Java Spring MVC 4上载文件被Spring Security阻止
我试图通过Spring表单在我的Spring MVC 4项目中上传文件,但当我提交带有日志的表单时说:Java Spring MVC 4上载文件被Spring Security阻止,java,spring,hibernate,spring-mvc,spring-security,Java,Spring,Hibernate,Spring Mvc,Spring Security,我试图通过Spring表单在我的Spring MVC 4项目中上传文件,但当我提交带有日志的表单时说:不注入HSTS头,因为它与requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter不匹配$SecureRequestMatcher@527de1e2和发现无效的CSRF令牌 我从中找到了解决办法 ,但在我将多部分过滤器放在Spring security之前之后,我的模型属性将返回NULL 这是我
不注入HSTS头,因为它与requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter不匹配$SecureRequestMatcher@527de1e2
和发现无效的CSRF令牌
我从中找到了解决办法
,但在我将多部分过滤器放在Spring security之前之后,我的模型属性将返回NULL
这是我的密码:
JSP代码片段:
<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
<html>
<body>
<div>
<form:form action="save?${_csrf.parameterName}=${_csrf.token}"
method="post" modelAttribute="book" enctype="multipart/form-data">
<table>
<form:input type="hidden" path="id" />
<tr>
<td>ISBN:</td>
<td><form:input path="isbn" autofocus="autofocus"/></td>
</tr>
<tr>
<td>Title:</td>
<td><form:input path="title" /></td>
</tr>
<tr>
<td>Author:</td>
<td><form:input path="author" /></td>
</tr>
<tr>
<td>Publisher:</td>
<td><form:input path="publisher" /></td>
</tr>
<tr>
<td>Call Number:</td>
<td><form:input path="callNumber" /></td>
</tr>
<tr>
<td>Pages:</td>
<td><form:input path="pages" /></td>
</tr>
<tr>
<td>Pages:</td>
<td><form:input path="imageFile" type="file" /></td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Save">
</td>
</tr>
</table>
</form:form>
</div>
@RequestMapping(value = "/save", method = RequestMethod.POST)
@PreAuthorize("hasAnyAuthority('BOOK_ADD', 'BOOK_EDIT')")
public String saveBook(@ModelAttribute @Valid Book book, BindingResult result) {
bookValidator.validate(book, result);
if (result.hasErrors()) {
return "book/form";
}
if (bookService.getBook(book.getId()) == null) {
bookService.save(book);
} else {
bookService.update(book);
}
return "redirect:/book";
}
@Bean(name = "multipartResolver")
public CommonsMultipartResolver multipartResolver() {
CommonsMultipartResolver resolver = new CommonsMultipartResolver();
resolver.setDefaultEncoding("UTF-8");
return resolver;
}
@Override
protected void beforeSpringSecurityFilterChain(ServletContext servletContext) {
insertFilters(servletContext, new MultipartFilter());
}
CREATE TABLE `books` (
`id` INT(5) UNSIGNED NOT NULL AUTO_INCREMENT,
`isbn` VARCHAR(25) NOT NULL,
`title` VARCHAR(50) NOT NULL,
`author` VARCHAR(50) NULL DEFAULT NULL,
`publisher` VARCHAR(50) NULL DEFAULT NULL,
`call_number` VARCHAR(25) NULL DEFAULT NULL,
`pages` INT(5) NULL DEFAULT NULL,
`image_file` MEDIUMBLOB NULL,
PRIMARY KEY (`id`)
)
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency.
