작업을 가져 오는 동안 Spring 게시물이 액세스 거부로 리디렉션됩니다.

나는 다소 중복 된 게시물에 대해 사과하고 어제 이것에 대해 질문했지만 문제를 잘 설명하지 못했고 이로 인해 피드백이 유용하지 않았습니다. 나는 그 이후로 문제에 대해 더 많이 배웠고 문제를 해결하는 데 도움이 될 더 명확하고 간결한 방식으로 해결할 수 있습니다.

페이지에 게시하려고 할 때마다 컨트롤러는 mvc-dispatch-servlet.xml에 지정된대로 URL을 액세스 거부 처리기에 매핑합니다. 페이지로 이동하려고하면 올바른 @requestmapping이 발생하고 모든 것이 정상입니다.

나는 추가를 시도했다

<intercept-url pattern="/pages/ReceiveFile" access="permitAll"/>

아무것도하지 않습니다.

최근에이 문제를 다음과 같이 좁혔습니다.

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

포스트 작업을 차단하는 것 같습니다. 이것을 / pages / *로 변경하면 web.xml에서 그런 방식으로 매핑되므로 / ReceiveFile 인 페이지에 게시 할 수 있습니다. 이것은 메인 컨트롤러를 모두 건너 뜁니다. 해당 설정으로 페이지 / ReceiveFile로 이동하려고하면 여전히 컨트롤러를 통과하고 403 페이지로 이동합니다. 모든 사후 작업에서 컨트롤러를 우회하는 것이 좋은 영구적 인 해결책이라고 생각하지 않습니다.

이러한 게시 작업을 수행하려면 어떻게해야합니까?

감사!

Main Controller.java 불필요한 길이를 줄이기 위해 일부 코드 잘라 내기

@Controller
public class MainController {
  String URLroot = "pages/";

  @PreAuthorize("hasRole('_discover')")
  @RequestMapping(value = {"/discover/**" }, method = RequestMethod.GET)
  public ModelAndView discover(HttpServletRequest request) {
    StringBuffer mapping = request.getRequestURL();
    String URLoffset = getURLoffset(mapping);

    ModelAndView model = new ModelAndView();
    model.addObject("title", "Spring Security Login Form - Database Authentication");
    model.addObject("message", "This is default page no longer!");
    model.setViewName(URLoffset);
    return model;

  }

  /**
   * Upload single file using Spring Controller
   */
  @RequestMapping(value = "/ReceiveFile", method = {RequestMethod.POST,RequestMethod.GET})
  public ModelAndView test(){

    //Do useful things which require post.....


    ModelAndView model = new ModelAndView();
    model.setViewName("springtest");
    return model;
  }


  @RequestMapping(value = "/admin**", method = RequestMethod.GET)
  public ModelAndView adminPage(HttpServletRequest request) {
    StringBuffer mapping = request.getRequestURL();
    String URLoffset = getURLoffset(mapping);

    ModelAndView model = new ModelAndView();
    model.addObject("title", "Spring Security Login Form - Database Authentication");
    model.addObject("message", "This page is for ROLE_ADMIN only!");
    model.setViewName(URLoffset);

    return model;

  }

  @RequestMapping(value = "/signout", method = { RequestMethod.POST, RequestMethod.GET })
  public ModelAndView login() {

    ModelAndView model = new ModelAndView();
    model.setViewName("signout");
    return model;

  }

  @RequestMapping(value = "/login", method = RequestMethod.GET)
  public ModelAndView login(@RequestParam(value = "error", required = false) String error,
                            @RequestParam(value = "logout", required = false) String logout) {

    ModelAndView model = new ModelAndView();
    if (error != null) {
      model.addObject("error", "Invalid username and password!");
    }

    if (logout != null) {
      model.addObject("msg", "You've been logged out successfully.");
    }
    model.setViewName("login");
    return model;

  }

  //for 403 access denied page
  @RequestMapping(value = "/403", method = { RequestMethod.POST, RequestMethod.GET })
  public ModelAndView accesssDenied() {

    ModelAndView model = new ModelAndView();

    //check if user is logged in
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    if (!(auth instanceof AnonymousAuthenticationToken)) {
//      UserDetails userDetail = (UserDetails) auth.getPrincipal();
      System.out.println(auth.getName());
      model.addObject("username", auth.getName());

    }

    model.setViewName("/403");
    return model;

  }

  /**
   * Upload single file using Spring Controller
   */
  @RequestMapping(value = "/uploadFile2", method = {RequestMethod.POST,RequestMethod.GET})
  public @ResponseBody
  String uploadFileHandler(@RequestParam("name") String name,
          @RequestParam("file") MultipartFile file) {

      if (!file.isEmpty()) {
          try {
              byte[] bytes = file.getBytes();

              // Creating the directory to store file
              String rootPath = System.getProperty("catalina.home");
              File dir = new File(rootPath + File.separator + "tmpFiles");
              if (!dir.exists())
                  dir.mkdirs();

