天道酬勤,学无止境

Issue with Spring Security, Spring Webflow, file uploads and UTF-8

I have a problem very similar to the one described here: File Upload using Spring WebFlow 2.4.0, parameter not binded, but that one didn't mention anything about UTF-8 issues. I'm using Spring Framework 4.1.6, Spring Security 4.0.2 and Spring Webflow 2.4.2.

It revolves around StandardServletMultipartResolver vs. CommonsMultipartResolver as far as I can tell, but I'm not sure. If I use CommonsMultipartResolver I can upload files on any page except for Webflow pages fine and UTF-8 encoding works as well on all pages. However on the Webflow pages an exception is thrown trying to access the file . If I use StandardServletMultipartResolver then all of the file uploads work, including Webflow, but on any page that has a UTF-8 character, e.g., caractère, I get garbage.

The wierd thing is I can see in FireBug that the file is being posted when I use the commons resolver. Also, if I debug the RequestContext coming from Webflow I can also see the file buried 4 levels deep in requests. The code for the common resolver (see end of post for the standard resolver code):

public FileResult uploadFile(Recipe recipe, RequestContext requestContext) {
    ServletExternalContext context = (ServletExternalContext) requestContext.getExternalContext();
    MultipartHttpServletRequest multipartRequest = new DefaultMultipartHttpServletRequest((HttpServletRequest)context.getNativeRequest());
    MultipartFile file = multipartRequest.getFile("file");

So, is this a Spring Security issue or a Spring Webflow problem? I suspect the commons resolver would work if I could cast the RequestContext above correctly, but I've tried numerous combinations with no luck. Any guidance on this would be greatly appreciated.

Here are some relevant configurations and code:

WebMvcConfig

@Bean
public CommonsMultipartResolver filterMultipartResolver() {
    CommonsMultipartResolver resolver = new CommonsMultipartResolver();
    resolver.setDefaultEncoding("UTF-8");
    return resolver;
}

SecurityConfig

@Override
protected void configure(HttpSecurity http) throws Exception {
    CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
    characterEncodingFilter.setEncoding("UTF-8");
    characterEncodingFilter.setForceEncoding(true);

    http
    //.csrf().disable()
    .addFilterBefore(characterEncodingFilter, CsrfFilter.class)
    ...more settings...

SecurityInitializer

@Override
protected void beforeSpringSecurityFilterChain(ServletContext servletContext) {
    insertFilters(servletContext, new MultipartFilter());
}

Webflow Action

<action-state id="uploadFile">
    <evaluate expression="fileActions.uploadFile(recipe, flowRequestContext)"/>
    <transition to="review"/>
</action-state>

Upload file method

public FileResult uploadFile(Recipe recipe, RequestContext requestContext) {
    ServletExternalContext context = (ServletExternalContext) requestContext.getExternalContext();
    MultipartHttpServletRequest multipartRequest = new StandardMultipartHttpServletRequest((HttpServletRequest)context.getNativeRequest());
    MultipartFile file = multipartRequest.getFile("file");
    ...rest of code to save the file...

评论

Turns out you can cast the RequestContext to get at the underlying MultipartHttpServletRequest but it's not pretty. Here's what I ended up with:

Upload file method

public FileResult uploadFile(Recipe recipe, RequestContext requestContext) {
    logger.debug("uploadFile");

    ServletExternalContext context = (ServletExternalContext) requestContext.getExternalContext();
    SecurityContextHolderAwareRequestWrapper wrapper1 = (SecurityContextHolderAwareRequestWrapper)context.getNativeRequest();
    HttpServletRequestWrapper wrapper2 = (HttpServletRequestWrapper)wrapper1.getRequest();
    FirewalledRequest firewall = (FirewalledRequest)wrapper2.getRequest();
    MultipartHttpServletRequest multipartRequest = (DefaultMultipartHttpServletRequest)firewall.getRequest();
    MultipartFile file = multipartRequest.getFile("file");
    ...rest of code to save the file...