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.5</version>
</dependency>
控制器代码段:
<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
<html>
<body>
<div>
<form:form action="save?${_csrf.parameterName}=${_csrf.token}"
method="post" modelAttribute="book" enctype="multipart/form-data">
<table>
<form:input type="hidden" path="id" />
<tr>
<td>ISBN:</td>
<td><form:input path="isbn" autofocus="autofocus"/></td>
</tr>
<tr>
<td>Title:</td>
<td><form:input path="title" /></td>
</tr>
<tr>
<td>Author:</td>
<td><form:input path="author" /></td>
</tr>
<tr>
<td>Publisher:</td>
<td><form:input path="publisher" /></td>
</tr>
<tr>
<td>Call Number:</td>
<td><form:input path="callNumber" /></td>
</tr>
<tr>
<td>Pages:</td>
<td><form:input path="pages" /></td>
</tr>
<tr>
<td>Pages:</td>
<td><form:input path="imageFile" type="file" /></td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Save">
</td>
</tr>
</table>
</form:form>
</div>
@RequestMapping(value = "/save", method = RequestMethod.POST)
@PreAuthorize("hasAnyAuthority('BOOK_ADD', 'BOOK_EDIT')")
public String saveBook(@ModelAttribute @Valid Book book, BindingResult result) {
bookValidator.validate(book, result);
if (result.hasErrors()) {
return "book/form";
}
if (bookService.getBook(book.getId()) == null) {
bookService.save(book);
} else {
bookService.update(book);
}
return "redirect:/book";
}
@Bean(name = "multipartResolver")
public CommonsMultipartResolver multipartResolver() {
CommonsMultipartResolver resolver = new CommonsMultipartResolver();
resolver.setDefaultEncoding("UTF-8");
return resolver;
}
@Override
protected void beforeSpringSecurityFilterChain(ServletContext servletContext) {
insertFilters(servletContext, new MultipartFilter());
}
CREATE TABLE `books` (
`id` INT(5) UNSIGNED NOT NULL AUTO_INCREMENT,
`isbn` VARCHAR(25) NOT NULL,
`title` VARCHAR(50) NOT NULL,
`author` VARCHAR(50) NULL DEFAULT NULL,
`publisher` VARCHAR(50) NULL DEFAULT NULL,
`call_number` VARCHAR(25) NULL DEFAULT NULL,
`pages` INT(5) NULL DEFAULT NULL,
`image_file` MEDIUMBLOB NULL,
PRIMARY KEY (`id`)
)
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency.
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.5</version>
</dependency>
Servlet配置:
<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
<html>
<body>
<div>
<form:form action="save?${_csrf.parameterName}=${_csrf.token}"
method="post" modelAttribute="book" enctype="multipart/form-data">
<table>
<form:input type="hidden" path="id" />
<tr>
<td>ISBN:</td>
<td><form:input path="isbn" autofocus="autofocus"/></td>
</tr>
<tr>
<td>Title:</td>
<td><form:input path="title" /></td>
</tr>
<tr>
<td>Author:</td>
<td><form:input path="author" /></td>
</tr>
<tr>
<td>Publisher:</td>
<td><form:input path="publisher" /></td>
</tr>
<tr>
<td>Call Number:</td>
<td><form:input path="callNumber" /></td>
</tr>
<tr>
<td>Pages:</td>
<td><form:input path="pages" /></td>
</tr>
<tr>
<td>Pages:</td>
<td><form:input path="imageFile" type="file" /></td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Save">
</td>
</tr>
</table>
</form:form>
</div>
@RequestMapping(value = "/save", method = RequestMethod.POST)
@PreAuthorize("hasAnyAuthority('BOOK_ADD', 'BOOK_EDIT')")
public String saveBook(@ModelAttribute @Valid Book book, BindingResult result) {
bookValidator.validate(book, result);
if (result.hasErrors()) {
return "book/form";
}
if (bookService.getBook(book.getId()) == null) {
bookService.save(book);
} else {
bookService.update(book);
}
return "redirect:/book";
}
@Bean(name = "multipartResolver")
public CommonsMultipartResolver multipartResolver() {
CommonsMultipartResolver resolver = new CommonsMultipartResolver();
resolver.setDefaultEncoding("UTF-8");
return resolver;
}
@Override
protected void beforeSpringSecurityFilterChain(ServletContext servletContext) {
insertFilters(servletContext, new MultipartFilter());
}
CREATE TABLE `books` (
`id` INT(5) UNSIGNED NOT NULL AUTO_INCREMENT,
`isbn` VARCHAR(25) NOT NULL,
`title` VARCHAR(50) NOT NULL,
`author` VARCHAR(50) NULL DEFAULT NULL,
`publisher` VARCHAR(50) NULL DEFAULT NULL,
`call_number` VARCHAR(25) NULL DEFAULT NULL,
`pages` INT(5) NULL DEFAULT NULL,
`image_file` MEDIUMBLOB NULL,
PRIMARY KEY (`id`)
)
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency.
