@Override // Questo serve (anche) per consentire il file upload verso url protette: // The first option is to ensure that the MultipartFilter is specified before the Spring Security filter. // Specifying the MultipartFilter before the Spring Security filter means that there is no authorization // for invoking the MultipartFilter which means anyone can place temporary files on your server. // However, only authorized users will be able to submit a File that is processed by your application. // In general, this is the recommended approach because the temporary file upload should have a // negligble impact on most servers. protected void beforeSpringSecurityFilterChain(ServletContext servletContext) { // Per aggiungere altri filtri basta metterli in fila, in ordine di esecuzione // insertFilters(servletContext, new YadaMultipartExceptionHandler(), new MultipartFilter()); CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter(); characterEncodingFilter.setEncoding("UTF-8"); characterEncodingFilter.setForceEncoding(true); // L'AuditFilter lo metto prima di tutto almeno viene eseguito prima dell'autorizzazione e riesco a capire il motivo di eventuali 403 // For some reason the characterEncodingFilter can not be after the MultipartFilter otherwise encoding in forms doesn't work (for non-multipart forms). insertFilters(servletContext, new CheckSessionFilter(), characterEncodingFilter, new AuditFilter(), new MultipartFilter(), new DelegatingFilterProxy("yadaLocalePathVariableFilter")); }
private void addDispatcherContext(ServletContext container) { // Create the dispatcher servlet's Spring application context AnnotationConfigWebApplicationContext dispatcherContext = new AnnotationConfigWebApplicationContext(); dispatcherContext.register(SpringDispatcherConfig.class); // Declare <servlet> and <servlet-mapping> for the DispatcherServlet ServletRegistration.Dynamic dispatcher = container.addServlet("ch03-servlet", new DispatcherServlet(dispatcherContext)); dispatcher.addMapping("*.html"); dispatcher.setLoadOnStartup(1); FilterRegistration.Dynamic corsFilter = container.addFilter("corsFilter", new CorsFilter()); corsFilter.setInitParameter("cors.allowed.methods", "GET, POST, HEAD, OPTIONS, PUT, DELETE"); corsFilter.addMappingForUrlPatterns(null, true, "/*"); FilterRegistration.Dynamic filter = container.addFilter("hiddenmethodfilter", new HiddenHttpMethodFilter()); filter.addMappingForServletNames(null, true, "/*"); FilterRegistration.Dynamic multipartFilter = container.addFilter("multipartFilter", new MultipartFilter()); multipartFilter.addMappingForUrlPatterns(null, true, "/*"); }
@Test public void withServletContextAndFilter() throws Exception { StaticWebApplicationContext wac = new StaticWebApplicationContext(); wac.setServletContext(new MockServletContext()); wac.registerSingleton("filterMultipartResolver", MockCommonsMultipartResolver.class, new MutablePropertyValues()); wac.getServletContext().setAttribute(WebUtils.TEMP_DIR_CONTEXT_ATTRIBUTE, new File("mytemp")); wac.refresh(); wac.getServletContext().setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, wac); CommonsMultipartResolver resolver = new CommonsMultipartResolver(wac.getServletContext()); assertTrue(resolver.getFileItemFactory().getRepository().getAbsolutePath().endsWith("mytemp")); MockFilterConfig filterConfig = new MockFilterConfig(wac.getServletContext(), "filter"); filterConfig.addInitParameter("class", "notWritable"); filterConfig.addInitParameter("unknownParam", "someValue"); final MultipartFilter filter = new MultipartFilter(); filter.init(filterConfig); final List<MultipartFile> files = new ArrayList<MultipartFile>(); final FilterChain filterChain = new FilterChain() { @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) { MultipartHttpServletRequest request = (MultipartHttpServletRequest) servletRequest; files.addAll(request.getFileMap().values()); } }; FilterChain filterChain2 = new PassThroughFilterChain(filter, filterChain); MockHttpServletRequest originalRequest = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); originalRequest.setMethod("POST"); originalRequest.setContentType("multipart/form-data"); originalRequest.addHeader("Content-type", "multipart/form-data"); filter.doFilter(originalRequest, response, filterChain2); CommonsMultipartFile file1 = (CommonsMultipartFile) files.get(0); CommonsMultipartFile file2 = (CommonsMultipartFile) files.get(1); assertTrue(((MockFileItem) file1.getFileItem()).deleted); assertTrue(((MockFileItem) file2.getFileItem()).deleted); }
@Override protected void beforeSpringSecurityFilterChain(ServletContext servletContext) { FilterRegistration.Dynamic characterEncodingFilter = servletContext.addFilter("encodingFilter", new CharacterEncodingFilter()); characterEncodingFilter.setInitParameter("encoding", StandardCharsets.UTF_8.name()); characterEncodingFilter.setInitParameter("forceEncoding", "true"); characterEncodingFilter.addMappingForUrlPatterns(null, false, "/*"); insertFilters(servletContext, new MultipartFilter()); }
protected void registeredMultipartFilter(ServletContext servletContext, Class<? extends Filter> multipartFilterClass){ Optional.ofNullable(multipartFilterClass).ifPresent(cls->{ Dynamic fr = servletContext.addFilter(MultipartFilter.DEFAULT_MULTIPART_RESOLVER_BEAN_NAME, multipartFilterClass); Optional.ofNullable(fr).ifPresent(frconfig->{ frconfig.setAsyncSupported(true); frconfig.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), isMatchAfter, "/*"); logger.info("FilterInitializer: {} has bean registered!", multipartFilterClass.getSimpleName()); }); }); }
@Bean(name=MultipartFilter.DEFAULT_MULTIPART_RESOLVER_BEAN_NAME) @ConditionalOnMissingBean(name={MultipartFilter.DEFAULT_MULTIPART_RESOLVER_BEAN_NAME}) public MultipartResolver filterMultipartResolver(){ BootStandardServletMultipartResolver resolver = new BootStandardServletMultipartResolver(); resolver.setMaxUploadSize(FileUtils.parseSize(multipartProperties.getMaxRequestSize())); return resolver; }
@Bean(name=MultipartFilter.DEFAULT_MULTIPART_RESOLVER_BEAN_NAME) // @ConditionalOnMissingBean(MultipartResolver.class) public MultipartResolver filterMultipartResolver(){ BootStandardServletMultipartResolver resolver = new BootStandardServletMultipartResolver(); resolver.setMaxUploadSize(FileUtils.parseSize(multipartProperties.getMaxRequestSize())); return resolver; }
@Bean public FilterRegistrationBean multipartFilterRegistrationBean() { log.debug("New instance of " + FilterRegistrationBean.class); final MultipartFilter multipartFilter = new MultipartFilter(); final FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(multipartFilter); filterRegistrationBean.addInitParameter("multipartResolverBeanName", "multipartResolver"); return filterRegistrationBean; }
@Bean(name=MultipartFilter.DEFAULT_MULTIPART_RESOLVER_BEAN_NAME) public MultipartResolver filterMultipartResolver(){ BootStandardServletMultipartResolver resolver = new BootStandardServletMultipartResolver(); resolver.setMaxUploadSize(FileUtils.parseSize(multipartProperties.getMaxRequestSize())); return resolver; }
@Override protected void beforeSpringSecurityFilterChain( ServletContext servletContext ) { super.beforeSpringSecurityFilterChain( servletContext ); insertFilters( servletContext, new MultipartFilter() ); }
/** * Security Web Application Initializer * * Filtering for multi part file upload. * Adding listener to collect session events. * * @author Ant Kaynak - Github/Exercon * */ @Override protected void beforeSpringSecurityFilterChain(ServletContext servletContext) { insertFilters(servletContext, new MultipartFilter()); servletContext.addListener(HttpSessionEventPublisher.class); }