Using this I get to keep the CommonsMultipartResolver, all file uploads in the app work whether Webflow or not, and I have no issues with UTF-8 and character mangling.

I'm not particularly happy with this solution (even though it works) since it's dependent upon a specific nesting of requests that could change in the future(?). I'm be interested if anyone else has run into the same UTF-8 issue and how they solved it, but for now I'm going to test the heck out of this and move on.

受限制的 HTML

  • 允许的HTML标签:<a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • 自动断行和分段。
  • 网页和电子邮件地址自动转换为链接。

相关推荐
  • 使用 Spring WebFlow 2.4.0 上传文件,未绑定参数(File Upload using Spring WebFlow 2.4.0, parameter not binded)
    问题 我使用的是 Spring Framework 4.1.5、Spring Security 4.0.0.RC2、Spring Webflow 2.4.0.RELEASE 和 Tomcat 8.0.15。 我遵循了 webflow 文档中的示例,但无法在表单 bean 中获取该文件。 表格 <form:form action="${flowExecutionUrl}" method="post" commandName="fileForm" enctype="multipart/form-data"> <form:input type="file" value="" path="multipartFileUpload"/> <button type="submit" name="_eventId_forward"><spring:message code="signup.forward"/></button> <sec:csrfInput/> </form:form> 形式豆 public class FileForm implements Serializable { private static final long serialVersionUID = 1L; private transient MultipartFile multipartFileUpload
  • File Upload using Spring WebFlow 2.4.0, parameter not binded
    I'm using Spring Framework 4.1.5, Spring Security 4.0.0.RC2, Spring Webflow 2.4.0.RELEASE and Tomcat 8.0.15. I followed the example in the webflow documentation, but I can't get the file in my form bean. The form <form:form action="${flowExecutionUrl}" method="post" commandName="fileForm" enctype="multipart/form-data"> <form:input type="file" value="" path="multipartFileUpload"/> <button type="submit" name="_eventId_forward"><spring:message code="signup.forward"/></button> <sec:csrfInput/> </form:form> The form bean public class FileForm implements Serializable { private static final long
  • 如何使用 jsf 2.0 配置 spring webflow?(How to configure spring webflow with jsf 2.0?)
    问题 我在将 JSF2.0 集成为 spring webflow 的视图技术时遇到了问题。 我设法让它“几乎”工作,唯一剩下的就是为 JSF2.0 配置 ajax 支持。 发送 Ajax 请求,接收来自服务器的响应,但响应不会触发组件的重新呈现。 几条线索可以帮助解决问题: 在生成 .js 资源链接时,JSF 行为是错误的。 JSF 尝试访问以下链接: http://localhost:8080/ ${context_path}/${flow_name} /javax.faces.resource/ jsf.js ?ln=javax.faces 这会返回 404。 我必须在模板中硬编码以下链接以获得一些 ajax 支持: http://localhost:8080/ ${context-path} /javax.faces.resource/ jsf.js.faces ?ln=javax.faces (我在关闭网络流并调查了纯 JSF 处理页面) 我假设 JSF 的配置是正确的。 如果我从处理链中删除 webflow,一切都会按预期进行。 链接没问题,重新渲染组件没问题如果我将我的服务公开为 @ManagedBean(JSF 本机方法)并且不使用 Spring 支持的 bean 重新渲染工作正常,但我无法与 webflow 和流范围变量进行交互(web-flow 没有看到本机
  • How to handle MultipartException in Spring
    My configuration is here. I made some modifications according to the answer in that post. filterMultipartResolver @Bean public StandardServletMultipartResolver filterMultipartResolver() { return new StandardServletMultipartResolver(); } AppInitializer public class AppInitializer implements WebApplicationInitializer { @Override public void onStartup(final ServletContext servletContext) throws ServletException { // Create the 'root' Spring application context final WebApplicationContext context = getContext(); // Manage the lifecycle of the root application context servletContext.addListener(new
  • 如何在 Spring 中处理 MultipartException(How to handle MultipartException in Spring)
