CharacterEncodingFilter 不能与 Spring Security 3.2.0 一起使用 [英] CharacterEncodingFilter don't work together with Spring Security 3.2.0
问题描述
我是 Spring MVC 框架的新手,遇到了一个我自己无法解决的问题.当我将 spring security 与我的应用程序集成时,一切都开始了,之后来自 HTML 表单的所有 unicode 值都没有编码(spring security 正常工作).我得出的结论是,这可能是因为我的 DelegatingFilterProxy
被称为链中的第一个过滤器.
I'm new to Spring MVC framework and I have got an issue that I can not resolve by myself. Everything started when I integrated spring security with my application, after that all unicode values from HTML form were not encoded (spring security works correctly). I came to conclusion that this is happening probably because my DelegatingFilterProxy
is called as the first filter in the chain.
这是我认为可行的配置,但它没有:
Here is my configuration that I thought will work, but it doesn't:
1) 我正在扩展 AbstractSecurityWebApplicationInitializer - 来自 javadoc:
1)I'm extending AbstractSecurityWebApplicationInitializer - from javadoc:
Registers the DelegatingFilterProxy to use the springSecurityFilterChain() before any
other registered Filter.
从那个类我还覆盖了关于 javadoc 的 beforeSpringSecurityFilterChain 方法:
From that class I also override beforeSpringSecurityFilterChain method which regarding to javadoc:
Invoked before the springSecurityFilterChain is added.
所以我认为这将是注册 CharacterEncodingFilter 的最佳位置:
So I thought this will be the best place to register CharacterEncodingFilter:
public class MessageSecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
@Override
protected void beforeSpringSecurityFilterChain(ServletContext servletContext) {
FilterRegistration.Dynamic characterEncodingFilter = servletContext.addFilter("encodingFilter", new CharacterEncodingFilter());
characterEncodingFilter.setInitParameter("encoding", "UTF-8");
characterEncodingFilter.setInitParameter("forceEncoding", "true");
characterEncodingFilter.addMappingForUrlPatterns(null, true, "/*");
}
}
但这不起作用.
我厌倦的另一个选择是通过重写 getServletFilters() 方法通过 AbstractAnnotationConfigDispatcherServletInitializer 类注册过滤器:
Another option I tired was to register filter through AbstractAnnotationConfigDispatcherServletInitializer class by overriding getServletFilters() method:
public class WebAppInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer {
//{!begin addToRootContext}
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class<?>[] { SecurityConfig.class, DatabaseConfig.class, InternationalizationConfig.class };
}
//{!end addToRootContext}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class<?>[] { WebAppConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
@Override
protected Filter[] getServletFilters() {
CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
characterEncodingFilter.setEncoding("UTF-8");
characterEncodingFilter.setForceEncoding(true);
return new Filter[] { characterEncodingFilter};
}
}
但这也不起作用.有没有人遇到过同样的问题或对如何解决这个问题有一些想法?
But this do not work neither. Does anyone come across the same issue or have got some ideas how to resolve this?
这是我通过 AbstractSecurityWebApplicationInitializer 注册编码过滤器的第一个选项的完整配置:
Here is my full configuration for the first option where I'm registering encoding filter through AbstractSecurityWebApplicationInitializer:
@Order(1)
public class MessageSecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
@Override
protected void beforeSpringSecurityFilterChain(ServletContext servletContext) {
FilterRegistration.Dynamic characterEncodingFilter = servletContext.addFilter("encodingFilter", new CharacterEncodingFilter());
characterEncodingFilter.setInitParameter("encoding", "UTF-8");
characterEncodingFilter.setInitParameter("forceEncoding", "true");
characterEncodingFilter.addMappingForUrlPatterns(null, true, "/*");
}
}
@Order(2)
public class WebAppInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer {
//{!begin addToRootContext}
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class<?>[] { SecurityConfig.class, DatabaseConfig.class, InternationalizationConfig.class };
}
//{!end addToRootContext}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class<?>[] { WebAppConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
@EnableWebMvc
//@Import(value = {DatabaseConfig.class, InternationalizationConfig.class, SecurityConfig.class})
@ComponentScan(basePackages = {"com.ajurasz.controller", "com.ajurasz.service", "com.ajurasz.model"})
@Configuration
public class WebAppConfig extends WebMvcConfigurerAdapter {
@Bean
public UrlBasedViewResolver viewResolver() {
UrlBasedViewResolver urlBasedViewResolver = new UrlBasedViewResolver();
urlBasedViewResolver.setViewClass(TilesView.class);
urlBasedViewResolver.setContentType("text/html;charset=UTF-8");
return urlBasedViewResolver;
}
@Bean
public TilesConfigurer tilesConfigurer() {
TilesConfigurer tilesConfigurer = new TilesConfigurer();
tilesConfigurer.setDefinitions(new String[] {"/WEB-INF/tiles.xml"});
return tilesConfigurer;
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**").addResourceLocations("/resources/**");
registry.addResourceHandler("/documents/**").addResourceLocations("/WEB-INF/pdfs/documents/**");
}
@Override
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
PageableHandlerMethodArgumentResolver pageableHandlerMethodArgumentResolver =
new PageableHandlerMethodArgumentResolver();
pageableHandlerMethodArgumentResolver.setFallbackPageable(new PageRequest(0, 4, new Sort(Sort.Direction.DESC, "id")));
argumentResolvers.add(pageableHandlerMethodArgumentResolver);
}
}
依赖关系:
spring-mvc 3.2.5.RELEASE
spring-mvc 3.2.5.RELEASE
spring-security-config、spring-security-web、spring-security-core 3.2.0.RELEASE
spring-security-config, spring-security-web, spring-security-core 3.2.0.RELEASE
我正在通过以下链接进行处理:https://github.com/ajurasz/Manager
I'm working on this under following link: https://github.com/ajurasz/Manager
推荐答案
有同样的问题.我的解决方案是使用原始 servlet 过滤器:
Have the same problem. My solution was to use a raw servlet filter:
public void onStartup(ServletContext servletContext) throws ServletException {
FilterRegistration.Dynamic encodingFilter = servletContext.addFilter("encoding-filter", new CharacterEncodingFilter());
encodingFilter.setInitParameter("encoding", "UTF-8");
encodingFilter.setInitParameter("forceEncoding", "true");
encodingFilter.addMappingForUrlPatterns(null, true, "/*");
}
请注意,此问题仅在 Tomcat 上出现,在 Jetty 上不会出现.
Note that this problem only occures with Tomcat but not with Jetty.
这篇关于CharacterEncodingFilter 不能与 Spring Security 3.2.0 一起使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!