struts2檔案上傳修改為cos框架處理一系列事情
阿新 • • 發佈:2019-01-25
前段時間Struts2出來一個編號CVE-2017-5638的漏洞,影響系統及版本:Struts 2.3.5 - Struts 2.3.31、Struts 2.5 - Struts 2.5.10!
專案經理簡單修復了一下,他直接在配置檔案中新增了這麼個屬性!
屬性如下:
<constant name="struts.multipart.parser" value="cos"></constant>
也沒測試,過了幾天客戶反應檔案個圖片不能上傳了!叫我去看看,我一看發現後臺報錯了!
報錯如下:
java.lang.RuntimeException: Unable to load bean org.apache.struts2.dispatcher.multipart.MultiPartRequest (cos) - [unknown location] at com.opensymphony.xwork2.inject.ContainerBuilder$4.create(ContainerBuilder.java:132) at com.opensymphony.xwork2.inject.ContainerImpl.getInstance(ContainerImpl.java:514) at com.opensymphony.xwork2.inject.ContainerImpl.getInstance(ContainerImpl.java:524) at com.opensymphony.xwork2.inject.ContainerImpl$9.call(ContainerImpl.java:555) at com.opensymphony.xwork2.inject.ContainerImpl.callInContext(ContainerImpl.java:584) Truncated. see log file for complete stacktrace Caused By: Unable to load bean org.apache.struts2.dispatcher.multipart.MultiPartRequest (cos) - [unknown location] at org.apache.struts2.config.BeanSelectionProvider$ObjectFactoryDelegateFactory.create(BeanSelectionProvider.java:468) at com.opensymphony.xwork2.inject.ContainerBuilder$4.create(ContainerBuilder.java:130) at com.opensymphony.xwork2.inject.ContainerImpl.getInstance(ContainerImpl.java:514) at com.opensymphony.xwork2.inject.ContainerImpl.getInstance(ContainerImpl.java:524) at com.opensymphony.xwork2.inject.ContainerImpl$9.call(ContainerImpl.java:555) Truncated. see log file for complete stacktrace
後面各種百度,發現了這麼一個部落格!
部落格連結:http://www.cnblogs.com/pigtail/archive/2013/02/12/2910348.html
其實當時紅色部分提示的很清楚了,要加入相應的jra包!
後面又參考了部落格:http://www.iteye.com/topic/316626
按照他寫了一個實現類,加上配置檔案
<!-- 配置cos檔案上傳的解析器 --> <bean type="org.apache.struts2.dispatcher.multipart.MultiPartRequest" name="cos" class="com.nuchina.common.util.CosMultiPartRequest" />
準確的做法應該如下:
1.加入cos.jar
2.建立一個實現org.apache.struts2.dispatcher.multipart.MultiPartRequest介面的類
package com.nuchina.common.util; import java.io.File; import java.io.IOException; import java.util.Collections; import java.util.Enumeration; import java.util.List; import javax.servlet.http.HttpServletRequest; import org.apache.struts2.StrutsConstants; import org.apache.struts2.dispatcher.multipart.MultiPartRequest; import com.opensymphony.xwork2.inject.Inject; import com.oreilly.servlet.MultipartRequest; public class CosMultiPartRequest implements MultiPartRequest { private MultipartRequest multi; private String defaultEncoding; private boolean maxSizeProvided; private int maxSize; @Inject(StrutsConstants.STRUTS_I18N_ENCODING) public void setDefaultEncoding(String defaultEncoding) { this.defaultEncoding = defaultEncoding; } @Inject(StrutsConstants.STRUTS_MULTIPART_MAXSIZE) public void setMaxSize(String maxSize) { this.maxSizeProvided = true; this.maxSize = Integer.parseInt(maxSize); } @Override public String[] getContentType(String fieldName) { return new String[] { multi.getContentType(fieldName) }; } @SuppressWarnings("unchecked") @Override public List getErrors() { return Collections.EMPTY_LIST; } @Override public File[] getFile(String fieldName) { return new File[] { multi.getFile(fieldName) }; } @Override public String[] getFileNames(String fieldName) { return new String[] { multi.getFile(fieldName).getName() }; } @SuppressWarnings("unchecked") @Override public Enumeration<String> getFileParameterNames() { return multi.getFileNames(); } @Override public String[] getFilesystemName(String name) { return new String[] { multi.getFilesystemName(name) }; } @Override public String getParameter(String name) { return multi.getParameter(name); } @SuppressWarnings("unchecked") @Override public Enumeration<String> getParameterNames() { return multi.getParameterNames(); } @Override public String[] getParameterValues(String name) { return multi.getParameterValues(name); } @Override public void parse(HttpServletRequest request, String saveDir) throws IOException { if (maxSizeProvided) { multi = new MultipartRequest(request, saveDir, maxSize, defaultEncoding); } else { multi = new MultipartRequest(request, saveDir, defaultEncoding); } } @Override public void cleanUp() { // TODO Auto-generated method stub } }
3.配置檔案註冊自己建立的bean
4.配置struts.multipart.parser屬性為cos
<!-- 配置cos檔案上傳的解析器 -->
<bean type="org.apache.struts2.dispatcher.multipart.MultiPartRequest" name="cos" class="com.xxxxx.common.util.CosMultiPartRequest" />
<!--避免編號為CVE-2017-5638的該漏洞,-->
<!--影響系統及版本:Struts 2.3.5 - Struts 2.3.31、Struts 2.5 - Struts 2.5.10-->
<constant name="struts.multipart.parser" value="cos"></constant>