Spring CSRF token does not work, when the request to be sent is a multipart request

前端未结

关注

 5  573

情歌与酒 2020-11-27 22:24

I use,

Spring Framework 4.0.0 RELEASE (GA)
Spring Security 3.2.0 RELEASE (GA)
Struts 2.3.16

In which, I use an in-built securi

5条回答

栀梦 (楼主)

2020-11-27 22:55

In case of Spring Boot + Security + CSRF + Multipart, multipart files get binding to neither ModelAttribure nor RequestParam (MultipartFile file)

Below Code Worked fine for me.

1.MvcConfiguration.java

@Configuration
@EnableWebMvc
@ComponentScan
public class MvcConfiguration extends WebMvcConfigurerAdapter { 

.......
......

/*
     * Case : Spring Boot + Security + CSRF + Mulitpart 
     * In this case, since it is a multipart request in which the CSRF token is unavailable to Spring security unless MultipartFilter along with MultipartResolver 
     * is properly configured so that the multipart request can be processed by Spring.
     * 
     * And 
     * 
     * The multipart/form-data filter (MultipartFilter) needs to be registered before the SecurityConfig that enables the CSRF.
     * So that's why 
     * 1. reg.setOrder(1); //below
     * 2. security.filter-order=2 // in application.properties
     */

    @Bean
    public FilterRegistrationBean registerMultipartFilter() {
        FilterRegistrationBean reg = new FilterRegistrationBean(new MultipartFilter());
        reg.setOrder(1);
        return reg;
    }

    @Bean(name = "filterMultipartResolver")
    public CommonsMultipartResolver filterMultipartResolver() {
        CommonsMultipartResolver filterMultipartResolver = new CommonsMultipartResolver();
        filterMultipartResolver.setDefaultEncoding("utf-8");
        // resolver.setMaxUploadSize(512000);
        return filterMultipartResolver;
    }
.....
.....
}

2. application.properties

security.filter-order=2

0 讨论(0)

查看其它5个回答