    问题 我的配置在这里。 我根据那个帖子中的答案做了一些修改。 filterMultipartResolver @Bean public StandardServletMultipartResolver filterMultipartResolver() { return new StandardServletMultipartResolver(); } 应用初始化器 public class AppInitializer implements WebApplicationInitializer { @Override public void onStartup(final ServletContext servletContext) throws ServletException { // Create the 'root' Spring application context final WebApplicationContext context = getContext(); // Manage the lifecycle of the root application context servletContext.addListener(new ContextLoaderListener(context)); final Dynamic dispatcher =
  • 从 Spring Webflow 调用函数以存储在数据库(MySQL)中(Calling a function from Spring Webflow to store in Database(MySQL))
    问题 我有以下名为 ProcessOrder 的 POJO 类 @Id @GeneratedValue private int id; private String productname; private int customerid; private String customerName; private String shippingAdress; private int productid; private int quantity; private int status; 而这个类叫做 CartItem @Id @GeneratedValue private int cartItemId; @ManyToOne @JoinColumn(name = "cartId") @JsonIgnore private Cart cart; @ManyToOne @JoinColumn(name = "productId") private Product product; private int quantity; private double totalPrice; 这个类叫做 Cart @Id @GeneratedValue private int cartId; @OneToMany(mappedBy = "cart", cascade = CascadeType.ALL
  • 在 Spring MVC 之上使用 Spring WebFlow 什么时候有意义?(When does it make sense to use Spring WebFlow on top of Spring MVC?)
    问题 Spring MVC 已成为构建企业 Web 应用程序的非常流行的框架。 任何复杂的 Web 应用程序都有一些需要编码的流程,包括一些条件流程(即,如果信用卡信息正确,则显示订单已处理,或者如果某些内容输入不正确,则会出现验证错误)。 在 Spring MVC 之上使用 Spring WebFlow 什么时候有意义? 关于使用 Spring WebFlow 的决策过程应该是怎样的? 回答1 如果您有一个包含一些应用程序进程的 Web 应用程序。 例如,如果您有某种注册过程,一个按钮可以转到一个页面,而另一个可以转到不同的页面。 Spring Webflow 可以很好地处理向不同流程集的转换。 基本上,如果您的应用程序的某些部分在执行过程中被链接并且页面相互依赖,那么 SWF 就可以很好地使用。 回答2 我个人在 webflow 中最喜欢的是两件事: 能够继承流和视图状态。 当您想要在应用程序的不同部分之间共享一些公共逻辑方面时,这非常方便。 例如,您希望在单独的流中抽象出 CRUD 逻辑,然后允许子流继承此逻辑。 每个流都可以有输入和输出,因此您的逻辑可以非常细粒度。 强大的测试框架。 在单元测试中几乎可以涵盖流程逻辑的所有方面。 您可以模拟许多程序化的东西,例如动作触发、从一个视图到另一个视图的转换、流持久性处理等等 我不喜欢新版本的不一致和向后兼容性差。 例如,最新的
  • why im getting this error No mapping found for HTTP request with URI
    Im trying to convert my spring mvc project into spring boot. I converted all necessary files according to spring boot.There are no errors on console. But when i run my web app in browser im getting this error. No mapping found for HTTP request with URI [/onlineshopping/WEB-INF/views/page.jsp] in DispatcherServlet with name 'dispatcherServlet' any url i try to run im getting the same error why? OnlineshoppingApplication.java package net.kzn.onlineshopping; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org
  • java.lang.NoSuchMethodError: org.springframework.beans.MutablePropertyValues.add
    after adding spring webflow, jsf dependencies, i am getting the exception: java.lang.NoSuchMethodError: org.springframework.beans.MutablePropertyValues.add(Ljava/lang/String;Ljava/lang/Object;)Lorg/springframework/beans/MutablePropertyValues; any ideas how to solve this issue ? pom file: <properties> <spring.version>3.0.0.RELEASE</spring.version> <spring-security.version>3.0.2.RELEASE</spring-security.version> <tiles.version>2.1.3</tiles.version> </properties> <!-- a collection of internal and external dependencies --> <dependencies> <dependency> <groupId>javax.servlet</groupId> <artifactId
  • JSF 2.2 中的 SWF 在 com.sun.faces.application.NavigationHandlerImpl.determineViewFromActionOutcome 导致 java.lang.NullPointerException(SWF in JSF 2.2 causes java.lang.NullPointerException at com.sun.faces.application.NavigationHandlerImpl.determineViewFromActi
    问题 我有一个 JSF 2.2 + Spring WebFlow 应用程序。 当按下下面的命令按钮时 <h:commandButton value="Aggiungi" action="#{pageController.modifica}" /> 调用以下操作 public String modifica() { // ... return "gest"; } 并且需要解决以下导航案例 <navigation-case> <from-action>#{pageController.modifica}</from-action> <from-outcome>gest</from-outcome> <to-view-id>/newxhtml.xhtml</to-view-id> <redirect /> </navigation-case> 正在抛出以下异常 java.lang.NullPointerException at com.sun.faces.application.NavigationHandlerImpl.determineViewFromActionOutcome(NavigationHandlerImpl.java:1204) at com.sun.faces.application.NavigationHandlerImpl.findExactMatch
  • Calling a function from Spring Webflow to store in Database(MySQL)
    I have the following POJO class called ProcessOrder @Id @GeneratedValue private int id; private String productname; private int customerid; private String customerName; private String shippingAdress; private int productid; private int quantity; private int status; And this class called CartItem @Id @GeneratedValue private int cartItemId; @ManyToOne @JoinColumn(name = "cartId") @JsonIgnore private Cart cart; @ManyToOne @JoinColumn(name = "productId") private Product product; private int quantity; private double totalPrice; and this class called Cart @Id @GeneratedValue private int cartId;
  • Spring MVC Controller mapping does not work
    I am working on a spring-mvc project. After many tries, I am unable to the map the controller in spring. As a result, the below url always returns as 404 not found. http://localhost:8080/EcommerceBookStore/rest/welcome Here is the web.xml <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <display-name>EcommerceBookStore</display-name> <welcome-file-list> <welcome-file
  • SWF in JSF 2.2 causes java.lang.NullPointerException at com.sun.faces.application.NavigationHandlerImpl.determineViewFromActionOutcome
    I've a JSF 2.2 + Spring WebFlow application. When the below command button is pressed <h:commandButton value="Aggiungi" action="#{pageController.modifica}" /> the following action is invoked public String modifica() { // ... return "gest"; } and the following navigation case needs to be resolved <navigation-case> <from-action>#{pageController.modifica}</from-action> <from-outcome>gest</from-outcome> <to-view-id>/newxhtml.xhtml</to-view-id> <redirect /> </navigation-case> the following exception is being thrown java.lang.NullPointerException at com.sun.faces.application.NavigationHandlerImpl
  • Spring MVC 控制器映射不起作用(Spring MVC Controller mapping does not work)
    问题 我正在做一个 spring-mvc 项目。 经过多次尝试,我无法在春季映射控制器。 因此,下面的 url 总是返回 404 not found。 http://localhost:8080/EcommerceBookStore/rest/welcome 这是 web.xml <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <display-name>EcommerceBookStore</display-name> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <context-param> <param-name>contextConfigLocation<
  • Spring Web Flow 无法解析服务 bean?(Spring web flow can't resolve service bean?)
    问题 我有以下问题。 我定义了以下服务类 package godziszewski.patryk.ElectronicsStore.service.impl; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import godziszewski.patryk.ElectronicsStore.domain.Cart; import godziszewski.patryk.ElectronicsStore.domain.repository.CartRepository; import godziszewski.patryk.ElectronicsStore.exception.InvalidCartException; import godziszewski.patryk.ElectronicsStore.service.CartService; @Service public class CartServiceImpl implements CartService { @Autowired CartRepository cartRepository; public Cart create(Cart cart)
