我是Spring MVC框架的新手,但遇到一个我自己无法解决的问题。当我将Spring Security与我的应用程序集成后,一切都开始了,之后HTML表单中的所有unicode值都未编码(Spring Security正常工作)。我得出的结论是,发生这种情况的原因可能是因为我·被称为链中的第一个过滤器。
这是我认为可以使用的配置,但无效:
1)我正在从Javadoc扩展AbstractSecurityWebApplicationInitializer-
Registers the DelegatingFilterProxy to use the springSecurityFilterChain() before any other registered Filter.
从该类中,我还重写了有关javadoc的beforeSpringSecurityFilterChain方法:
Invoked before the springSecurityFilterChain is added.
所以我认为这将是注册CharacterEncodingFilter的最佳位置:
public class MessageSecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { @Override protected void beforeSpringSecurityFilterChain(ServletContext servletContext) { FilterRegistration.Dynamic characterEncodingFilter = servletContext.addFilter("encodingFilter", new CharacterEncodingFilter()); characterEncodingFilter.setInitParameter("encoding", "UTF-8"); characterEncodingFilter.setInitParameter("forceEncoding", "true"); characterEncodingFilter.addMappingForUrlPatterns(null, true, "/*"); } }
但这不起作用。
我厌倦的另一个选择是通过重写getServletFilters()方法来通过AbstractAnnotationConfigDispatcherServletInitializer类注册过滤器:
public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { //{!begin addToRootContext} @Override protected Class<?>[] getRootConfigClasses() { return new Class<?>[] { SecurityConfig.class, DatabaseConfig.class, InternationalizationConfig.class }; } //{!end addToRootContext} @Override protected Class<?>[] getServletConfigClasses() { return new Class<?>[] { WebAppConfig.class }; } @Override protected String[] getServletMappings() { return new String[] { "/" }; } @Override protected Filter[] getServletFilters() { CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter(); characterEncodingFilter.setEncoding("UTF-8"); characterEncodingFilter.setForceEncoding(true); return new Filter[] { characterEncodingFilter}; } }
但是,这也不起作用。是否有人遇到相同的问题或有一些解决办法?
这是我通过AbstractSecurityWebApplicationInitializer注册编码过滤器的第一个选项的完整配置:
@Order(1) public class MessageSecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { @Override protected void beforeSpringSecurityFilterChain(ServletContext servletContext) { FilterRegistration.Dynamic characterEncodingFilter = servletContext.addFilter("encodingFilter", new CharacterEncodingFilter()); characterEncodingFilter.setInitParameter("encoding", "UTF-8"); characterEncodingFilter.setInitParameter("forceEncoding", "true"); characterEncodingFilter.addMappingForUrlPatterns(null, true, "/*"); } } @Order(2) public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { //{!begin addToRootContext} @Override protected Class<?>[] getRootConfigClasses() { return new Class<?>[] { SecurityConfig.class, DatabaseConfig.class, InternationalizationConfig.class }; } //{!end addToRootContext} @Override protected Class<?>[] getServletConfigClasses() { return new Class<?>[] { WebAppConfig.class }; } @Override protected String[] getServletMappings() { return new String[] { "/" }; } } @EnableWebMvc //@Import(value = {DatabaseConfig.class, InternationalizationConfig.class, SecurityConfig.class}) @ComponentScan(basePackages = {"com.ajurasz.controller", "com.ajurasz.service", "com.ajurasz.model"}) @Configuration public class WebAppConfig extends WebMvcConfigurerAdapter { @Bean public UrlBasedViewResolver viewResolver() { UrlBasedViewResolver urlBasedViewResolver = new UrlBasedViewResolver(); urlBasedViewResolver.setViewClass(TilesView.class); urlBasedViewResolver.setContentType("text/html;charset=UTF-8"); return urlBasedViewResolver; } @Bean public TilesConfigurer tilesConfigurer() { TilesConfigurer tilesConfigurer = new TilesConfigurer(); tilesConfigurer.setDefinitions(new String[] {"/WEB-INF/tiles.xml"}); return tilesConfigurer; } @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { registry.addResourceHandler("/resources/**").addResourceLocations("/resources/**"); registry.addResourceHandler("/documents/**").addResourceLocations("/WEB-INF/pdfs/documents/**"); } @Override public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) { PageableHandlerMethodArgumentResolver pageableHandlerMethodArgumentResolver = new PageableHandlerMethodArgumentResolver(); pageableHandlerMethodArgumentResolver.setFallbackPageable(new PageRequest(0, 4, new Sort(Sort.Direction.DESC, "id"))); argumentResolvers.add(pageableHandlerMethodArgumentResolver); } }
依存关系:
spring-mvc 3.2.5。发布
spring-security-config,spring-security-web,spring-security-core 3.2.0。发布
我们需要在首次读取请求属性的过滤器之前添加CharacterEncodingFilter。有securityFilterChain(在metrica过滤器之后排名第二),我们可以在其中添加过滤器。读取属性的第一个过滤器(在安全链内部)是CsrfFilter,因此我们将CharacterEncodingFilter放在它之前。
简短的解决方案是:
@Configuration @EnableWebMvcSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { CharacterEncodingFilter filter = new CharacterEncodingFilter(); filter.setEncoding("UTF-8"); filter.setForceEncoding(true); http.addFilterBefore(filter,CsrfFilter.class); //rest of your code } //rest of your code }
