CharacterEncodingFilter不能与Spring Security 3.2.0一起使用 [英] CharacterEncodingFilter don't work together with Spring Security 3.2.0

查看:74
本文介绍了CharacterEncodingFilter不能与Spring Security 3.2.0一起使用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我是Spring MVC框架的新手,但遇到一个我自己无法解决的问题.当我将Spring Security与我的应用程序集成后,一切都开始了,之后HTML表单中的所有unicode值都未编码(Spring Security正常工作).我得出结论,这可能是因为我的DelegatingFilterProxy被称为链中的第一个过滤器.

I'm new to Spring MVC framework and I have got an issue that I can not resolve by myself. Everything started when I integrated spring security with my application, after that all unicode values from HTML form were not encoded (spring security works correctly). I came to conclusion that this is happening probably because my DelegatingFilterProxy is called as the first filter in the chain.

这是我认为可以使用的配置,但无效:

Here is my configuration that I thought will work, but it doesn't:

1)我正在从Javadoc扩展AbstractSecurityWebApplicationInitializer-

1)I'm extending AbstractSecurityWebApplicationInitializer - from javadoc:

Registers the DelegatingFilterProxy to use the springSecurityFilterChain() before any
other registered Filter.

从该类中,我还重写了有关javadoc的beforeSpringSecurityFilterChain方法:

From that class I also override beforeSpringSecurityFilterChain method which regarding to javadoc:

Invoked before the springSecurityFilterChain is added.

所以我认为这将是注册CharacterEncodingFilter的最佳位置:

So I thought this will be the best place to register CharacterEncodingFilter:

public class MessageSecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
    @Override
    protected void beforeSpringSecurityFilterChain(ServletContext servletContext) {
        FilterRegistration.Dynamic characterEncodingFilter = servletContext.addFilter("encodingFilter", new CharacterEncodingFilter());
        characterEncodingFilter.setInitParameter("encoding", "UTF-8");
        characterEncodingFilter.setInitParameter("forceEncoding", "true");
        characterEncodingFilter.addMappingForUrlPatterns(null, true, "/*");
    }
}

但这不起作用.

我烦的另一个选择是通过重写getServletFilters()方法来通过AbstractAnnotationConfigDispatcherServletInitializer类注册过滤器:

Another option I tired was to register filter through AbstractAnnotationConfigDispatcherServletInitializer class by overriding getServletFilters() method:

public class WebAppInitializer extends
        AbstractAnnotationConfigDispatcherServletInitializer {

    //{!begin addToRootContext}
    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class<?>[] { SecurityConfig.class, DatabaseConfig.class, InternationalizationConfig.class };
    }
    //{!end addToRootContext}

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return new Class<?>[] { WebAppConfig.class };
    }

    @Override
    protected String[] getServletMappings() {
        return new String[] { "/" };
    }

    @Override
    protected Filter[] getServletFilters() {

        CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
        characterEncodingFilter.setEncoding("UTF-8");
        characterEncodingFilter.setForceEncoding(true);
        return new Filter[] { characterEncodingFilter};
    }
}

但是这也不起作用.是否有人遇到相同的问题或有解决此问题的想法?

But this do not work neither. Does anyone come across the same issue or have got some ideas how to resolve this?

这是我通过AbstractSecurityWebApplicationInitializer注册编码过滤器的第一个选项的完整配置:

Here is my full configuration for the first option where I'm registering encoding filter through AbstractSecurityWebApplicationInitializer:

@Order(1)
public class MessageSecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
    @Override
    protected void beforeSpringSecurityFilterChain(ServletContext servletContext) {
        FilterRegistration.Dynamic characterEncodingFilter = servletContext.addFilter("encodingFilter", new CharacterEncodingFilter());
        characterEncodingFilter.setInitParameter("encoding", "UTF-8");
        characterEncodingFilter.setInitParameter("forceEncoding", "true");
        characterEncodingFilter.addMappingForUrlPatterns(null, true, "/*");
    }
}

@Order(2)
public class WebAppInitializer extends
        AbstractAnnotationConfigDispatcherServletInitializer {

    //{!begin addToRootContext}
    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class<?>[] { SecurityConfig.class, DatabaseConfig.class, InternationalizationConfig.class };
    }
    //{!end addToRootContext}

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return new Class<?>[] { WebAppConfig.class };
    }

    @Override
    protected String[] getServletMappings() {
        return new String[] { "/" };
    }
}

@EnableWebMvc
//@Import(value = {DatabaseConfig.class, InternationalizationConfig.class, SecurityConfig.class})
@ComponentScan(basePackages = {"com.ajurasz.controller", "com.ajurasz.service", "com.ajurasz.model"})
@Configuration
public class WebAppConfig extends WebMvcConfigurerAdapter {

    @Bean
    public UrlBasedViewResolver viewResolver() {
        UrlBasedViewResolver urlBasedViewResolver = new UrlBasedViewResolver();
        urlBasedViewResolver.setViewClass(TilesView.class);
        urlBasedViewResolver.setContentType("text/html;charset=UTF-8");
        return urlBasedViewResolver;
    }

    @Bean
    public TilesConfigurer tilesConfigurer() {
        TilesConfigurer tilesConfigurer = new TilesConfigurer();
        tilesConfigurer.setDefinitions(new String[] {"/WEB-INF/tiles.xml"});
        return tilesConfigurer;
    }

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/resources/**").addResourceLocations("/resources/**");
        registry.addResourceHandler("/documents/**").addResourceLocations("/WEB-INF/pdfs/documents/**");
    }

    @Override
    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
        PageableHandlerMethodArgumentResolver pageableHandlerMethodArgumentResolver =
                new PageableHandlerMethodArgumentResolver();
        pageableHandlerMethodArgumentResolver.setFallbackPageable(new PageRequest(0, 4, new Sort(Sort.Direction.DESC, "id")));

        argumentResolvers.add(pageableHandlerMethodArgumentResolver);
    }
}

依赖项:

spring-mvc 3.2.5.RELEASE

spring-mvc 3.2.5.RELEASE

spring-security-config,spring-security-web,spring-security-core 3.2.0.RELEASE

spring-security-config, spring-security-web, spring-security-core 3.2.0.RELEASE

我正在通过以下链接进行此工作: https://github.com/ajurasz/Manager

I'm working on this under following link: https://github.com/ajurasz/Manager

推荐答案

存在相同的问题.我的解决方案是使用原始servlet过滤器:

Have the same problem. My solution was to use a raw servlet filter:

public void onStartup(ServletContext servletContext) throws ServletException {
      FilterRegistration.Dynamic encodingFilter = servletContext.addFilter("encoding-filter", new CharacterEncodingFilter());
      encodingFilter.setInitParameter("encoding", "UTF-8");
      encodingFilter.setInitParameter("forceEncoding", "true");
      encodingFilter.addMappingForUrlPatterns(null, true, "/*");
}

请注意,此问题仅在Tomcat中发生,而在Jetty中不发生.

Note that this problem only occures with Tomcat but not with Jetty.

这篇关于CharacterEncodingFilter不能与Spring Security 3.2.0一起使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