在 Struts 2 中上传被 Spring Security 阻止的文件
Posted
技术标签:
【中文标题】在 Struts 2 中上传被 Spring Security 阻止的文件【英文标题】:Upload File Blocked by Spring Security in Struts 2 【发布时间】:2017-11-05 12:14:58 【问题描述】:我正在使用 Spring 和 Struts 2、Hibernate、Spring Security。
我的问题是当我点击提交海报 JSP 页面阻止访问时。
我认为resultAction 中的问题没有执行。
DocumentAction.java:
package com.web.actions;
import java.io.File;
import com.opensymphony.xwork2.ActionSupport;
public class DocumentAction extends ActionSupport
/**
*
*/
private static final long serialVersionUID = -8801071547543777086L;
private File fileUpload;
private String fileUploadContentType;
private String fileUploadFileName;
public String getFileUploadContentType()
return fileUploadContentType;
public void setFileUploadContentType(String fileUploadContentType)
this.fileUploadContentType = fileUploadContentType;
public String getFileUploadFileName()
return fileUploadFileName;
public void setFileUploadFileName(String fileUploadFileName)
this.fileUploadFileName = fileUploadFileName;
public File getFileUpload()
return fileUpload;
public void setFileUpload(File fileUpload)
this.fileUpload = fileUpload;
public String execute() throws Exception
System.out.println("Votre Fichier est bien telecharger");
return SUCCESS;
public String display()
return NONE;
Security.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<http>
<access-denied-handler error-page="/private/accessDenied.jsp" />
<!-- permettre l'acces aux feuille de style, img, page public et JS à tous
le monde -->
<!-- isAnonymous() or hasRole('ROLE_ANONYMOUS') -->
<intercept-url pattern="/css/**" access="permitAll" />
<intercept-url pattern="/js/**" access="permitAll" />
<intercept-url pattern="/img/**" access="permitAll" />
<intercept-url pattern="/login*" access="isAnonymous()" />
<intercept-url pattern="/logout*" access="isAuthenticated()" />
<!-- permettre l'acces aux actions public -->
<intercept-url pattern="/public/**" access="isAnonymous()" />
<!-- zone privée user -->
<intercept-url pattern="/private/user/*" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/private/user/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/private/user/professeur/*" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/private/user/professeur/**" access="hasRole('ROLE_USER')" />
<!-- zone privée admin -->
<intercept-url pattern="/private/admin/*" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/private/admin/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/private/**" access="isAuthenticated()" />
<intercept-url pattern="/**" access="denyAll" />
<form-login login-page="/public/showLoginPage"
default-target-url="/private/initUserHome"
authentication-failure-url="/public/loginFailure.jsp" />
<logout logout-success-url="/public/showLoginPage" logout-url="/logout"
delete-cookies="JSESSIONID" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="utlisateurService">
<password-encoder hash="sha">
<salt-source user-property="username" />
</password-encoder>
</authentication-provider>
</authentication-manager>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_ADMIN" />
<user name="user" password="user" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
struts.xml:
<package name="ProfesseurPackage" namespace="/private/user/professeur" extends="struts-default">
<action name="fileUploadAction" class="com.web.actions.DocumentAction" method="display">
<result name="none">fileupload.jsp</result>
</action>
<action name="resultAction" class="com.web.actions.DocumentAction" method="execute">
<interceptor-ref name="exception"/>
<interceptor-ref name="i18n"/>
<interceptor-ref name="fileUpload">
<param name="allowedTypes">text/plain</param>
<param name="maximumSize">10240</param>
</interceptor-ref>
<interceptor-ref name="params">
<param name="excludeParams">dojo\..*,^struts\..*</param>
</interceptor-ref>
<interceptor-ref name="validation">
<param name="excludeMethods">input,back,cancel,browse</param>
</interceptor-ref>
<interceptor-ref name="workflow">
<param name="excludeMethods">input,back,cancel,browse</param>
</interceptor-ref>
<result name="success">result.jsp</result>
<result name="input">fileupload.jsp</result>
</action>
</package>
fileupload.jsp:
<%@ taglib prefix="s" uri="/struts-tags" %>
<html>
<head>
<s:head />
</head>
<body>
<h1>Struts 2 <s:file> file upload example</h1>
<s:form action="resultAction" method="POST" enctype="multipart/form-data">
<input type="hidden" name="$_csrf.parameterName"
value="$_csrf.token" />
<s:file name="fileUpload" label="Select a File to upload" size="40" />
<s:submit value="submit" name="submit" />
</s:form>
</body>
</html
【问题讨论】:
【参考方案1】:将namespace 属性添加到<s:form> 标记。因为上传动作是在/private/user/professeur下配置的。应确定用户使用此命名空间。
<s:form action="resultAction" namespace="/private/user/professeur" method="POST" enctype="multipart/form-data">
【讨论】:
以上是关于在 Struts 2 中上传被 Spring Security 阻止的文件的主要内容,如果未能解决你的问题,请参考以下文章
Struts2 + Spring Security 2.06:尝试在 Action 方法上使用 @Secured 时,Valuestack 为空