1. 程式人生 > >struts2檔案上傳修改為cos框架處理一系列事情

struts2檔案上傳修改為cos框架處理一系列事情

前段時間Struts2出來一個編號CVE-2017-5638的漏洞,影響系統及版本:Struts 2.3.5 - Struts 2.3.31、Struts 2.5 - Struts 2.5.10!

專案經理簡單修復了一下,他直接在配置檔案中新增了這麼個屬性!

屬性如下:

<constant name="struts.multipart.parser" value="cos"></constant>

也沒測試,過了幾天客戶反應檔案個圖片不能上傳了!叫我去看看,我一看發現後臺報錯了!

報錯如下:

java.lang.RuntimeException: Unable to load bean org.apache.struts2.dispatcher.multipart.MultiPartRequest (cos) - [unknown location]
 at com.opensymphony.xwork2.inject.ContainerBuilder$4.create(ContainerBuilder.java:132)
 at com.opensymphony.xwork2.inject.ContainerImpl.getInstance(ContainerImpl.java:514)
 at com.opensymphony.xwork2.inject.ContainerImpl.getInstance(ContainerImpl.java:524)
 at com.opensymphony.xwork2.inject.ContainerImpl$9.call(ContainerImpl.java:555)
 at com.opensymphony.xwork2.inject.ContainerImpl.callInContext(ContainerImpl.java:584)
 Truncated. see log file for complete stacktrace
Caused By: Unable to load bean org.apache.struts2.dispatcher.multipart.MultiPartRequest (cos) - [unknown location]
 at org.apache.struts2.config.BeanSelectionProvider$ObjectFactoryDelegateFactory.create(BeanSelectionProvider.java:468)
 at com.opensymphony.xwork2.inject.ContainerBuilder$4.create(ContainerBuilder.java:130)
 at com.opensymphony.xwork2.inject.ContainerImpl.getInstance(ContainerImpl.java:514)
 at com.opensymphony.xwork2.inject.ContainerImpl.getInstance(ContainerImpl.java:524)
 at com.opensymphony.xwork2.inject.ContainerImpl$9.call(ContainerImpl.java:555)
 Truncated. see log file for complete stacktrace

後面各種百度,發現了這麼一個部落格!


部落格連結:http://www.cnblogs.com/pigtail/archive/2013/02/12/2910348.html

其實當時紅色部分提示的很清楚了,要加入相應的jra包!

後面又參考了部落格:http://www.iteye.com/topic/316626

按照他寫了一個實現類,加上配置檔案

<!-- 配置cos檔案上傳的解析器 -->
	<bean type="org.apache.struts2.dispatcher.multipart.MultiPartRequest" name="cos" class="com.nuchina.common.util.CosMultiPartRequest" />


準確的做法應該如下:

1.加入cos.jar

2.建立一個實現org.apache.struts2.dispatcher.multipart.MultiPartRequest介面的類

package com.nuchina.common.util;

import java.io.File;
import java.io.IOException;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;

import javax.servlet.http.HttpServletRequest;

import org.apache.struts2.StrutsConstants;
import org.apache.struts2.dispatcher.multipart.MultiPartRequest;

import com.opensymphony.xwork2.inject.Inject;
import com.oreilly.servlet.MultipartRequest;


public class CosMultiPartRequest implements MultiPartRequest {
    private MultipartRequest multi;
    private String defaultEncoding;
    private boolean maxSizeProvided;
    private int maxSize;

    @Inject(StrutsConstants.STRUTS_I18N_ENCODING)
    public void setDefaultEncoding(String defaultEncoding) {
        this.defaultEncoding = defaultEncoding;
    }

    @Inject(StrutsConstants.STRUTS_MULTIPART_MAXSIZE)
    public void setMaxSize(String maxSize) {
        this.maxSizeProvided = true;
        this.maxSize = Integer.parseInt(maxSize);
    }

    @Override
    public String[] getContentType(String fieldName) {
        return new String[] { multi.getContentType(fieldName) };
    }

    @SuppressWarnings("unchecked")
    @Override
    public List getErrors() {
        return Collections.EMPTY_LIST;
    }

    @Override
    public File[] getFile(String fieldName) {
        return new File[] { multi.getFile(fieldName) };
    }

    @Override
    public String[] getFileNames(String fieldName) {
        return new String[] { multi.getFile(fieldName).getName() };
    }

    @SuppressWarnings("unchecked")
    @Override
    public Enumeration<String> getFileParameterNames() {
        return multi.getFileNames();
    }

    @Override
    public String[] getFilesystemName(String name) {
        return new String[] { multi.getFilesystemName(name) };
    }

    @Override
    public String getParameter(String name) {
        return multi.getParameter(name);
    }

    @SuppressWarnings("unchecked")
    @Override
    public Enumeration<String> getParameterNames() {
        return multi.getParameterNames();
    }

    @Override
    public String[] getParameterValues(String name) {
        return multi.getParameterValues(name);
    }

    @Override
    public void parse(HttpServletRequest request, String saveDir) throws IOException {
        if (maxSizeProvided) {
            multi = new MultipartRequest(request, saveDir, maxSize, defaultEncoding);
        } else {
            multi = new MultipartRequest(request, saveDir, defaultEncoding);
        }
    }

	@Override
	public void cleanUp() {
		// TODO Auto-generated method stub
		
	}
}


3.配置檔案註冊自己建立的bean

4.配置struts.multipart.parser屬性為cos

<!-- 配置cos檔案上傳的解析器 -->
	<bean type="org.apache.struts2.dispatcher.multipart.MultiPartRequest" name="cos" class="com.xxxxx.common.util.CosMultiPartRequest" />
	<!--避免編號為CVE-2017-5638的該漏洞,-->
	<!--影響系統及版本:Struts 2.3.5 - Struts 2.3.31、Struts 2.5 - Struts 2.5.10-->
	<constant name="struts.multipart.parser" value="cos"></constant>