  • Spring web flow can't resolve service bean?
    I have got following problem. I defined following service class package godziszewski.patryk.ElectronicsStore.service.impl; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import godziszewski.patryk.ElectronicsStore.domain.Cart; import godziszewski.patryk.ElectronicsStore.domain.repository.CartRepository; import godziszewski.patryk.ElectronicsStore.exception.InvalidCartException; import godziszewski.patryk.ElectronicsStore.service.CartService; @Service public class CartServiceImpl implements CartService { @Autowired CartRepository
  • Spring 3 , Spring Web Flow 2 dependencies problem
    i am trying to use spring 3 with spring web flow 2 the problem is that i am using spring 3, and spring web flow 2 depends on spring 2 libraries so it tries to download them, so is the solution that in every web flow library i will exclude all spring 3 libraries or what ? please advise here's my pom file: <properties> <spring.version>3.0.0.RELEASE</spring.version> <spring-security.version>3.0.2.RELEASE</spring-security.version> <tiles.version>2.1.3</tiles.version> </properties> <!-- a collection of internal and external dependencies --> <dependencies> <dependency> <groupId>javax.servlet<
  • How to configure spring webflow with jsf 2.0?
    I have a problem integration JSF2.0 as a view technology to spring webflow. I managed to get it "almost" working, the only thing left is configuring ajax support for JSF2.0. Ajax requests are sent, responses from the server are received, but the response doesn't trigger re-rendering of the component. Few clues to help to solve the problem: When it comes to generating .js links to resources, JSF behavior is wrong. JSF tries to access the following link: http://localhost:8080/${context_path}/${flow_name}/javax.faces.resource/jsf.js?ln=javax.faces This gives 404 back. I had to hard-code the
  • 使用JSF作为Spring MVC的视图技术(Using JSF as view technology of Spring MVC)
    问题 我目前正在实现一个小型Spring MVC PoC,并且我想使用JSF作为视图技术,因为我公司中的大多数人都习惯于带有Primefaces环境的J2EE。 Spring MVC 3是否支持JSF或仅支持JSP? 我读过多篇文章,将两者结合在一起。 我需要创建一个吸引人的UI。 使用Spring MVC和JSP作为视图技术,有没有简单的方法可以做到这一点? 我们的应用程序在多个页面中使用时间表/日历。 这基本上是一个时间管理APP 回答1 您正在犯一个概念上的错误。 JSF不是视图技术。 JSF是一个MVC框架。 就像Spring MVC一样,尽管两者都有不同的意识形态。 JSF是基于组件的MVC,而Spring MVC是基于请求的MVC。 因此,他们是完全的竞争对手。 您不能混合它们。 您应该选择一个。 相反,JSP和Facelets是真正的视图技术。 自Java EE 6(2009年12月)以来,已弃用JSP,并将其替换为Facelets(XHTML),作为JSF的默认视图技术。 您可以将Spring MVC与JSP视图技术一起使用。 您还可以将Spring MVC与Facelets视图技术一起使用(以及许多其他功能)。 但是您不能将Spring MVC与JSF组件一起使用,更不能与诸如PrimeFaces之类的JSF组件库一起使用。 JSF输出组件可能起作用
  • 尝试在Spring WebFlow Project的服务级别上运行junit测试。 假设$ AssumptionViolatedException(Trying to run junit test on service level of Spring WebFlow Project. Assume$AssumptionViolatedException)
    问题 我正在尝试从Eclipse内部以及通过带有mvn test的控制台在Spring Web Flow项目上使用junit运行我的第一个测试,但是却给了我同样的错误。 java.lang.NoClassDefFoundError:org / junit / Assume $ AssumptionViolatedException 这是我的Java代码: package org.uftwf.memberinquiry.text; import junit.framework.Assert; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.uftwf.memberinquiry.model.MemberInquiryInformation; import org.uftwf.memberinquiry.model