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.5</version>
</dependency>
Spring安全初始值设定项:
<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
<html>
<body>
<div>
<form:form action="save?${_csrf.parameterName}=${_csrf.token}"
method="post" modelAttribute="book" enctype="multipart/form-data">
<table>
<form:input type="hidden" path="id" />
<tr>
<td>ISBN:</td>
<td><form:input path="isbn" autofocus="autofocus"/></td>
</tr>
<tr>
<td>Title:</td>
<td><form:input path="title" /></td>
</tr>
<tr>
<td>Author:</td>
<td><form:input path="author" /></td>
</tr>
<tr>
<td>Publisher:</td>
<td><form:input path="publisher" /></td>
</tr>
<tr>
<td>Call Number:</td>
<td><form:input path="callNumber" /></td>
</tr>
<tr>
<td>Pages:</td>
<td><form:input path="pages" /></td>
</tr>
<tr>
<td>Pages:</td>
<td><form:input path="imageFile" type="file" /></td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Save">
</td>
</tr>
</table>
</form:form>
</div>
@RequestMapping(value = "/save", method = RequestMethod.POST)
@PreAuthorize("hasAnyAuthority('BOOK_ADD', 'BOOK_EDIT')")
public String saveBook(@ModelAttribute @Valid Book book, BindingResult result) {
bookValidator.validate(book, result);
if (result.hasErrors()) {
return "book/form";
}
if (bookService.getBook(book.getId()) == null) {
bookService.save(book);
} else {
bookService.update(book);
}
return "redirect:/book";
}
@Bean(name = "multipartResolver")
public CommonsMultipartResolver multipartResolver() {
CommonsMultipartResolver resolver = new CommonsMultipartResolver();
resolver.setDefaultEncoding("UTF-8");
return resolver;
}
@Override
protected void beforeSpringSecurityFilterChain(ServletContext servletContext) {
insertFilters(servletContext, new MultipartFilter());
}
CREATE TABLE `books` (
`id` INT(5) UNSIGNED NOT NULL AUTO_INCREMENT,
`isbn` VARCHAR(25) NOT NULL,
`title` VARCHAR(50) NOT NULL,
`author` VARCHAR(50) NULL DEFAULT NULL,
`publisher` VARCHAR(50) NULL DEFAULT NULL,
`call_number` VARCHAR(25) NULL DEFAULT NULL,
`pages` INT(5) NULL DEFAULT NULL,
`image_file` MEDIUMBLOB NULL,
PRIMARY KEY (`id`)
)
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency.
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.5</version>
</dependency>
SQL表:
<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
<html>
<body>
<div>
<form:form action="save?${_csrf.parameterName}=${_csrf.token}"
method="post" modelAttribute="book" enctype="multipart/form-data">
<table>
<form:input type="hidden" path="id" />
<tr>
<td>ISBN:</td>
<td><form:input path="isbn" autofocus="autofocus"/></td>
</tr>
<tr>
<td>Title:</td>
<td><form:input path="title" /></td>
</tr>
<tr>
<td>Author:</td>
<td><form:input path="author" /></td>
</tr>
<tr>
<td>Publisher:</td>
<td><form:input path="publisher" /></td>
</tr>
<tr>
<td>Call Number:</td>
<td><form:input path="callNumber" /></td>
</tr>
<tr>
<td>Pages:</td>
<td><form:input path="pages" /></td>
</tr>
<tr>
<td>Pages:</td>
<td><form:input path="imageFile" type="file" /></td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Save">
</td>
</tr>
</table>
</form:form>
</div>
@RequestMapping(value = "/save", method = RequestMethod.POST)
@PreAuthorize("hasAnyAuthority('BOOK_ADD', 'BOOK_EDIT')")
public String saveBook(@ModelAttribute @Valid Book book, BindingResult result) {
bookValidator.validate(book, result);
if (result.hasErrors()) {
return "book/form";
}
if (bookService.getBook(book.getId()) == null) {
bookService.save(book);
} else {
bookService.update(book);
}
return "redirect:/book";
}
@Bean(name = "multipartResolver")
public CommonsMultipartResolver multipartResolver() {
CommonsMultipartResolver resolver = new CommonsMultipartResolver();
resolver.setDefaultEncoding("UTF-8");
return resolver;
}
@Override
protected void beforeSpringSecurityFilterChain(ServletContext servletContext) {
insertFilters(servletContext, new MultipartFilter());
}
CREATE TABLE `books` (
`id` INT(5) UNSIGNED NOT NULL AUTO_INCREMENT,
`isbn` VARCHAR(25) NOT NULL,
`title` VARCHAR(50) NOT NULL,
`author` VARCHAR(50) NULL DEFAULT NULL,
`publisher` VARCHAR(50) NULL DEFAULT NULL,
`call_number` VARCHAR(25) NULL DEFAULT NULL,
`pages` INT(5) NULL DEFAULT NULL,
`image_file` MEDIUMBLOB NULL,
PRIMARY KEY (`id`)
)
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency.
