1. 首页
  2. 问答
  3. Spring MVC +安全。 CharacterEncodingFilter不起作用

Spring MVC +安全。 CharacterEncodingFilter不起作用

2015-12-04 130 views
1

我已阅读所有帖子,与我的问题相关,并完成了他们的所有建议,但没有帮助。我在这个方向是新的。我正在使用spring mvc + security。这是我的代码列表。Spring MVC +安全。 CharacterEncodingFilter不起作用

MVC初始化

import com.company.bank.config.AppConfig; 
import org.springframework.web.WebApplicationInitializer; 
import org.springframework.web.context.ContextLoaderListener; 
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; 
import org.springframework.web.filter.CharacterEncodingFilter; 
import org.springframework.web.multipart.support.MultipartFilter; 
import org.springframework.web.servlet.DispatcherServlet; 

import javax.servlet.*; 
import java.util.EnumSet; 

public class SpringMVCInitializer implements WebApplicationInitializer { 

    @Override 
    public void onStartup(ServletContext servletContext) throws ServletException { 

     EnumSet<DispatcherType> dispatcherTypes = EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD, DispatcherType.INCLUDE); 

     //Multipart filter registration (WORK's) 
     MultipartFilter multipartFilter = new MultipartFilter(); 
     multipartFilter.setMultipartResolverBeanName("filterMultipartResolver"); 

     FilterRegistration.Dynamic multipartDecoder = servletContext.addFilter("multipartResolver", multipartFilter); 
     multipartDecoder.addMappingForUrlPatterns(dispatcherTypes, true, "/*"); 

     //Decoding filter registration (IT DOESN'T WORK!) 
     FilterRegistration.Dynamic characterEncoder = servletContext.addFilter("encodingFilter", new CharacterEncodingFilter()); 
     characterEncoder.setInitParameter("encoding", "UTF-8"); 
     characterEncoder.setInitParameter("forceEncoding", "true"); 
     characterEncoder.addMappingForUrlPatterns(dispatcherTypes, true, "/*"); 
     characterEncoder.setAsyncSupported(true); 

     //Creating root Spring context (WORK's) 
     AnnotationConfigWebApplicationContext ctx = new AnnotationConfigWebApplicationContext(); 
     ctx.register(AppConfig.class); 
     ctx.setServletContext(servletContext); 
     ctx.refresh(); 

     //Dispatcher servllet registration (WORK's) 
     ServletRegistration.Dynamic dispatcher = servletContext.addServlet("dispatcher", new DispatcherServlet(ctx)); 
     dispatcher.addMapping("/"); 
     dispatcher.setLoadOnStartup(1); 

     servletContext.addListener(new ContextLoaderListener(ctx)); 
    } 
}

安全初始化

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; 
import org.springframework.web.multipart.support.MultipartFilter; 

import javax.servlet.ServletContext; 

/** 
* Created by OAM on 01.12.2015. 
*/ 
public class SpringSecurityInitializer extends AbstractSecurityWebApplicationInitializer { 

    //telling spring security to use Multipart Filter before filter chain (for multipart+CSRF) WORK's 
    @Override 
    protected void beforeSpringSecurityFilterChain(ServletContext servletContext) { 
     insertFilters(servletContext, new MultipartFilter()); 
    } 
}

应用配置

import com.company.bank.tasks.rates_updater.JAXB.XMLCurrRates; 
import com.company.bank.tasks.rates_updater.RatesUpdater; 
import org.springframework.context.annotation.Bean; 
import org.springframework.context.annotation.ComponentScan; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.jdbc.datasource.DriverManagerDataSource; 
import org.springframework.orm.jpa.JpaTransactionManager; 
import org.springframework.orm.jpa.JpaVendorAdapter; 
import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean; 
import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter; 
import org.springframework.scheduling.annotation.EnableScheduling; 
import org.springframework.transaction.PlatformTransactionManager; 
import org.springframework.transaction.annotation.EnableTransactionManagement; 
import org.springframework.web.multipart.commons.CommonsMultipartResolver; 
import org.springframework.web.servlet.config.annotation.EnableWebMvc; 
import org.springframework.web.servlet.view.JstlView; 
import org.springframework.web.servlet.view.UrlBasedViewResolver; 

import javax.persistence.EntityManagerFactory; 
import javax.sql.DataSource; 

/** 
* Created by OAM on 21.11.2015. 
*/ 
@Configuration 
@EnableWebMvc 
@EnableTransactionManagement 
@ComponentScan("com.company.bank") 
@EnableScheduling 
public class AppConfig { 

    @Bean 
    public RatesUpdater update() { 
     return new RatesUpdater("http://pf-soft.net/service/currency/", XMLCurrRates.class); 
    } 

