Created
August 12, 2014 10:39
-
-
Save damogallagher/26935a84b607df3ec46b to your computer and use it in GitHub Desktop.
Spring Security and MultiPart File Uploads - Not Working Correctly Yet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" | |
pageEncoding="ISO-8859-1"%> | |
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> | |
<html> | |
<head> | |
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> | |
<title>FileUpload</title> | |
</head> | |
<body> | |
<form name='fileUploadForm' | |
action="processFileUpload" method='POST' enctype="multipart/form-data"> | |
<table> | |
<tr> | |
<td>File:</td> | |
<td><input type='file' name='file'></td> | |
</tr> | |
<tr> | |
<td colspan='2'><input name="upload" type="submit" | |
value="Upload" /></td> | |
</tr> | |
</table> | |
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" /> | |
</form> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.test.controller; | |
import org.springframework.stereotype.Controller; | |
import org.springframework.web.bind.annotation.RequestMapping; | |
import org.springframework.web.bind.annotation.RequestMethod; | |
import org.springframework.web.bind.annotation.RequestParam; | |
import org.springframework.web.multipart.MultipartFile; | |
import org.springframework.web.servlet.ModelAndView; | |
import org.slf4j.Logger; | |
import org.slf4j.LoggerFactory; | |
@Controller | |
public class HelloController { | |
/** Local log variable. **/ | |
private static final Logger LOG = LoggerFactory.getLogger(HelloController.class); | |
@RequestMapping(value = { "/welcome**" }, method = RequestMethod.GET) | |
public ModelAndView welcomePage() { | |
ModelAndView model = new ModelAndView(); | |
model.addObject("title", "Spring Security Custom Login Form"); | |
model.addObject("message", "This is welcome page!"); | |
model.setViewName("hello"); | |
return model; | |
} | |
@RequestMapping(value = "/admin**", method = RequestMethod.GET) | |
public ModelAndView adminPage() { | |
ModelAndView model = new ModelAndView(); | |
model.addObject("title", "Spring Security Custom Login Form"); | |
model.addObject("message", "This is protected page!"); | |
model.setViewName("admin"); | |
return model; | |
} | |
@RequestMapping(value = "/login", method = RequestMethod.GET) | |
public ModelAndView login(@RequestParam(value = "error", required = false) String error, | |
@RequestParam(value = "logout", required = false) String logout) { | |
ModelAndView model = new ModelAndView(); | |
if (error != null) { | |
model.addObject("error", "Invalid username and password!"); | |
} | |
if (logout != null) { | |
model.addObject("msg", "You've been logged out successfully."); | |
} | |
model.setViewName("login"); | |
return model; | |
} | |
@RequestMapping(value = "/", method = RequestMethod.GET) | |
public ModelAndView preUploadFile(){ | |
LOG.info("Entered preUploadFile"); | |
ModelAndView model = new ModelAndView(); | |
model.setViewName("fileUpload"); | |
LOG.info("Exiting preUploadFile"); | |
return model; | |
} | |
@RequestMapping(value = "/processFileUpload", method = RequestMethod.POST) | |
public ModelAndView processFileUpload(@RequestParam("file") MultipartFile file){ | |
LOG.info("Entered processFileUpload"); | |
ModelAndView model = new ModelAndView(); | |
model.setViewName("fileUpload"); | |
LOG.info("Exiting processFileUpload"); | |
return model; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<beans xmlns="http://www.springframework.org/schema/beans" | |
xmlns:context="http://www.springframework.org/schema/context" | |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
xmlns:mvc="http://www.springframework.org/schema/mvc" | |
xsi:schemaLocation=" | |
http://www.springframework.org/schema/beans | |
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd | |
http://www.springframework.org/schema/context | |
http://www.springframework.org/schema/context/spring-context-3.0.xsd | |
http://www.springframework.org/schema/mvc | |
http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd"> | |
<context:annotation-config /> | |
<context:component-scan base-package="com.test.*" /> | |
<mvc:annotation-driven /> | |
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> | |
<property name="prefix"> | |
<value>/WEB-INF/pages/</value> | |
</property> | |
<property name="suffix"> | |
<value>.jsp</value> | |
</property> | |
</bean> | |
<bean id="filterMultipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver"> | |
<property name="maxUploadSize" value="100000000" /> | |
</bean> | |
</beans> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | |
<modelVersion>4.0.0</modelVersion> | |
<groupId>com.test</groupId> | |
<artifactId>SpringSecurityAndMultipartUploads</artifactId> | |
<version>0.0.1-SNAPSHOT</version> | |
<packaging>war</packaging> | |
<properties> | |
<jdk.version>1.6</jdk.version> | |
<spring.version>4.0.6.RELEASE</spring.version> | |
<spring.security.version>3.2.4.RELEASE</spring.security.version> | |
<jstl.version>1.2</jstl.version> | |
<commons-fileupload-version>1.3.1</commons-fileupload-version> | |
<logback-version>1.1.2</logback-version> | |
</properties> | |
<dependencies> | |
<!-- Spring 3 dependencies --> | |
<dependency> | |
<groupId>org.springframework</groupId> | |
<artifactId>spring-core</artifactId> | |
<version>${spring.version}</version> | |
