春季安全和多部分请求

我与春天有安全和OAuth2用户在我试图让我的用户上传文件保护的@Controller：春季安全和多部分请求

@Controller 
@RequestMapping(value = "/api/image") 
public class ImageController { 

    @PreAuthorize("hasAuthority('ROLE_USER')") 
    @RequestMapping(value = "/upload", method = RequestMethod.PUT) 
    public @ResponseBody Account putImage(@RequestParam("title") String title, MultipartHttpServletRequest request, Principal principal){ 
     // Some type of file processing... 
     System.out.println("-------------------------------------------"); 
     System.out.println("Test upload: " + title); 
     System.out.println("Test upload: " + request.getFile("file").getOriginalFilename()); 
     System.out.println("-------------------------------------------"); 

     return ((Account) ((OAuth2Authentication) principal).getPrincipal()); 
    } 
}

当我尝试上传文件和标题，我得到以下例外。我将Content-Type标题设置为multipart/form-data。

java.lang.IllegalStateException: Current request is not of type [org.springframework.web.multipart.MultipartHttpServletRequest]: SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ [email protected]]] 
    at org.springframework.web.servlet.mvc.method.annotation.ServletRequestMethodArgumentResolver.resolveArgument(ServletRequestMethodArgumentResolver.java:84) 
    at org.springframework.web.method.support.HandlerMethodArgumentResolverComposite.resolveArgument(HandlerMethodArgumentResolverComposite.java:75) 
    at org.springframework.web.method.support.InvocableHandlerMethod.getMethodArgumentValues(InvocableHandlerMethod.java:156) 
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:117)

我如何在Spring Security后面上传文件？看起来这个请求永远不会变成MultiPartHttpServerRequest，所以它不起作用？

如果我改变我的方法签名采取@RequestParam MultipartFile，然后我得到这样一个例外：

DEBUG DefaultListableBeanFactory - Returning cached instance of singleton bean 'imageController' 
DEBUG ExceptionHandlerExceptionResolver - Resolving exception from handler [public com.tinsel.server.model.Account com.tinsel.server.controller.ImageController.putImage(java.lang.String,org.springframework.web.multipart.MultipartFile,java.security.Principal)]: java.lang.IllegalArgumentException: Expected MultipartHttpServletRequest: is a MultipartResolver configured? 
DEBUG ResponseStatusExceptionResolver - Resolving exception from handler [public com.tinsel.server.model.Account com.tinsel.server.controller.ImageController.putImage(java.lang.String,org.springframework.web.multipart.MultipartFile,java.security.Principal)]: java.lang.IllegalArgumentException: Expected MultipartHttpServletRequest: is a MultipartResolver configured? 
DEBUG DefaultHandlerExceptionResolver - Resolving exception from handler [public com.tinsel.server.model.Account com.tinsel.server.controller.ImageController.putImage(java.lang.String,org.springframework.web.multipart.MultipartFile,java.security.Principal)]: java.lang.IllegalArgumentException: Expected MultipartHttpServletRequest: is a MultipartResolver configured? 
DEBUG DispatcherServlet - Could not complete request 
java.lang.IllegalArgumentException: Expected MultipartHttpServletRequest: is a MultipartResolver configured? 
    at org.springframework.util.Assert.notNull(Assert.java:112)

...但我有一个MultipartResolver在我的XML配置：

<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver"> 
    <property name="maxUploadSize" value="268435456"/> <!-- 256 megs --> 
</bean>

我确实看到了this blog post about getting this working under Spring 3.0 - 但我试图保持更新，目前正在使用3.1。是否有更新的修复程序？

来源

2013-02-25 Matthew Runo

问题是我正在使用PUT而不是POST。 Commons FileUpload被硬编码为只接受文件的POST请求。

检查isMultipartContent method那里。要解决这个问题，可以使用POST或扩展该类并覆盖该方法以使其符合您的喜好。

我为此问题打开了FILEUPLOAD-214。

来源

2013-02-25 20:02:01

FILEUPLOAD-214已用WONTFIX解决。根据作者'PUT'不应该与'Multipart'一起使用 – beerbajay 2014-04-14 14:28:48

是的，最终我确实改用了POST而不是PUT。 – 2014-04-14 17:57:06

它已经在1.3版中修复了 – thomaux 2015-12-28 10:38:11

-1

您可以看看https://github.com/joshlong/the-spring-tutorial，它有一个演示如何在启用Spring Security OAuth的情况下发布到Spring MVC的示例。我甚至使用HTML5拖放将图像拖放到屏幕上，然后通过ajax将其提交给服务器。

来源

2013-02-26 19:46:53

要解决此问题，请不要使用spring MultiPartHttpServerRequest，而是将请求视为HttpServletRequest，使用apache commons fileupload库来解析来自PUT方法的请求并处理该文件。下面是一些示例代码：

ServletFileUpload fileUpload = new ServletFileUpload(new DiskFileItemFactory()); 
List<FileItem> fileItems = fileUpload.parseRequest(httpServletRequest); 
InputStream in = fileItems.get(0).getInputStream(); 
...

来源

2013-07-06 19:50:36

Config.groovy中

确保多启用，

// whether to disable processing of multi part requests 
    grails.web.disable.multipart=false

在控制器与这些添加Post方法

def upload(){ 
    MultipartHttpServletRequest mpr = (MultipartHttpServletRequest)request; 
    if(request instanceof MultipartHttpServletRequest) 
      { 
       CommonsMultipartFile f = (CommonsMultipartFile) mpr.getFile("myFile"); 
       println f.contentType 
       f.transferTo() 
       if(!f.empty) 
        flash.message = 'success' 
       else 
        flash.message = 'file cannot be empty' 
      } 
    else 
    flash.message = 'request is not of type MultipartHttpServletRequest'}

，我能够上传文件，与Spring Security没有任何关系。

来源

2014-07-21 18:53:09 Nazeel

春季安全和多部分请求

回答

相关问题