[SPRING] 스프링 MVC - 봄 보안에 의해 파일 업로드가 차단됨 [복제]
SPRING스프링 MVC - 봄 보안에 의해 파일 업로드가 차단됨 [복제]
파일 업로드를 시도하고 있습니다. 그것은 나를 위해 일하지만 업로드 파일을 사용하고 싶다면 작동하지 않습니다. 이 오류가 나타납니다.
HTTP Status 405 - Request method 'POST' not supported
하지만 web.xml에서 이러한 행에 주석을 달면 작동합니다.
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
이 구성을 추가하려고했지만 도움이되지 않았습니다.
<filter>
<display-name>springMultipartFilter</display-name>
<filter-name>springMultipartFilter</filter-name>
<filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>springMultipartFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
이것은 내 모든 web.xml입니다.
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets
and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/</url-pattern>
</filter-mapping>
<!-- Spring Security -->
<filter>
<display-name>springMultipartFilter</display-name>
<filter-name>springMultipartFilter</filter-name>
<filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class>
</filter>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springMultipartFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
어디에서 문제가 될 수 있는지 알고 있습니까? 나는 봄과 봄 보안이 버전을 사용하고 있습니다 :
<org.springframework.version>4.0.4.RELEASE</org.springframework.version>
<org.springframework.security.version>3.2.3.RELEASE</org.springframework.security.version>
제어 장치
@Controller
public class FileUploadController {
private static final Logger logger = LoggerFactory
.getLogger(FileUploadController.class);
@RequestMapping(value = "/uploadOneFile", method = RequestMethod.POST)
public @ResponseBody
String uploadFileHandler(@RequestParam("name") String name,
@RequestParam("file") MultipartFile file) {
if (!file.isEmpty()) {
try {
byte[] bytes = file.getBytes();
// Creating the directory to store file
String rootPath = System.getProperty("catalina.home");
File dir = new File(rootPath + File.separator + "tmpFiles");
if (!dir.exists())
dir.mkdirs();
// Create the file on server
File serverFile = new File(dir.getAbsolutePath()
+ File.separator + name);
BufferedOutputStream stream = new BufferedOutputStream(
new FileOutputStream(serverFile));
stream.write(bytes);
stream.close();
logger.info("Server File Location="
+ serverFile.getAbsolutePath());
return "You successfully uploaded file=" + name;
} catch (Exception e) {
return "You failed to upload " + name + " => " + e.getMessage();
}
} else {
return "You failed to upload " + name
+ " because the file was empty.";
}
}
}
JSP
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ page session="false" %>
<html>
<head>
<title>Upload File Request Page</title>
</head>
<body>
<form method="POST" action="uploadOneFile" enctype="multipart/form-data">
File to upload: <input type="file" name="file"><br />
Name: <input type="text" name="name"><br /> <br />
<input type="submit" value="Upload"> Press here to upload the file!
</form>
</body>
</html>
봄 보안 설정
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login
login-page="/login"
default-target-url="/admin/goods"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf/>
</http>
<!-- Select users and user_roles from database -->
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query=
"select username,password, enabled from admin where username=?"
authorities-by-username-query=
"select username, role from user_roles where username =? " />
</authentication-provider>
</authentication-manager>
</beans:beans>
해결법
-
==============================
1.이 문제를 해결했는데, $ {_ csrf.parameterName} = $ {_ csrf.token}을 (를) 내 양식 작업 끝에 추가했습니다.
이 문제를 해결했는데, $ {_ csrf.parameterName} = $ {_ csrf.token}을 (를) 내 양식 작업 끝에 추가했습니다.
<form method="POST" action="uploadOneFile?${_csrf.parameterName}=${_csrf.token}" enctype="multipart/form-data">이제 작동합니다!
-
==============================
2.다음 변경
다음 변경
<form method="POST" action="uploadOneFile" enctype="multipart/form-data">~에 따라
<form method="POST" action="/uploadOneFile" enctype="multipart/form-data">그게 효과가 있다면 알려주고, 그렇지 않다면 나는 또 다른 것을 제안 할 것입니다.
from https://stackoverflow.com/questions/25612984/spring-mvc-upload-file-is-blocked-by-spring-security by cc-by-sa and MIT license
'SPRING' 카테고리의 다른 글
| [SPRING] 밤새 연결이 끊어졌습니다 (spring boot + mysql). (0) | 2019.07.18 |
|---|---|
| [SPRING] 속성 파일에서 값을 읽을 수없는 Spring 조건 (0) | 2019.07.18 |
| [SPRING] 스프링 부트에서 추가 클래스 패스를 설정하는 방법? (0) | 2019.07.18 |
| [SPRING] 정적 함수에서 @Value 주석의 대안 (0) | 2019.07.17 |
| [SPRING] 스프링 부트 보안 - java.lang.IllegalArgumentException : null GrantedAuthority 콜렉션을 전달할 수 없음 (0) | 2019.07.17 |