0

我正在使用 Dojo 上传器。当涉及到 HTML5 插件时,它工作得很好。但如果我强制使用 Flash 插件,它会失败并显示下一条消息:

“服务器没有响应”

在服务器端 Spring security 抛出这个:

    Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
22:33:06,375 DEBUG ty.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at com.springsource.insight.collection.tcserver.request.HttpRequestOperationCollectionValve.traceNextValve(HttpRequestOperationCollectionValve.java:116)
    at com.springsource.insight.collection.tcserver.request.HttpRequestOperationCollectionValve.invoke(HttpRequestOperationCollectionValve.java:98)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)

flash 插件是否缺少会话 ID?

这是我的js代码:

forma = new Form({
            method: 'post',
            enctype: 'multipart/form-data',
            'class': 'Uploader',
            action: dojo.config.app.urlBase + 'upload/cargaArchivos'
        }, 'cargaForm');

        btnCargar = new Button({
            type: 'submit',
            label: 'Cargar'
        }, 'submitCarga');  

        btnReset = new Button({
            type: 'reset',
            label: 'Limpiar',
            onClick: function(){
                // limpiamos el array de archivos agregados
                uploader.reset();
                console.log(uploader.getFileList());
            }
        }, 'resetForm');

        uploader = new dojox.form.Uploader({
            id: 'uploader',
            name: 'uploadedfile',
            showInput: 'before',
            isDebug: true,
            url: dojo.config.app.urlBase + 'upload/cargaArchivos',
            multiple: true,
            force: 'flash',
            onComplete: function(respuesta){
                // Aqui se puede hacer algo con el objeto de respuesta que se devuelve.
                console.log(respuesta);
            },
            onChange: function(archivos){
                // Aquí se podrían listar los archivos en alguna tabla. 
                console.log(archivos);
            }
        }, 'uploader');
        uploader.startup();     
    }

注意:我正在创建像 'new dojox.form.Uploader' 这样的上传器,因为我正在避免一个已知错误,请参阅:Programmatic Dojox Uploader - ajax upload not working

更新,我没有使用 FileUploader 因为它说它已被弃用,但 Uploader.upload() 方法也接收一个 formData 对象。

首先我正在尝试读取cookie。检查另一个请求的标头:

Accept  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language es-mx,en-us;q=0.7,en;q=0.3
Connection  keep-alive
Content-Type    application/x-www-form-urlencoded
**Cookie    undefined=root; undefined=6%2C6%2F4; JSESSIONID=9F0E7745730639A3D0989C5D379A74FB**
Host    localhost:8080
Referer http://localhost:8080/sep-sajja-web/
User-Agent  Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:14.0) Gecko/20100101 Firefox/14.0.1
X-Requested-With    XMLHttpRequest

所以cookie名称是JSESSIONID。但是当我尝试

dojo.cookie('JSESSIONID');

它返回未定义...我会继续尝试。

纯javascript:

document.cookie.split(";")

只给我一个 cookie:["undefined=6%2C6%2F4"]

也许权限很重要?

更新...是的,它看起来像那样->我如何用 javascript 读取 JSESSIONID?

4

1 回答 1

2

这是如何通过 Flash 插件将数据发送到服务器的示例

http://livedocs.dojotoolkit.org/dojox/form/FileUploader#server-side

我无法找到有关是否通过帖子发送 cookie(从调用窗口继承)的信息 - 但应该有一个可能的解决方案来通过 GET 查询参数或自定义POST 数据发送 sessionid 。

new dojox.form.Uploader( {
    // ... your configurations
    postData: {
      sessionid: dojo.cookie('JSPCOOKIENAME_UNKNOWN_TO_ME')
});

您可能已经注意到,springframework 对我来说并不熟悉,但通过简要搜索如何基于令牌创建身份验证,我认为您正在寻找与以下内容的相似之处。至少会有一些类流行词可供搜索

    Authentication authentication = this.authenticationProvider.authenticate(token);
    SecurityContextHolder.getContext().setAuthentication(authentication);

如果您启用了登录,我相信令牌可以通过

UsernamePasswordAuthenticationToken token = 
  new UsernamePasswordAuthenticationToken(username, password);
User details = new User(username);
token.setDetails(details);

您将需要知道您的 servlet 正在使用哪个身份验证提供程序,并且可以在 webapp web.xml 下的 webapp web.xml 中找到信息<filters>

于 2012-07-26T15:04:10.130 回答