping(value = "/upload", method = RequestMethod.POST)
public String uploadWallpaper(@RequestParam("wallpaperFile") MultipartFile file,
                              @RequestParam("category") String category) {
    Wallpaper wallpaper = new Wallpaper();

    try {
        wallpaper.setName(file.getOriginalFilename());
        wallpaper.setData(file.getBytes());
        wallpaper.setCategory(category);
        serviceDAO.addObject(wallpaper);

        return "redirect:/";
    } catch (IOException e) {
        return "add_wallpaper";
    }
}

html表格:

<spring:url value="/upload?${_csrf.parameterName}=${_csrf.token}" var="formURL"/>
    <form method="post" enctype="multipart/form-data" action="/upload?${_csrf.parameterName}=${_csrf.token}">
...

例外我仍然收到:

org.springframework.web.multipart.MultipartException: Could not parse multipart servlet request; nested exception is java.lang.IllegalStateException: Unable to process parts as no multi-part configuration has been provided
org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.parseRequest(StandardMultipartHttpServletRequest.java:111)
org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.<init>(StandardMultipartHttpServletRequest.java:85)
org.springframework.web.multipart.support.StandardServletMultipartResolver.resolveMultipart(StandardServletMultipartResolver.java:76)
org.springframework.web.multipart.support.MultipartFilter.doFilterInternal(MultipartFilter.java:112)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

1 个答案:

答案 0 :(得分:0)

我使用了这个配置:

@Bean
public CommonsMultipartResolver multipartResolver(){
    CommonsMultipartResolver commonsMultipartResolver = new CommonsMultipartResolver();
    commonsMultipartResolver.setMaxInMemorySize(MEMORY_SIZE);
    commonsMultipartResolver.setMaxUploadSize(UPLOAD_SIZE);
    return commonsMultipartResolver;
}

如果我没有创建扩展 AbstractSecurityWebApplicationInitializer 的类。尽量不要使用该类并设置上面的bean。

相关问题
最新问题