堆栈内存溢出
  简体   繁体   English

从控制器下载安全页面,Spring安全性

[英]Download secure page from controller, Spring security

 原文  2013-08-16 16:38:31       java/ spring/ spring-security

问题描述

I am running Spring web and security 3.1. 我正在运行Spring Web and Security 3.1。 I need to download another local page from a secure area within a secure area. 我需要从安全区域内的安全区域下载另一个本地页面。 Given the following code: 给出以下代码: 

@Controller
@RequestMapping("/secure")
public class SecureArea {

    @RequestMapping("/downloadMe.xhtml")
    public String downloadMe(HttpServletRequest request, HttpServletResponse response) throws Exception {
        // do stuff
        return "myJsp";
    }

    @RequestMapping("/viewStuff")
    public void viewStuff(HttpServletRequest request, HttpServletResponse response) throws Exception {
        InputStream in = (new URL("http://"+request.getServerName()+":"+request.getServerPort()+"/secure/downloadMe.xhtml").openStream());
        // read the input stream and do stuff with it, obviously returns my 401 page
    }
}

the viewStuff method cannot see the /downloadMe.xhtml page due to spring security. 由于春季的安全性,viewStuff方法无法看到/downloadMe.xhtml页面。 Is there any way I can place the security credentials from my request into a new request and download the downloadMe.xhtml. 有什么方法可以将请求中的安全凭据放入新请求中,然后下载downloadMe.xhtml。

* It must be done this way or a similar way that has the same result. * 必须以这种方式或具有相同结果的类似方式进行。 I cannot merely call downloadMe(request, response). 我不能只调用downloadMe(request,response)。 I need the data returned from myJsp and all the logic that comes with it. 我需要从myJsp返回的数据及其附带的所有逻辑。

1 个解决方案

解决方案1
 1 已采纳  2013-08-17 22:54:17

Solved my own question! 解决了我自己的问题! I was able to get this to work by passing the JSESSIONID as a cookie in my request. 我可以通过在请求中将JSESSIONID作为cookie传递来使其工作。 So going from my code in my question, it would look like this: 所以从我的问题中的代码来看,它看起来像这样: 

@Controller
@RequestMapping("/secure")
public class SecureArea {

    @RequestMapping("/downloadMe.xhtml")
    public String downloadMe(HttpServletRequest request, HttpServletResponse response) throws Exception {
        // do stuff
        return "myJsp";
    }

    @RequestMapping("/viewStuff")
    public void viewStuff(HttpServletRequest request, HttpServletResponse response) throws Exception {
        URL url = new URL("http://"+request.getServerName()+":"+request.getServerPort()+"/secure/downloadMe.xhtml");
        URLConnection con = url.openConnection();
        con.setDoOutput(true);
        // attach the session ID in the request
        con.setRequestProperty("Cookie", "JSESSIONID="+request.getSession().getId());
        con.connect();

        InputStream in = con.getInputStream();  
        // read the input stream and do stuff with it, obviously returns my 401 page
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法使用Spring Security保护AngularJS页面 - Can not secure AngularJS page using Spring Security 如何使用Spring安全性保护包含的页面 - How to secure an included page with Spring security 如何生成从HTML页面到Spring MVC控制器的下载请求 - How to generate a download request from html page to controller of spring mvc Spring Security从控制器登录 - Spring Security login from controller 通过Spring Security保护REST - Secure REST with Spring Security Spring Boot和Spring Security自定义登录页面和控制器 - spring boot and spring security custom login page and controller 通过控制器方法传递Spring安全认证 - Pass Spring security authentication from controller methods Spring Security安全自定义页面 - Spring Security secure custom pages 从Spring Controller下载基本编码文件 - Download base encoded file from spring controller Spring mvc / security:从spring security中删除登录页面 - Spring mvc / security : excluding the login page from spring security
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM