Spring security 超过2MB的Spring security Kerberos文件上载失败,连接重置
我有一个带有keytab文件的springsecuritykerberos设置。当文件上传操作完成时,我收到一个连接重置错误。只有当文件大小大于2MB时才会发生这种情况。当spring security关闭时,我可以上传大于2MB的文件 我对基于SPNEGO的授权的理解如下Spring security 超过2MB的Spring security Kerberos文件上载失败,连接重置,spring-security,http-headers,spring-security-kerberos,Spring Security,Http Headers,Spring Security Kerberos,我有一个带有keytab文件的springsecuritykerberos设置。当文件上传操作完成时,我收到一个连接重置错误。只有当文件大小大于2MB时才会发生这种情况。当spring security关闭时,我可以上传大于2MB的文件 我对基于SPNEGO的授权的理解如下 Ajax请求是从broweser发送的 服务器检查标头中的令牌,如果未找到,则发送401 客户端使用kerberos令牌重新发送请求 服务器使用keytab解密令牌,并乐意允许进一步通信 典型的请求将在协商重定向后在头中发送
Provisional headers are shown
Accept:application/json, text/javascript, */*; q=0.01
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryeb4P029q02XzceLA
Origin:xxxxx
Referer:http://xxxxxxxxxxxxxxx.html?xxxxxxxxxxxx
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/43.0.2357.130 Safari/537.36
X-Requested-With:XMLHttpRequest
------WebKitFormBoundaryeb4P029q02XzceLA
Content-Disposition: form-data; name="entry"; filename="test.pdf"
Content-Type: application/pdf
------WebKitFormBoundaryeb4P029q02XzceLA--
代码部分:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Value("${auth.keytab.url}")
private Resource keyTabLocation;
private static final String SECURITY_ACCESS_ROLE = "isFullyAuthenticated() and hasRole('SOME_ROLE')";
@Override
protected void configure(HttpSecurity http) throws Exception {
// Please dont format this section
// Some eclipse version may not support below formatter off.
// @formatter:off
HttpSecurity httpSecurity =
//default response headers disabled to aid xframe
http.headers().disable().csrf().disable()
// csrf disabled to facilitate non-browser calls
.httpBasic().authenticationEntryPoint(spnegoEntryPoint())
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests().antMatchers("/**")
.access(SECURITY_ACCESS_ROLE).anyRequest().authenticated()
.and();
httpSecurity
.addFilterBefore(
spnegoAuthenticationProcessingFilter(authenticationManagerBean()),
BasicAuthenticationFilter.class);
// @formatter:on
// Please dont format this section
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(ignoreSecurity.split(","));
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.authenticationProvider(kerberosServiceAuthenticationProvider());
}
@Bean(name = "authenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
@Scope("prototype")
public SunJaasKerberosTicketValidator sunJaasKerberosTicketValidator() {
SunJaasKerberosTicketValidator ticketValidator = new SunJaasKerberosTicketValidator();
ticketValidator.setServicePrincipal(servicePrincipal);
ticketValidator.setKeyTabLocation(keyTabLocation);
ticketValidator.setDebug(true);
return ticketValidator;
}
@Bean
@Scope("prototype")
public KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider() {
KerberosServiceAuthenticationProvider provider = new KerberosServiceAuthenticationProvider();
provider.setTicketValidator(ticketValidator);
provider.setUserDetailsService(kerberosUserDetailsService());
return provider;
}
@Bean
public UserDetailsService kerberosUserDetailsService() {
return new KerberosUserDetailsService();
}
@Bean
public UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken> userDetailsByNameServiceWrapper() {
UserDetailsService userDetailsService = cookieUserDetailsService();
return new UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken>(userDetailsService);
}
@Bean
public SpnegoAuthenticationProcessingFilter spnegoAuthenticationProcessingFilter(
AuthenticationManager authenticationManager) {
SpnegoAuthenticationProcessingFilter filter = new SpnegoAuthenticationProcessingFilter();
filter.setAuthenticationManager(authenticationManager);
return filter;
}
@Bean
public SpnegoEntryPoint spnegoEntryPoint() {
return new SpnegoEntryPoint();
}
}
@配置
@启用Web安全性
@EnableGlobalMethodSecurity(Prespenabled=true)
公共类安全配置扩展了WebSecurity配置适配器{
@值(${auth.keytab.url}”)
私有资源密钥分配;
private static final String SECURITY_ACCESS_ROLE=“isfullyaauthenticated()和hasRole('SOME_ROLE')”;
@凌驾
受保护的无效配置(HttpSecurity http)引发异常{
//请不要格式化此部分
//某些eclipse版本可能不支持关闭以下格式化程序。
//@formatter:off
HttpSecurity HttpSecurity=
//禁用默认响应头以帮助xframe
http.headers().disable().csrf().disable()
//已禁用csrf以方便非浏览器调用
.httpBasic().authenticationEntryPoint(spnegoEntryPoint())
.及()
.会议管理()
.sessionCreationPolicy(sessionCreationPolicy.STATELESS)
.及()
.authorizeRequests().antMatchers(“/**”)
.access(安全访问角色).anyRequest().authenticated()
.及();
httpSecurity
.addFilterBefore(
SPNEGAuthenticationProcessingFilter(authenticationManagerBean()),
BasicAuthenticationFilter.class);
//@formatter:on
//请不要格式化此部分
}
@凌驾
public void configure(WebSecurity web)引发异常{
忽略()antMatchers(ignoreSecurity.split(“,”);
}
@凌驾
受保护的无效配置(AuthenticationManagerBuilder身份验证)
抛出异常{
auth.authenticationProvider(kerberosServiceAuthenticationProvider());
}
@Bean(name=“authenticationManager”)
@凌驾
公共AuthenticationManager authenticationManagerBean()引发异常{
返回super.authenticationManagerBean();
}
@豆子
@范围(“原型”)
公共SunJaasKerberosTicketValidator SunJaasKerberosTicketValidator(){
SunJaasKerberosTicketValidator ticketValidator=新的SunJaasKerberosTicketValidator();
ticketValidator.setServicePrincipal(服务负责人);
ticketValidator.setkeytablelocation(keytablelocation);
ticketValidator.setDebug(true);
返回票证校验器;
}
@豆子
@范围(“原型”)
公共KerberosServiceAuthenticationProvider KerberosServiceAuthenticationProvider(){
KerberosServiceAuthenticationProvider=新KerberosServiceAuthenticationProvider();
提供者。设置ticketValidator(ticketValidator);
setUserDetailsService(kerberosUserDetailsService());
退货供应商;
}
@豆子
公共用户详细信息服务kerberosUserDetailsService(){
返回新的KerberosUserDetailsService();
}
@豆子
公共UserDetailsByNameServiceWrapper UserDetailsByNameServiceWrapper(){
UserDetailsService UserDetailsService=cookieUserDetailsService();
返回新的UserDetailsByNameServiceWrapper(userDetailsService);
}
@豆子
公共SPNEGAuthenticationProcessingFilter SPNEGAuthenticationProcessingFilter(
AuthenticationManager(AuthenticationManager){
SPNEGAuthenticationProcessingFilter=新的SPNEGAuthenticationProcessingFilter();
filter.setAuthenticationManager(authenticationManager);
回流过滤器;
}
@豆子
公共SpnegoEntryPoint SpnegoEntryPoint(){
返回新的SpnegoEntryPoint();
}
}
Hi Yasser,复制环境是否仍然可用?Hi Yasser,复制环境是否仍然可用?