Ric*_*ich 7 java spring servlets spring-mvc spring-security
我在servlet多部分帖子中无法访问Spring Security信息.弹出安全信息在常规get和post方法中可用,但不适用于多部分post方法.我尝试直接通过SecurityContextHolder.getContext().getAuthentication()以及访问SecurityContextHolder.getContext().getAuthentication()的注入服务来访问此安全信息失败.
我还实现了一个HttpRequestHandler和一个ServletWrappingController.再一次,我能够成功地将spring bean注入其中并访问Spring Security信息以获取常规的get和post方法,但是我无法访问多部分帖子的Spring Security信息.我知道Spring 3.0中内置了新的MultiPart功能,但由于我们的网站需要完全访问文件上传流,我将无法使用它们.出于这个原因,我专注于HttpServlet,HttpRequestHandler和ServletWrappingController.
我在这里发布的代码是为解决这个特定问题所编写的所有测试代码,我面临着在分段上传期间无法获得的安全信息(并不意味着具有生产质量).这是一个HttpServlet.
如果我做错了,请告诉我.或者,如果没有,是否有解决方法或更好的方法来完成可以访问Spring Security信息的多部分上传,同时保持对文件上载流的访问?任何人可以提供此问题的任何帮助将不胜感激!
下面是测试servlet代码.根据使用Spring Security 3.1登录到网站的用户,下面有关哪些有效以及哪些无效的评论:
//many import statements not displayed
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.context.support.SpringBeanAutowiringSupport;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
public class UploadServlet extends HttpServlet {
public void service(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
super.service(req, res);
}
public void init(ServletConfig config) throws ServletException {
super.init(config);
SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this,
config.getServletContext());
}
//The following is always injected and available
//however, it only returns valid security information for regular get and post methods,
//not for multipart post methods
@Autowired
private CustomUserService customUserService;
//The following is always injected and available and always returns the expected data
@Autowired
private GuideService guideService;
//the following does not work when the client issues a multipart post, it does work for non-multipart
public boolean getAuthenticated(){
boolean authorized = false;
for (GrantedAuthority authority : SecurityContextHolder.getContext().getAuthentication().getAuthorities()) {
if(authority.getAuthority().equals("ROLE_USER") || authority.getAuthority().equals("ROLE_ADMIN")) {
authorized = true;
break;
}
}
return authorized;
}
//The following test get method works fine
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
if(getAuthenticated()){
PrintWriter out = resp.getWriter();
out.write("<h1>Guide Info</h1><br/>");
Guide guide = guideService.findById(2l);
out.write(guide.getName() + "<br/>");
out.write(guide.getDescription() + "<br/>");
out.write("UserName: " + customUserService.getCurrentUser().getUsername() + "<br/>");
}
else{
PrintWriter out = resp.getWriter();
out.write("<h1>You're not authorized</h1><br/>");
}
}
//This post method
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//the following always works, whether the clients posts using multipart or not
String guideName = guideService.findById(2l).getName();
//the following does not work when the client issues a multipart post, it does work for non-multipart
String userName = customUserService.getCurrentUser().getUsername();
//the following does not work when the client issues a multipart post, it does work for non-multipart
if(getAuthenticated()){
String responseString = RESP_SUCCESS;
boolean isMultipart = ServletFileUpload.isMultipartContent(req);
if (isMultipart) {
ServletFileUpload upload = new ServletFileUpload();
//commmons fileupload code
// Not a multi-part MIME request.
else {
//...
}
//...
}
else{
//...
}
}
}
这是web.xml的相关部分:
<servlet>
<servlet-name>fgm</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/spring/webmvc-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>fgm</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>UploadServlet</servlet-name>
<servlet-class>com.guides.servlet.UploadServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>UploadServlet</servlet-name>
<url-pattern>/upload</url-pattern>
</servlet-mapping>
如果您使用 Spring MVC,这可能会对您有所帮助:
{
@RequestMapping(method = RequestMethod.POST, value = "/some/post/url")
public void postFile(MultipartHttpServletRequest request) {
MultipartFile multipartFile = request.getFileMap().get("fileControlName");
...
}
}
| 归档时间: |
|
| 查看次数: |
862 次 |
| 最近记录: |