0

我正在运行 Spring web 和 security 3.1。我需要从安全区域内的安全区域下载另一个本地页面。给定以下代码:

@Controller
@RequestMapping("/secure")
public class SecureArea {

    @RequestMapping("/downloadMe.xhtml")
    public String downloadMe(HttpServletRequest request, HttpServletResponse response) throws Exception {
        // do stuff
        return "myJsp";
    }

    @RequestMapping("/viewStuff")
    public void viewStuff(HttpServletRequest request, HttpServletResponse response) throws Exception {
        InputStream in = (new URL("http://"+request.getServerName()+":"+request.getServerPort()+"/secure/downloadMe.xhtml").openStream());
        // read the input stream and do stuff with it, obviously returns my 401 page
    }
}

由于 spring 安全性,viewStuff 方法无法看到 /downloadMe.xhtml 页面。有什么方法可以将我的请求中的安全凭证放入新请求中并下载 downloadMe.xhtml。

*必须以这种方式或具有相同结果的类似方式完成。我不能只调用 downloadMe(request, response)。我需要从 myJsp 返回的数据以及随之而来的所有逻辑。

4

1 回答 1

1

解决了我自己的问题!通过在我的请求中将 JSESSIONID 作为 cookie 传递,我能够使其工作。所以从我的问题中的代码来看,它看起来像这样:

@Controller
@RequestMapping("/secure")
public class SecureArea {

    @RequestMapping("/downloadMe.xhtml")
    public String downloadMe(HttpServletRequest request, HttpServletResponse response) throws Exception {
        // do stuff
        return "myJsp";
    }

    @RequestMapping("/viewStuff")
    public void viewStuff(HttpServletRequest request, HttpServletResponse response) throws Exception {
        URL url = new URL("http://"+request.getServerName()+":"+request.getServerPort()+"/secure/downloadMe.xhtml");
        URLConnection con = url.openConnection();
        con.setDoOutput(true);
        // attach the session ID in the request
        con.setRequestProperty("Cookie", "JSESSIONID="+request.getSession().getId());
        con.connect();

        InputStream in = con.getInputStream();  
        // read the input stream and do stuff with it, obviously returns my 401 page
    }
}
于 2013-08-17T22:54:17.043 回答