spring security 导致的上传问题

似故人来 发布于 2015/05/23 16:40
阅读 2K+
收藏 0

我在使用spring mvc 上传的时候,上传禁止403,此时已经用admin登陆。

DEBUG (org.springframework.security.web.context.HttpSessionSecurityContextRepository:192) - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@4da127af: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@4da127af: Principal: spring.security.maven.common.MyUserDetails@491db9b1; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffdaa08: RemoteIpAddress: 127.0.0.1; SessionId: EA7B3C22B136D6FED57DD3DD336B5E62; Granted Authorities: ROLE_ADMIN, ROLE_USER'
2015-05-23 16:28:19,353 DEBUG (org.springframework.security.web.FilterChainProxy:324) - /admin/fileUpload at position 2 of 15 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
2015-05-23 16:28:19,353 DEBUG (org.springframework.security.web.FilterChainProxy:324) - /admin/fileUpload at position 3 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-05-23 16:28:19,353 DEBUG (org.springframework.security.web.FilterChainProxy:324) - /admin/fileUpload at position 4 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2015-05-23 16:28:19,354 DEBUG (org.springframework.security.web.header.writers.HstsHeaderWriter:128) - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@691b2c42
2015-05-23 16:28:19,354 DEBUG (org.springframework.security.web.FilterChainProxy:324) - /admin/fileUpload at position 5 of 15 in additional filter chain; firing Filter: 'CsrfFilter'
2015-05-23 16:28:19,354 DEBUG (org.springframework.security.web.csrf.CsrfFilter:106) - Invalid CSRF token found for http://localhost:8888/admin/fileUpload
2015-05-23 16:28:19,355 DEBUG (org.springframework.security.web.context.SecurityContextPersistenceFilter:105) -SecurityContextHolder now cleared, as request processing completed

上传页面

<
<form:form action="/admin/fileUpload" method="post
enctype="multipart/form-data">
 选择文件:<input type="file" name="file">
  <input type="submit" value="提交">  
<input type="hidden"  name="${_csrf.parameterName}
 value="${_csrf.token}"/>
 </form:form>

问题应该是Token问题,这个spring security 4.0


这我要怎么去设置呢

加载中
返回顶部
顶部