JavaSpringMVC::为什么我的web应用程序不安全
我正在开发一个开源项目,我的应用程序有问题
当多个用户使用该应用程序时,一个用户可以获得另一个用户的数据(服务器响应)。 我的bean是请求和会话作用域,我的控制器请求作用域
启动tomcat时,bean被创建3次
我读了很多文档,试着玩示波器,什么都没有。 我一定错过了什么。谢谢你的帮助
我的控制器:
@Controller
@Scope("request")
public class SpinalToolboxWebController {
@Autowired
private FileOperationsService fileOperationsService;
@Autowired
private ServerResponse serverResponse;
@Autowired
private SoftwareCommunicationService softwareCommunicationService;
@Autowired
private StringBuffer stringBuffer;
@Autowired
private UserEnvironmentService userEnvironmentService;
@RequestMapping(value = "/")
public ModelAndView home(){
System.out.println("Passing throught home controller");
return new ModelAndView(SpinalToolBoxWebConstants.VIEW_HOME, "result", "command submitted : ");
}
@RequestMapping(value="/upload", method = RequestMethod.POST, produces="application/json")
public @ResponseBody
ServerResponse handleUploadedFiles(@RequestParam(value = "file") MultipartFile file,
@RequestParam(value="token") String token)throws IOException {
System.out.println("Passing throught upload controller");
if(!fileOperationsService.isUploadedFileExtensionAllowed(file.getOriginalFilename()))
{
serverResponse.setUndefinedResponse();
return serverResponse;
}
if(fileOperationsService.uploadFile(file, token)){
serverResponse.setResponse(file, softwareCommunicationService.generateRawAndHeader(file));
}
else{
serverResponse.setUndefinedResponse();
}
return serverResponse;
}
}
这是我的java配置文件:
@Configuration
public class SpinalToolBoxWebConfig {
@Value("${uploadPath}") private String uploadPathFromPropertyFile;
//Resolve view name to jsp
@Bean
ViewResolver viewResolver(){
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("WEB-INF/view/");
resolver.setSuffix(".jsp");
/*resolver.setExposeContextBeansAsAttributes(true);
resolver.setExposedContextBeanNames("configProperties");*/
return resolver;
}
@Bean
@Scope("request")
@ScopedProxy
public FileOperationsController fileOperationsController(){
return new FileOperationsController();
}
@Bean
@Scope("request")
@ScopedProxy
public LogController logController() {return new LogController();}
@Bean
@Scope("request")
@ScopedProxy
public ServerResponse serverResponse(){return new ServerResponse();}
@Bean
@Scope("request")
@ScopedProxy
public SoftwareCommunicationController softwareCommunicationController() {return new SoftwareCommunicationController();}
@Bean
@Scope("prototype")
public CommonsMultipartResolver multipartResolver() throws java.io.IOException{
Resource fileSystemResource = new FileSystemResource(uploadPathFromPropertyFile);
System.out.println(uploadPathFromPropertyFile);
CommonsMultipartResolver commonsMultipartResolver = new CommonsMultipartResolver();
commonsMultipartResolver.setUploadTempDir(fileSystemResource);
commonsMultipartResolver.setMaxUploadSize(-1); //no limit to file upload size
return commonsMultipartResolver;
}
@Bean
@Scope("request")
@ScopedProxy
public StringBuffer stringBuffer(){ return new StringBuffer();}
@Bean
@Scope("session")
@ScopedProxy
public UserEnvironment userEnvironment(){
return new UserEnvironment();
}
@Bean
@Scope("request")
@ScopedProxy
public UserEnvironmentController userEnvironmentController(){return new UserEnvironmentController(); }
}
这是我的servlet上下文。xml文件:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<util:properties id="configProperties" location="WEB-INF/config.properties" />
<context:property-placeholder properties-ref="configProperties" />
<context:component-scan base-package="spinalToolBoxWeb"/>
<mvc:annotation-driven/>
<mvc:resources mapping="/resources/**" location="${resources}" />
<mvc:resources mapping="/external/**" location="file:///${uploadPath}" />
</beans>
这是我的web xml文件:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>spinalToolBoxServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/spinalToolBoxServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spinalToolBoxServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener
</listener-class>
</listener> </web-app>
共 (0) 个答案