如何使用Spring Security很好地处理文件上传MaxUploadSizeExceededException
问题内容:
我使用的是Spring Web 4.0.5,Spring Security 3.2.4,Commons FileUpload 1.3.1,Tomcat
7,并且MaxUploadSizeExceededException当超出我的上传大小限制时,我会遇到麻烦,这会导致“ 500 Internal
Server Error”。我用一个不错的通用弹出窗口来处理它,但是我宁愿我的控制器通过返回带有适当解释信息的原始表格来处理它。
我已经多次问过类似的问题,有一些解决方案在不使用Spring Security时可能会起作用。我尝试过的那些都不适合我。
问题可能是使用Spring Security时,CommonsMultipartResolver不是作为“ multipartResolver”
bean添加而是作为“ filterMultipartResolver”添加的:
@Bean(name="filterMultipartResolver")
CommonsMultipartResolver filterMultipartResolver() {
CommonsMultipartResolver filterMultipartResolver = new CommonsMultipartResolver();
filterMultipartResolver.setMaxUploadSize(MAXSIZE);
return filterMultipartResolver;
}
如果我设置filterMultipartResolver.setResolveLazily(true);,则没有任何区别。
如果我CommonsMultipartResolver用自己的子类对进行子类化,并parseRequest()用捕获MaxUploadSizeExceededException并返回空值的方法覆盖该方法,则会MultipartParsingResult收到“
403 Forbidden”错误:
public class ExtendedCommonsMultipartResolver extends CommonsMultipartResolver {
protected MultipartParsingResult parseRequest(HttpServletRequest request) throws MultipartException {
String encoding = determineEncoding(request);
try {
return super.parseRequest(request);
} catch (MaxUploadSizeExceededException e) {
return parseFileItems(Collections.<FileItem> emptyList(), encoding);
}
}
}
最后,实现某种局部或全局ExceptionHandler是没有意义的,因为它从未被调用过。
如果找不到更好的解决方案,我将删除上传大小限制并自己在控制器中处理,其缺点是让用户等到上传完成后才能看到有关文件大小的错误消息。我什至可能会忽略所有这些,因为在这种情况下,作为图像,我可以将其调整为适当的值。
不过,我仍然希望看到针对该问题的解决方案。
谢谢
编辑:
我按要求添加堆栈跟踪。这是生成500的情况。
May 30, 2014 12:47:17 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [dispatcher] in context with path [/site] threw exception
org.springframework.web.multipart.MaxUploadSizeExceededException: Maximum upload size of 1000000 bytes exceeded; nested exception is org.apache.commons.fileupload.FileUploadBase$SizeLimitExceededException: the request was rejected because its size (3403852) exceeds the configured maximum (1000000)
at org.springframework.web.multipart.commons.CommonsMultipartResolver.parseRequest(CommonsMultipartResolver.java:162)
at org.springframework.web.multipart.commons.CommonsMultipartResolver.resolveMultipart(CommonsMultipartResolver.java:142)
at org.springframework.web.multipart.support.MultipartFilter.doFilterInternal(MultipartFilter.java:110)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:409)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1044)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
Caused by: org.apache.commons.fileupload.FileUploadBase$SizeLimitExceededException: the request was rejected because its size (3403852) exceeds the configured maximum (1000000)
at org.apache.commons.fileupload.FileUploadBase$FileItemIteratorImpl.<init>(FileUploadBase.java:965)
at org.apache.commons.fileupload.FileUploadBase.getItemIterator(FileUploadBase.java:310)
at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:334)
at org.apache.commons.fileupload.servlet.ServletFileUpload.parseRequest(ServletFileUpload.java:115)
at org.springframework.web.multipart.commons.CommonsMultipartResolver.parseRequest(CommonsMultipartResolver.java:158)
... 19 more
问题答案:
您可以通过添加一个附加的Filter来捕获异常并重定向到错误页面来处理MaxUploadSizeExceededException。例如,您可以创建一个MultipartExceptionHandler过滤器,如下所示:
public class MultipartExceptionHandler extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
try {
filterChain.doFilter(request, response);
} catch (MaxUploadSizeExceededException e) {
handle(request, response, e);
} catch (ServletException e) {
if(e.getRootCause() instanceof MaxUploadSizeExceededException) {
handle(request, response, (MaxUploadSizeExceededException) e.getRootCause());
} else {
throw e;
}
}
}
private void handle(HttpServletRequest request,
HttpServletResponse response, MaxUploadSizeExceededException e) throws ServletException, IOException {
String redirect = UrlUtils.buildFullRequestUrl(request) + "?error";
response.sendRedirect(redirect);
}
}
注意
:此重定向假设您的表单和上载。您可能需要修改重定向到的位置。具体来说,如果您遵循GET模式下的表单模式,并且在POST上对其进行处理,那么它将起作用。
然后,您可以确保在MultipartFilter之前添加此过滤器。例如,如果您使用的是web.xml,则会看到以下内容:
<filter>
<filter-name>meh</filter-name>
<filter-class>org.example.web.MultipartExceptionHandler</filter-class>
</filter>
<filter>
<description>
Allows the application to accept multipart file data.
</description>
<display-name>springMultipartFilter</display-name>
<filter-name>springMultipartFilter</filter-name>
<filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class>
<!--init-param>
<param-name>multipartResolverBeanName</param-name>
<param-value>multipartResolver</param-value>
</init-param-->
</filter>
<filter>
<description>
Secures access to web resources using the Spring Security framework.
</description>
<display-name>springSecurityFilterChain</display-name>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>meh</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springMultipartFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>ERROR</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
然后,在表单中,您可以通过检查HTTP参数错误是否存在来检测错误是否发生。例如,在JSP中,您可以执行以下操作:
<c:if test="${param.error != null}">
<p>Failed to upload...too big</p>
</c:if>
PS:我创建了SEC-2614以更新文档以讨论错误处理