</dependency> | |
<dependency> | |
<groupId>org.springframework</groupId> | |
<artifactId>spring-web</artifactId> | |
<version>${spring.version}</version> | |
</dependency> | |
<dependency> | |
<groupId>org.springframework</groupId> | |
<artifactId>spring-webmvc</artifactId> | |
<version>${spring.version}</version> | |
</dependency> | |
<!-- Spring Security --> | |
<dependency> | |
<groupId>org.springframework.security</groupId> | |
<artifactId>spring-security-web</artifactId> | |
<version>${spring.security.version}</version> | |
</dependency> | |
<dependency> | |
<groupId>org.springframework.security</groupId> | |
<artifactId>spring-security-config</artifactId> | |
<version>${spring.security.version}</version> | |
</dependency> | |
<!-- jstl for jsp page --> | |
<dependency> | |
<groupId>jstl</groupId> | |
<artifactId>jstl</artifactId> | |
<version>${jstl.version}</version> | |
</dependency> | |
<dependency> | |
<groupId>commons-fileupload</groupId> | |
<artifactId>commons-fileupload</artifactId> | |
<version>${commons-fileupload-version}</version> | |
</dependency> | |
<dependency> | |
<groupId>ch.qos.logback</groupId> | |
<artifactId>logback-classic</artifactId> | |
<version>${logback-version}</version> | |
</dependency> | |
</dependencies> | |
<build> | |
<finalName>SpringSecurityAndMultipartUploads</finalName> | |
<plugins> | |
<plugin> | |
<groupId>org.apache.maven.plugins</groupId> | |
<artifactId>maven-compiler-plugin</artifactId> | |
<version>2.3.2</version> | |
<configuration> | |
<source>${jdk.version}</source> | |
<target>${jdk.version}</target> | |
</configuration> | |
</plugin> | |
<plugin> | |
<groupId>org.apache.maven.plugins</groupId> | |
<artifactId>maven-war-plugin</artifactId> | |
<configuration> | |
<webXml>WebContent\WEB-INF\web.xml</webXml> | |
</configuration> | |
</plugin> | |
<plugin> | |
<groupId>org.apache.maven.plugins</groupId> | |
<artifactId>maven-eclipse-plugin</artifactId> | |
<version>2.9</version> | |
<configuration> | |
<downloadSources>true</downloadSources> | |
<downloadJavadocs>false</downloadJavadocs> | |
<wtpversion>2.0</wtpversion> | |
</configuration> | |
</plugin> | |
</plugins> | |
</build> | |
</project> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<beans:beans xmlns="http://www.springframework.org/schema/security" | |
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
xsi:schemaLocation="http://www.springframework.org/schema/beans | |
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd | |
http://www.springframework.org/schema/security | |
http://www.springframework.org/schema/security/spring-security-3.2.xsd"> | |
<http auto-config="true" use-expressions="true"> | |
<intercept-url pattern="/admin**" access="ROLE_ADMIN" /> | |
<anonymous enabled="true" granted-authority="REGULAR"/> | |
<form-login | |
login-page="/login" | |
default-target-url="/welcome" | |
authentication-failure-url="/login?error" | |
username-parameter="username" | |
password-parameter="password" /> | |
<logout logout-success-url="/login?logout" /> | |
<!-- enable csrf protection --> | |
<csrf/> | |
</http> | |
<authentication-manager> | |
<authentication-provider> | |
<user-service> | |
<user name="normal" password="normal" authorities="ROLE_USER" /> | |
<user name="admin" password="admin" authorities="ROLE_ADMIN" /> | |
</user-service> | |
</authentication-provider> | |
</authentication-manager> | |
</beans:beans> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<web-app id="WebApp_ID" version="2.4" | |
xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee | |
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> | |
<display-name>SpringSecurityAndMultipartUploads</display-name> | |
<!-- Spring MVC --> | |
<servlet> | |
<servlet-name>mvc-dispatcher</servlet-name> | |
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> | |
<load-on-startup>1</load-on-startup> | |
</servlet> | |
<servlet-mapping> | |
<servlet-name>mvc-dispatcher</servlet-name> | |
<url-pattern>/</url-pattern> | |
</servlet-mapping> | |
<listener> | |
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> | |
</listener> | |
<context-param> | |
<param-name>contextConfigLocation</param-name> | |
<param-value> | |
/WEB-INF/spring-security.xml | |
</param-value> | |
</context-param> | |
<filter> | |
<description> | |
Allows the application to accept multipart file data. | |
</description> | |
<display-name>multipartFilter</display-name> | |
<filter-name>multipartFilter</filter-name> | |
<filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class> | |
</filter> | |
<filter-mapping> | |
<filter-name>multipartFilter</filter-name> | |
<url-pattern>/*</url-pattern> | |
</filter-mapping> | |
<filter> | |
<description> | |
Secures access to web resources using the Spring Security framework. | |
</description> | |
<display-name>springSecurityFilterChain</display-name> | |
<filter-name>springSecurityFilterChain</filter-name> | |
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> | |
</filter> | |
<filter-mapping> | |
<filter-name>springSecurityFilterChain</filter-name> | |
<url-pattern>/*</url-pattern> | |
<dispatcher>ERROR</dispatcher> | |
<dispatcher>FORWARD</dispatcher> | |
<dispatcher>REQUEST</dispatcher> | |
</filter-mapping> | |
</web-app> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment