Why doesn't it find CSRF Token when submitting multipart/form-data in Spring?

P

P_Alexander2020-06-03 22:09:38

Java

P_Alexander, 2020-06-03 22:09:38

Good evening, when trying to upload a file, I get an error MyAccessDeniedHandler --> Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'
Question why?
How to fix?
Important, when sending normal requests, everything works fine....
My spring settings and what I did
.
Did beat -StandardServletMultipartResolver

@Bean
public StandardServletMultipartResolver multipartResolver() {
    return new StandardServletMultipartResolver();
}

2. Installed MultipartConfigElement

public class AppConfig extends AbstractAnnotationConfigDispatcherServletInitializer {
    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class<?>[]{ WebConfig.class, WebSecurityConfig.class};
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return new Class<?>[]{WebConfig.class};
    }

    @Override
    protected String[] getServletMappings() {
        return new String[]{"/"};
    }

   private String TMP_FOLDER = "../resources/images";
   private int MAX_UPLOAD_SIZE = 5 * 1024 * 1024;

    @Override
    public void onStartup(ServletContext servletContext) throws ServletException {
        super.onStartup(servletContext);
        servletContext.addListener(new SessionListener());

        ServletRegistration.Dynamic appServlet = servletContext.addServlet("mvc", new DispatcherServlet(new GenericWebApplicationContext()));



      MultipartConfigElement mce = new MultipartConfigElement(TMP_FOLDER, MAX_UPLOAD_SIZE, MAX_UPLOAD_SIZE * 2, MAX_UPLOAD_SIZE / 2);
      appServlet.setMultipartConfig(mce);
    }


    @Override
    protected FrameworkServlet createDispatcherServlet(WebApplicationContext servletAppContext) {
        final DispatcherServlet dispatcherServlet = (DispatcherServlet) super.createDispatcherServlet(servletAppContext);
        dispatcherServlet.setThrowExceptionIfNoHandlerFound(true);
        return dispatcherServlet;
    }
}

3. controller

@Controller
public class UploadController {
    private static final Logger logger = LogManager.getLogger(UploadController.class);

    @RequestMapping(value = "/uploadImage", method = RequestMethod.GET)
    public String showUploadImage(Model model) {
        return "uploadImage";
    }

    @RequestMapping(value = "/uploadImage", method = RequestMethod.POST)
    public String uploadImage(@RequestParam("file") MultipartFile file,  Model model) {
        logger.debug("UPLOAD FILE getContentType" + file.getContentType());
        logger.debug("UPLOAD FILE getName " + file.getName());
        return "uploadImage";
    }
}

4. my form

<form th:action="@{/uploadImage}" enctype="multipart/form-data" method="POST" >
            <input type="file" name="file" />
            <input type="submit" value="Upload" />
        </form>

How to win it? Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

O

Orkhan, 2020-06-03
Hasanly @azerphoenix

Is the token visible in the DOM source code inside the form tag?
And when submitting the CSRF form, the token is sent?
I prescribe configs for multipartfile in properties I did not face the problem of why null in CSRF when submitting the form.

# File upload size
spring.servlet.multipart.max-file-size=20MB
spring.servlet.multipart.max-request-size=20MB
spring.servlet.multipart.file-size-threshold=2KB
# Uploads
spring.servlet.multipart.enabled=true
fl.upload_path=/home/phoenix/example.com/uploads