Spring MVC: il file di caricamento è bloccato dalla sicurezza di primavera

Question

Sto provando a caricare il file. Funziona per me, ma se voglio usare il caricamento del file non funziona. Sto ottenendo questo errore

HTTP Status 405 - Request method 'POST' not supported 

Ma se io commento queste righe in web.xml funziona:

<filter> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter> 


    <filter-mapping> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 

ho cercato di aggiungere questo config, ma non ha aiutato

<filter> 
    <display-name>springMultipartFilter</display-name> 
    <filter-name>springMultipartFilter</filter-name> 
    <filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>springMultipartFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

Questo è il mio tutto web.xml

<?xml version="1.0" encoding="UTF-8"?> 
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> 

    <!-- The definition of the Root Spring Container shared by all Servlets 
     and Filters --> 
    <context-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value> 
      /WEB-INF/spring/root-context.xml, 
      /WEB-INF/spring-security.xml 
     </param-value> 
    </context-param> 

    <!-- Creates the Spring Container shared by all Servlets and Filters --> 
    <listener> 
     <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
    </listener> 

    <!-- Processes application requests --> 
    <servlet> 
     <servlet-name>appServlet</servlet-name> 
     <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
     <init-param> 
      <param-name>contextConfigLocation</param-name> 
      <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value> 
     </init-param> 
     <load-on-startup>1</load-on-startup> 
    </servlet> 

    <servlet-mapping> 
     <servlet-name>appServlet</servlet-name> 
     <url-pattern>/</url-pattern> 
    </servlet-mapping> 

     <filter> 
    <filter-name>encodingFilter</filter-name> 
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 
    <init-param> 
     <param-name>encoding</param-name> 
     <param-value>UTF-8</param-value> 
    </init-param> 
    <init-param> 
     <param-name>forceEncoding</param-name> 
     <param-value>true</param-value> 
    </init-param> 
</filter> 

<filter-mapping> 
    <filter-name>encodingFilter</filter-name> 
    <url-pattern>/</url-pattern> 
</filter-mapping> 

    <!-- Spring Security --> 
     <filter> 
     <display-name>springMultipartFilter</display-name> 
     <filter-name>springMultipartFilter</filter-name> 
     <filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class> 
    </filter> 
    <filter> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter> 

    <filter-mapping> 
     <filter-name>springMultipartFilter</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 

    <filter-mapping> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 



</web-app> 

Hai idea di dove potrebbe essere un problema? Sto usando queste versioni di primavera e la primavera di sicurezza:

<org.springframework.version>4.0.4.RELEASE</org.springframework.version> 
<org.springframework.security.version>3.2.3.RELEASE</org.springframework.security.version> 

controller

@Controller 
public class FileUploadController { 

    private static final Logger logger = LoggerFactory 
      .getLogger(FileUploadController.class); 

    @RequestMapping(value = "/uploadOneFile", method = RequestMethod.POST) 
    public @ResponseBody 
    String uploadFileHandler(@RequestParam("name") String name, 
      @RequestParam("file") MultipartFile file) { 

     if (!file.isEmpty()) { 
      try { 
       byte[] bytes = file.getBytes(); 

       // Creating the directory to store file 
       String rootPath = System.getProperty("catalina.home"); 
       File dir = new File(rootPath + File.separator + "tmpFiles"); 
       if (!dir.exists()) 
        dir.mkdirs(); 

       // Create the file on server 
       File serverFile = new File(dir.getAbsolutePath() 
         + File.separator + name); 
       BufferedOutputStream stream = new BufferedOutputStream(
         new FileOutputStream(serverFile)); 
       stream.write(bytes); 
       stream.close(); 

       logger.info("Server File Location=" 
         + serverFile.getAbsolutePath()); 

       return "You successfully uploaded file=" + name; 
      } catch (Exception e) { 
       return "You failed to upload " + name + " => " + e.getMessage(); 
      } 
     } else { 
      return "You failed to upload " + name 
        + " because the file was empty."; 
     } 
    } 

} 

JSP

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> 
<%@ page session="false" %> 
<html> 
<head> 
<title>Upload File Request Page</title> 
</head> 
<body> 

    <form method="POST" action="uploadOneFile" enctype="multipart/form-data"> 
     File to upload: <input type="file" name="file"><br /> 
     Name: <input type="text" name="name"><br /> <br /> 
     <input type="submit" value="Upload"> Press here to upload the file! 
    </form> 

</body> 
</html> 

Primavera sicurezza-config

<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.2.xsd"> 

    <!-- enable use-expressions --> 
    <http auto-config="true" use-expressions="true"> 

     <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" /> 

     <!-- access denied page --> 
     <access-denied-handler error-page="/403" /> 

     <form-login 
      login-page="/login" 
      default-target-url="/admin/goods" 
      authentication-failure-url="/login?error" 
      username-parameter="username" 
      password-parameter="password" /> 
     <logout logout-success-url="/login?logout" /> 
     <!-- enable csrf protection --> 
     <csrf/> 
    </http> 

    <!-- Select users and user_roles from database --> 
    <authentication-manager> 
     <authentication-provider> 
     <jdbc-user-service data-source-ref="dataSource" 
      users-by-username-query= 
      "select username,password, enabled from admin where username=?" 
      authorities-by-username-query= 
      "select username, role from user_roles where username =? " /> 
     </authentication-provider> 
    </authentication-manager> 

</beans:beans> 

Answer 1

ho risolto questo problema, ho aggiunto ? $ {_ Csrf.parameterName} = $ {_ csrf.token} alla fine della mia azione forma

<form method="POST" action="uploadOneFile**?${_csrf.parameterName}=${_csrf.token}**" enctype="multipart/form-data"> 

Ora funziona!

Answer 2

Modificare la seguente

<form method="POST" action="uploadOneFile" enctype="multipart/form-data"> 

a seguire

<form method="POST" action="/uploadOneFile" enctype="multipart/form-data"> 

Fatemi sapere se funziona, se non allora io suggerisco un'altra cosa.