发表新帖
发表新帖

Spring Security 3.2 CSRF support for multipart requests

后端 未结
关注
4 1213
暗喜
暗喜 2020-11-27 15:43

We have been using Spring Security with our application for a few years now. Last week we upgraded Spring Security from version 3.1.4 to 3.2.0. The upgrade went fine and w

4条回答
  • 粉色の甜心
    粉色の甜心 (楼主)
    2020-11-27 16:33

    I was able to resolve this with help from the Spring Security team. I have updated the Gist to reflect a working configuration. I had to follow the steps given below in order to get everything to work as expected.

    1. Common Step

    Add a MultipartFilter to web.xml as described in the answer by @holmis83, ensuring that it is added before the Spring Security configuration:

    
    springMultipartFilter
    springMultipartFilter
    org.springframework.web.multipart.support.MultipartFilter


    springMultipartFilter
    /*



    springSecurityFilterChain
    springSecurityFilterChain
    org.springframework.web.filter.DelegatingFilterProxy


    springSecurityFilterChain
    /*
    ERROR
    FORWARD
    REQUEST

    2.1. Using Apache Commons Multipart Resolver

    Ensure that there is an Apache Commons Multipart Resolver bean named filterMultipartResolver in the root Spring application context. I will stress this again, make sure that the Multipart Resolver is declared in the root Spring Context (usually called applicationContext.xml). For example,

    web.xml

    
    contextConfigLocation
    
        classpath*:springWebMultipartContext.xml

    springWebMultipartContext.xml

    Make sure that the bean is called filterMultipartResolver as any other bean name is not picked up by MultipartFilter configured in web.xml. My initial configuration was not working because this bean was named multipartResolver. I even tried passing the bean name to MultipartFilter using web.xml init-param but that did not work either.

    2.2. Using Tomcat Multipart support

    Tomcat 7.0+ has in-built multipart support, but it has to be explicitly enabled. Either change the global Tomcat context.xml file as follows or include a local context.xml file in your WAR file for this support to work without making any other changes to your application.

    
    ...

    After these changes using Apache Commons Multipart Resolver our application is working so far on Tomcat, Jetty and Weblogic.

    0 讨论(0)
 看不清?
提交回复
热议问题