grails / grails-spring-security-core

Grails Spring Security Core Plugin
Apache License 2.0
260 stars 223 forks source link

GPSPRINGSECURITYCORE-191: Multipart File uploads broken with Spring Security #204

Closed graemerocher closed 9 years ago

graemerocher commented 12 years ago

Original Reporter: rootsamongruins Environment: Windows Version: Grails-Spring-Security-Core 1.2.7.3 Migrated From: http://jira.grails.org/browse/GPSPRINGSECURITYCORE-191

//in GSP

/g:uploadForm //in controller def f = request.getFile('avatar') Gives error: No signature of method: org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper.getFile() is applicable for argument types: (java.lang.String) values: [avatar] Possible solutions: getXML(), getPart(java.lang.String), getAt(java.lang.String), getAt(java.lang.String), getLocale(), getJSON()
graemerocher commented 12 years ago

burtbeckwith said: This works for me in a test app, as long as I'm already authenticated before submitting the upload POST request.

graemerocher commented 12 years ago

rootsamongruins said: I apologize for opening an issue when I clearly am misconfiguring something. Would it be possible to see the source of your test app?

graemerocher commented 12 years ago

burtbeckwith said: Sure, this is grails-app/controllers/UploadController.groovy:

{code} import grails.plugins.springsecurity.Secured

@Secured(['ROLE_ADMIN']) class UploadController {

def index() {}

def upload() { def f = request.getFile('avatar') f.transferTo new File('/home/burt/avatar') render 'ok' } } {code}

and this is grails-app/views/upload/index.gsp:

{code}

Upload
``` ```

{code}

graemerocher commented 11 years ago

cdandoy said: I have the exact same problem, also using 1.2.7.3, Grails 2.1.1.

I have added this UploadController example to my application and get the same error: {quote} No signature of method: org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper.getFile() is applicable for argument types: (java.lang.String) values: [avatar] {quote} I confirm that I am logged in when I run into this.

According to Chrome, the request is sent as multipart/form-data: {code} Request URL:http://localhost:8080/WebConsole/upload/upload Request Headersview source Accept:text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Content-Type:multipart/form-data; boundary=----WebKitFormBoundarydEtq6IkvPgY3LsdX Origin:http://localhost:8080 Referer:http://localhost:8080/WebConsole/upload User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11 Request Payload ------WebKitFormBoundarydEtq6IkvPgY3LsdX Content-Disposition: form-data; name="avatar"; filename="CSV_with_md5.zip" Content-Type: application/octet-stream

------WebKitFormBoundarydEtq6IkvPgY3LsdX--

{code}

Here are the class names of the requests that are wrapped:

None of them implement MultipartHttpServletRequest which I believe is what I need.

Not sure if it is relevant but I use a userDetailsService as found here: http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/11%20Custom%20UserDetailsService.html I also have a ldapUserDetailsMapper.

Here is my application.properties: {code} app.grails.version=2.1.1 app.name=WebConsole app.version=7.10 plugins.cxf=1.0.6 plugins.executor=0.3 plugins.gwt=0.7.1 plugins.mail=1.0 plugins.quartz=1.0-RC2 plugins.spring-security-core=1.2.7.3 plugins.spring-security-ldap=1.0.6 plugins.webflow=2.0.0 {code}

I understand you can't fix a bug you can't reproduce so please tell me what to look for.

graemerocher commented 11 years ago

cdandoy said: ok, I found the problem.

My Config.groovy contains "grails.web.disable.multipart=true" to enable MTOM with CXF. See http://grails.1312388.n4.nabble.com/Grails-CXF-MTOM-Contract-first-causes-MIME-boundary-problems-td4454380.html

I am still stuck but it has nothing to do with Spring Security.

graemerocher commented 11 years ago

cdandoy said: Since this is related to CXF and not SS, I have reported http://jira.grails.org/browse/GPCXF-5.