티스토리 뷰
[Spring] Security CSRF multipart/form-data
스프링 시큐리티에서 CSRF 필터 사용시 form 데이터를 multipart/form-data로 보내면 request의 형식이 바뀌어 인식을 못한다.
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml, /WEB-INF/spring/security-context.xml</param-value>
</context-param>
<filter>
<display-name>springMultipartFilter</display-name>
<filter-name>springMultipartFilter</filter-name>
<filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>springMultipartFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
root-context.xml
반드시 filterMultipartResolver 로 등록해야 한다. (물론 apache commons fileupload dependency 필요)
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.2.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.2.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.2.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd">
<bean id="csrfSecurityRequestMatcher" class="kr.re.kinac.pfp.component.CsrfSecurityRequestMatcher" />
<bean id="filterMultipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="100000000" />
<property name="defaultEncoding" value="UTF-8" />
</bean>
</beans>'Programming Framework > Spring' 카테고리의 다른 글
| [Spring] 스프링 시큐리티 로그아웃 설정(Security Logout) (0) | 2019.01.23 |
|---|---|
| [eGovFrame : Eclipse] 전자정부 프레임워크 개발환경 설치 (8) | 2019.01.13 |
| 스프링(Spring)에서 Ajax 요청 / 응답 (0) | 2019.01.07 |
| [Spring]스프링 인터셉터 설정 (0) | 2018.12.28 |
| 스프링(spring/egov) 타일즈(tiles) 설정 (0) | 2018.12.05 |
공지사항
최근에 올라온 글
최근에 달린 댓글
- Total
- Today
- Yesterday
TAG
- egov
- express
- MySQL
- Linux
- 이클립스
- DART
- asp.net core
- CentOS
- 스프링
- jQuery
- JSP
- MariaDB
- high1
- .NET Core
- php
- c#
- Fedora
- ubuntu
- eGovFrame
- egoverment
- Eclipse
- dotnet core
- Java
- 하이원
- 자바
- Windows
- Spring
- Flutter
- Entity Framework Core
- 전자정부
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
글 보관함