    @Bean 
    public LocalContainerEntityManagerFactoryBean entityManagerFactory(DataSource dataSource, JpaVendorAdapter adapter) { 
     LocalContainerEntityManagerFactoryBean emf = new LocalContainerEntityManagerFactoryBean(); 
     emf.setDataSource(dataSource); 
     emf.setJpaVendorAdapter(adapter); 
     emf.setPackagesToScan("com.company.bank"); 
     return emf; 
    } 

    @Bean 
    public PlatformTransactionManager transactionManager(EntityManagerFactory emf) { 
     return new JpaTransactionManager(emf); 
    } 

    @Bean 
    public JpaVendorAdapter jpaVendorAdapter() { 
     HibernateJpaVendorAdapter adapter = new HibernateJpaVendorAdapter(); 
     adapter.setShowSql(false); 
     adapter.setGenerateDdl(false); 
     adapter.setDatabasePlatform("org.hibernate.dialect.MySQLDialect"); 
     return adapter; 
    } 

    @Bean 
    public DataSource dataSource() { 
     DriverManagerDataSource ds = new DriverManagerDataSource(); 
     ds.setDriverClassName("com.mysql.jdbc.Driver"); 
     ds.setUrl("jdbc:mysql://localhost:3306/bank"); 
     ds.setUsername("******"); 
     ds.setPassword("******"); 
     return ds; 
    } 

    @Bean 
    public UrlBasedViewResolver setupViewResolver() { 
     UrlBasedViewResolver resolver = new UrlBasedViewResolver(); 
     resolver.setPrefix("/WEB-INF/pages/"); 
     resolver.setSuffix(".jsp"); 
     resolver.setViewClass(JstlView.class); 
     resolver.setOrder(1); 
     return resolver; 
    } 

    @Bean(name = "filterMultipartResolver") 
    public CommonsMultipartResolver filterMultipartResolver() { 
     CommonsMultipartResolver filterMultipartResolver = new CommonsMultipartResolver(); 
     filterMultipartResolver.setMaxUploadSize(100000000); 
     filterMultipartResolver.setMaxInMemorySize(10000000); 
     return filterMultipartResolver; 
    } 
}

安全的conf

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.beans.factory.annotation.Qualifier; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 
import org.springframework.security.core.userdetails.UserDetailsService; 

/** 
* Created by OAM on 01.12.2015. 
*/ 
@Configuration 
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 
    @Autowired 
    @Qualifier("userDetailsService") 
    UserDetailsService userDetailsService; 


    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
     auth 
       .userDetailsService(userDetailsService); 
    } 

    protected void configure(HttpSecurity http) throws Exception { 
     http 
       .authorizeRequests() 
       .antMatchers("/", "/index").permitAll() 
       .antMatchers("/login**").permitAll() 
       .antMatchers("/admin**").access("hasRole('ROLE_ADMIN')") 
       .antMatchers("/client**").access("hasRole('ROLE_CLIENT')") 
       .antMatchers("/inspector").authenticated() 
       .anyRequest().authenticated() 

       .and().csrf() 

       .and() 
       .formLogin().loginPage("/login").failureUrl("/login?error").usernameParameter("username") 
       .passwordParameter("password").permitAll().defaultSuccessUrl("/inspector") 

       .and().logout().logoutSuccessUrl("/login?logout") 

       .and().httpBasic() 

       .and().headers().httpStrictTransportSecurity().includeSubDomains(true).maxAgeInSeconds(31536000) 

       .and().xssProtection().block(false); 
    } 
}

请帮我解决我的问题

来源

2015-12-04 Andrii Osadchuk

+0

<连接器端口= “8080” 协议= “HTTP/1.1” connectionTimeout =“20000” redirectPort =“8443”URIEncoding =“UTF-8”/>所有my * .jsp都有<%@ page contentType =“text/html; charset = UTF-8”language =“java”pageEncoding =“UTF-8”%> <?xml version =“1.0”encoding =“UTF-8”?> –

+0

请说明你正在努力达到的目标以及你看到的结果。 –

+0

我试图通过cirillic信件,并在提交后我的控制器采取????而不是普通字母 –

回答

0

我会尝试 -

//Decoding filter registration (IT DOESN'T WORK!) 
    CharacterEncodingFilter cef = new CharacterEncodingFilter(); 
    cef .setEncoding("UTF-8"); 
    cef .setForceEncoding(true); 
    FilterRegistration.Dynamic characterEncoder = servletContext.addFilter("encodingFilter", cef); 
    characterEncoder.setInitParameter("encoding", "UTF-8"); 
    characterEncoder.setInitParameter("forceEncoding", "true"); 
    characterEncoder.addMappingForUrlPatterns(dispatcherTypes, true, "/*"); 
    characterEncoder.setAsyncSupported(true);

这应该保证过滤器的编码设置

来源

2015-12-04 16:11:16 farrellmr

+0

不幸的是这并没有帮助。我的控制台在控制台上打印方法POST以网络形式 –

+0

也许问题在滤波器初始化顺序....? –

相关问题

 相关问题