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.5</version>
</dependency>
和我使用的库代码片段:
<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
<html>
<body>
<div>
<form:form action="save?${_csrf.parameterName}=${_csrf.token}"
method="post" modelAttribute="book" enctype="multipart/form-data">
<table>
<form:input type="hidden" path="id" />
<tr>
<td>ISBN:</td>
<td><form:input path="isbn" autofocus="autofocus"/></td>
</tr>
<tr>
<td>Title:</td>
<td><form:input path="title" /></td>
</tr>
<tr>
<td>Author:</td>
<td><form:input path="author" /></td>
</tr>
<tr>
<td>Publisher:</td>
<td><form:input path="publisher" /></td>
</tr>
<tr>
<td>Call Number:</td>
<td><form:input path="callNumber" /></td>
</tr>
<tr>
<td>Pages:</td>
<td><form:input path="pages" /></td>
</tr>
<tr>
<td>Pages:</td>
<td><form:input path="imageFile" type="file" /></td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Save">
</td>
</tr>
</table>
</form:form>
</div>
@RequestMapping(value = "/save", method = RequestMethod.POST)
@PreAuthorize("hasAnyAuthority('BOOK_ADD', 'BOOK_EDIT')")
public String saveBook(@ModelAttribute @Valid Book book, BindingResult result) {
bookValidator.validate(book, result);
if (result.hasErrors()) {
return "book/form";
}
if (bookService.getBook(book.getId()) == null) {
bookService.save(book);
} else {
bookService.update(book);
}
return "redirect:/book";
}
@Bean(name = "multipartResolver")
public CommonsMultipartResolver multipartResolver() {
CommonsMultipartResolver resolver = new CommonsMultipartResolver();
resolver.setDefaultEncoding("UTF-8");
return resolver;
}
@Override
protected void beforeSpringSecurityFilterChain(ServletContext servletContext) {
insertFilters(servletContext, new MultipartFilter());
}
CREATE TABLE `books` (
`id` INT(5) UNSIGNED NOT NULL AUTO_INCREMENT,
`isbn` VARCHAR(25) NOT NULL,
`title` VARCHAR(50) NOT NULL,
`author` VARCHAR(50) NULL DEFAULT NULL,
`publisher` VARCHAR(50) NULL DEFAULT NULL,
`call_number` VARCHAR(25) NULL DEFAULT NULL,
`pages` INT(5) NULL DEFAULT NULL,
`image_file` MEDIUMBLOB NULL,
PRIMARY KEY (`id`)
)
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency.
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.5</version>
</dependency>
org.springframework
SpringWebMVC
4.2.3.1发布
换衣服试试看
私有字节[]图像文件代码>
到
更新
如果在DB中使用blob数据类型,则从前端使用MultipartFile
接收文件,然后使用另一个字节为[]的getter setter
private MultipartFile imageFileFrntEnd;
// getter
public MultipartFile setImageFileFrntEnd(MultipartFile file){
//convert to byte[] and set to imageFile
}
private byte[] imageFile;
//getter setter
Arip Hidayat
我想你需要编辑一些代码
非常简单的java+spring mvc文件上传
xml
<!-- MultipartResolver -->
<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="-1" />
<property name="maxInMemorySize" value="-1" />
</bean>
<!-- BeanNameViewResolver -->
<bean id="downloadViewResolver" class="org.springframework.web.servlet.view.BeanNameViewResolver">
<property name="order">
<value>0</value>
</property>
</bean>
}
这很重要
input tag name=“file”
model MultipartFile variable name=“file”
控制器
@RequestMapping(value = "/upload")
private ModelAndView writeFile(MultipartFileModel model) {
MultipartFile multipartfile = model.getFile();
// you use "multipartfile"
// ... you write file
}
您可以像其他人建议的那样,在Book类中添加一个新的MultipartFile属性,并使其成为临时属性。设置此属性时,请同时设置imageFile
@Column(name = "image_file")
private byte[] imageFile;
@Transient
private MultipartFile multiPartFile;
public void setMultiPartFile(MultipartFile multiPartFile) {
this.multiPartFile = multiPartFile;
if(multiPartFile != null){
this.setImageFile(multiPartFile.getBytes());
}
}
谢谢你的回答。但是如果我改为MultipartFile
,我会得到这个错误:org.hibernate.mappingExceptionTanks供您参考。但如果我改为MultipartFile
类型,我会得到hibernate映射选项。如果我使用spring表单tld,你有什么建议吗?你在imgfile中使用DB?只需将文件路径保存在数据库中,将imgfile保存在本地服务器中。您可以维护实体类并更改可变名称字符串imgfilepath。您可以添加类模型。在控制器中使用模型。是的,我将文件作为blob保存到DB中。谢谢@simon-l,这是一个很好的解决方案。但我在make方法InitBinder注释中找到了相同的解决方案,可以将控制器中的多部分文件类型转换为byte[]。