在 Struts 2 中上传被 Spring Security 阻止的文件

Posted

技术标签:

【中文标题】在 Struts 2 中上传被 Spring Security 阻止的文件【英文标题】:Upload File Blocked by Spring Security in Struts 2 【发布时间】:2017-11-05 12:14:58 【问题描述】:

我正在使用 Spring 和 Struts 2、Hibernate、Spring Security。 我的问题是当我点击提交海报 JSP 页面阻止访问时。 我认为resultAction 中的问题没有执行。

DocumentAction.java:

package com.web.actions;


import java.io.File;

import com.opensymphony.xwork2.ActionSupport;

public class DocumentAction extends ActionSupport 

    
        /**
     * 
     */
    private static final long serialVersionUID = -8801071547543777086L;
        private File fileUpload;
        private String fileUploadContentType;
        private String fileUploadFileName;

        public String getFileUploadContentType() 
            return fileUploadContentType;
        

        public void setFileUploadContentType(String fileUploadContentType) 
            this.fileUploadContentType = fileUploadContentType;
        

        public String getFileUploadFileName() 
            return fileUploadFileName;
        

        public void setFileUploadFileName(String fileUploadFileName) 
            this.fileUploadFileName = fileUploadFileName;
        

        public File getFileUpload() 
            return fileUpload;
        

        public void setFileUpload(File fileUpload) 
            this.fileUpload = fileUpload;
        

        public String execute() throws Exception
            System.out.println("Votre Fichier est bien telecharger");
            return SUCCESS;
            
        
        
        public String display() 
            return NONE;
        
        
    

Security.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd">
    <http>

        <access-denied-handler error-page="/private/accessDenied.jsp" />

        <!-- permettre l'acces aux feuille de style, img, page public et JS à tous 
            le monde -->
        <!-- isAnonymous() or hasRole('ROLE_ANONYMOUS') -->
        <intercept-url pattern="/css/**" access="permitAll" />
        <intercept-url pattern="/js/**" access="permitAll" />
        <intercept-url pattern="/img/**" access="permitAll" />
        <intercept-url pattern="/login*" access="isAnonymous()" />
        <intercept-url pattern="/logout*" access="isAuthenticated()" />





        <!-- permettre l'acces aux actions public -->
        <intercept-url pattern="/public/**" access="isAnonymous()" />

        <!-- zone privée user -->
        <intercept-url pattern="/private/user/*" access="hasRole('ROLE_USER')" />
        <intercept-url pattern="/private/user/**" access="hasRole('ROLE_USER')" />
        <intercept-url pattern="/private/user/professeur/*" access="hasRole('ROLE_USER')" />
        <intercept-url pattern="/private/user/professeur/**" access="hasRole('ROLE_USER')" />
        <!-- zone privée admin -->

        <intercept-url pattern="/private/admin/*" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/private/admin/**" access="hasRole('ROLE_USER')" />
        <intercept-url pattern="/private/**" access="isAuthenticated()" />

        <intercept-url pattern="/**" access="denyAll" /> 

        <form-login login-page="/public/showLoginPage"
            default-target-url="/private/initUserHome"
            authentication-failure-url="/public/loginFailure.jsp" />

        <logout logout-success-url="/public/showLoginPage" logout-url="/logout"
            delete-cookies="JSESSIONID" />

    </http>

    <authentication-manager>
        <authentication-provider user-service-ref="utlisateurService">
            <password-encoder hash="sha">
                <salt-source user-property="username" />
            </password-encoder>

        </authentication-provider>
    </authentication-manager>
    
     <authentication-manager> 
     <authentication-provider> 
     <user-service> 
     <user name="admin" password="admin" authorities="ROLE_ADMIN" /> 
     <user name="user" password="user" authorities="ROLE_USER" />
     </user-service> 
    </authentication-provider> 
     </authentication-manager>  
</beans:beans>

struts.xml:

<package name="ProfesseurPackage" namespace="/private/user/professeur" extends="struts-default">
    
    <action name="fileUploadAction" class="com.web.actions.DocumentAction" method="display">
            <result name="none">fileupload.jsp</result>
        </action>
        
        <action name="resultAction" class="com.web.actions.DocumentAction" method="execute">

            <interceptor-ref name="exception"/>
            <interceptor-ref name="i18n"/>
            <interceptor-ref name="fileUpload">
                <param name="allowedTypes">text/plain</param>
                <param name="maximumSize">10240</param>
            </interceptor-ref> 
            <interceptor-ref name="params">
                <param name="excludeParams">dojo\..*,^struts\..*</param>
            </interceptor-ref>
            <interceptor-ref name="validation">
                <param name="excludeMethods">input,back,cancel,browse</param>
            </interceptor-ref>
            <interceptor-ref name="workflow">
                <param name="excludeMethods">input,back,cancel,browse</param>
            </interceptor-ref>
    
            <result name="success">result.jsp</result>
            <result name="input">fileupload.jsp</result>
            
        </action>

    
    </package>  

fileupload.jsp:

<%@ taglib prefix="s" uri="/struts-tags" %>
<html>
<head>
<s:head />
</head>

<body>
<h1>Struts 2 &lt;s:file&gt; file upload example</h1>

<s:form action="resultAction" method="POST" enctype="multipart/form-data">
<input type="hidden" name="$_csrf.parameterName"
                    value="$_csrf.token" />
<s:file name="fileUpload" label="Select a File to upload" size="40" />

<s:submit value="submit" name="submit" />
    
</s:form>

</body>
</html

【问题讨论】:

【参考方案1】:

namespace 属性添加到&lt;s:form&gt; 标记。因为上传动作是在/private/user/professeur下配置的。应确定用户使用此命名空间。

<s:form action="resultAction" namespace="/private/user/professeur" method="POST" enctype="multipart/form-data">

【讨论】:

以上是关于在 Struts 2 中上传被 Spring Security 阻止的文件的主要内容,如果未能解决你的问题,请参考以下文章

Struts2 + Spring Security 2.06:尝试在 Action 方法上使用 @Secured 时,Valuestack 为空

eclipse整合Spring 4 + Struts 2.5 + Hibernate 4.2

struts文件上传

更改struts 2上传文件的默认错误消息

Struts2--文件上传与下载

Struts2--文件上传与下载