Geek asks and answers

An exception is when a multi-page POST form interrupted by a session timeout results in

We have Spring Security with CAS (I don't think the CAS problem).

The problem is not the session timeout , but rather how this timeout is handled.

  • request form: GET / someform
  • fill out a multi-page form
  • restart the server or remove JSESSIONID

  • submit the form: POST / someform (with multiple data)

  • user is redirected to the login screen

  • after user login, the user is redirected to the form: GET / someform
  • spring is trying to republish the saved form (I think it uses DefaultSavedRequest)
  • it tries to call the controller function associated with: POST / someform, but the request is not multipart
  • we get an exception:

Failed to call handler method [public org.springframework.web.servlet.ModelAndView com.xxx.xxx.XXXController.xxxPost (org.springframework.web.multipart.MultipartHttpServletRequest)]; java.lang.IllegalStateException nested exception: Current request is not of type org.springframework.web.multipart.MultipartHttpServletRequest: com.second market.web.UrlLowerCaseFilter $ LowerCaseUrlServletRequestWrapper @ 77fb58b6

This is the code that stores the request in the session after an AccessDeniedException, it is in the HttpSessionRequestCache (called by ExceptionTranslationFilter):

public void saveRequest(HttpServletRequest request, HttpServletResponse response) {
    if (!justUseSavedRequestOnGet || "GET".equals(request.getMethod())) {
        DefaultSavedRequest savedRequest = new DefaultSavedRequest(request, portResolver);

        if (createSessionAllowed || request.getSession(false) != null) {
            // Store the HTTP request itself. Used by AbstractAuthenticationProcessingFilter
            // for redirection after successful authentication (SEC-29)
            request.getSession().setAttribute(WebAttributes.SAVED_REQUEST, savedRequest);
            logger.debug("DefaultSavedRequest added to Session: " + savedRequest);
        }
    }

}

How can I rewrite HttpSessionRequestCache or ExceptionTranslationFilter so as NOT to save the request if it is a multiple request?

+3
source share
1

, .

MultipartHttpServletRequest . spring , HttpServletRequest .

@RequestMapping(value = "/xxx", method = RequestMethod.POST)
public ModelAndView doAmlCheckPost(MultipartHttpServletRequest req) {
    UserInfo currentUserInfo = UserInfo.getCurrentUserInfo(req);

    MultipartFile someFile = req.getFile("someFile");

, RequestMapping URL. MultipartHttpServletRequest - GET,

@RequestMapping(value = "/xxx", method = RequestMethod.POST)
public ModelAndView doAmlCheckMultipartPost(HttpServletRequest req, @RequestParam(value = "someFile", required = false) MultipartFile someFile) {

    if(!(req instanceof MultipartHttpServletRequest)){
        return "redirect:/xxx";
    }

, :

  • : GET/someform
  • JSESSIONID
  • : POST/someform ( ) , , .
  • : GET/someform
  • spring ( , DefaultSavedRequest) spring HttpServletRequest, MultipartHttpServletRequest. , MultipartHttpServletRequest GET,
+1

More articles:


All Articles