              // Create the file on server
              File serverFile = new File(dir.getAbsolutePath()
                      + File.separator + name);
              BufferedOutputStream stream = new BufferedOutputStream(
                      new FileOutputStream(serverFile));
              stream.write(bytes);
              stream.close();

              instance.debug("FileUploadController" + " uploadFileHandler", "Server File Location=" + serverFile.getAbsolutePath());


              return "You successfully uploaded file=" + name;
          } catch (Exception e) {
              return "You failed to upload " + name + " => " + e.getMessage();
          }
      } else {
          return "You failed to upload " + name
                  + " because the file was empty.";
      }
  }


}

mvc-dispatch-servlet.xml

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context-3.0.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">

    <context:component-scan base-package="com.mkyong.*" />
    <!-- Currently not working. Made a work around by having resources at /resources and pages at /pages -->
  <mvc:resources location="/resources/" mapping="/resources/" />

    <!-- also add the following beans to get rid of some exceptions -->
    <bean
        class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter" />
    <bean
        class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
    </bean>

    <bean id="multipartResolver"
        class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
        <!-- setting maximum upload size -->
        <property name="maxUploadSize"> 
            <value>100000</value>
        </property>        
    </bean>

    <bean
        class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix">
            <value>/WEB-INF/pages/</value>
        </property>
        <property name="suffix">
            <value>.jsp</value>
        </property>
    </bean>

</beans>

spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
  xmlns:context="http://www.springframework.org/schema/context"  
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd
    http://www.springframework.org/schema/context 
  http://www.springframework.org/schema/context/spring-context-3.0.xsd">

    <context:component-scan base-package="com.mkyong.*" />
    <!-- enable use-expressions -->
    <http auto-config="true" use-expressions="true">
        <!-- login page must be available to all. The order matters, if this is after something which secures the page this will fail. -->
<!--        <intercept-url pattern="/SignupUserServlet" access="permitAll"/> -->
        <intercept-url pattern="/pages/ReceiveFile" access="permitAll"/> 
        <intercept-url pattern="/pages/fileUpdate2" access="permitAll"/>
        <intercept-url pattern="/pages/login" access="permitAll" />
        <intercept-url pattern="/pages/admin/**" access="hasRole('_admin')" />
        <intercept-url pattern="/pages/trade/**" access="hasRole('_trader')" />
        <intercept-url pattern="/pages/discover/**" access="hasRole('_users')" />       
        <!-- access denied page -->
        <access-denied-handler error-page="/pages/403" />
        <form-login 
            login-page="/pages/login" 
            default-target-url="/pages/common/redirectportal" 
            authentication-failure-url="/pages/login?error" 
            username-parameter="username"
            password-parameter="password" />
        <logout logout-url="/pages/logout" logout-success-url="/pages/login?logout" />
        <!-- enable csrf protection -->
        <csrf/>
    </http>

    <!-- Select users and user_roles from database -->
    <authentication-manager>
        <authentication-provider ref="customAuthenticationProvider"/>
        <!--<jdbc-user-service data-source-ref="dataSource"
                users-by-username-query=
                    "select email,pwhash, enabled from users where email=?"
                authorities-by-username-query=
                    "select email, groupname from usergroups where email =?  " /> 
        </authentication-provider> -->
    </authentication-manager>

</beans:beans>

web.xml

<web-app id="WebApp_ID" version="2.4"
    xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">


        <!-- Spring MVC -->
    <servlet>
        <servlet-name>mvc-dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

      <servlet>
    <servlet-name>InitServlet</servlet-name>
    <servlet-class>servlet.InitServlet</servlet-class>
    <init-param>
      <param-name>configfile</param-name>
    </init-param>
    <load-on-startup>2</load-on-startup>
  </servlet>

  <servlet>
    <servlet-name>AdminServlet</servlet-name>
    <servlet-class>servlet.admin.AdminServlet</servlet-class>
    <load-on-startup>3</load-on-startup>
  </servlet>

  <servlet>
    <servlet-name>UserServlet</servlet-name>
    <servlet-class>servlet.user.UserServlet</servlet-class>
    <load-on-startup>4</load-on-startup>
  </servlet>

  <servlet>
    <servlet-name>SignupUserServlet</servlet-name>
    <servlet-class>servlet.user.SignupUserServlet</servlet-class>
    <load-on-startup>5</load-on-startup>
  </servlet>

  <servlet>
   <servlet-name>ReceiveFile</servlet-name>
    <servlet-class>servlet.user.ReceiveFile</servlet-class>
    <load-on-startup>6</load-on-startup>
  </servlet>

  <servlet-mapping>
        <servlet-name>mvc-dispatcher</servlet-name>
        <url-pattern>/pages/*</url-pattern>
    </servlet-mapping>

  <servlet-mapping>
   <servlet-name>AdminServlet</servlet-name>
   <url-pattern>/AdminServlet</url-pattern>
  </servlet-mapping>

  <servlet-mapping>
   <servlet-name>UserServlet</servlet-name>
   <url-pattern>/UserServlet</url-pattern>
  </servlet-mapping>

  <servlet-mapping>
   <servlet-name>SignupUserServlet</servlet-name>
   <url-pattern>/SignupUserServlet</url-pattern>
  </servlet-mapping>

  <servlet-mapping>
   <servlet-name>ReceiveFile</servlet-name>
   <url-pattern>/ReceiveFile</url-pattern>
  </servlet-mapping>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/spring-security.xml,
            /WEB-INF/spring-database.xml
        </param-value>
    </context-param>

    <!-- Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

</web-app>