加载 xml 文件时,它会给出错误 - HTTP 状态 403 - 在请求参数“_csrf”或标头“X-CSRF-TOKEN”上发现无效的 CSRF 令牌“null”。添加了一个功能。
小.jsp
<br>
<div id="dialog-message" title="Процедура загрузки">
<p>
<span class="ui-icon ui-icon-circle-check" style="float:left; margin:0 7px 50px 0;"></span>
Процедура загрузки
</p>
<p>
<div class="container">
<h2>Загрузить</h2>
<hr>
<!-- File Upload From -->
<form name ="submit_file" action="fileUpload_hotcall" method="post" enctype="multipart/form-data">
<div class="form-group">
<input class="form-control" type="file" name="file">
</div>
<br>
<div class="form-group">
<button class="btn btn-primary" type="submit">загрузить</button>
</div>
</form>
<br />
...
$(function() {
$('#btnsubhotcall').click(function(e) {
e.preventDefault();
//Disable submit button
$(this).prop('disabled',true);
var filename = $('input[type=file]').val().replace(/C:\\fakepath\\/i, '');
console.log('filename '+filename);
if(filename.indexOf('zip') < 0 && filename.indexOf('rar') < 0){
$('#alertMsg').text('Необходим файл с расширением *.zip или *.rar');
$('button[type=submit]').prop('disabled',false);
throw "Bad extanshion";
}
var form = document.forms["submit_file"];
var formData = new FormData(form);
// Ajax call for file uploaling
var ajaxReq = $.ajax({
url : 'fileUpload_hotcall?${_csrf.parameterName}=${_csrf.token}',
type : 'POST',
data : formData,
cache : false,
contentType : false,
processData : false,
xhr: function(){
//Get XmlHttpRequest object
var xhr = $.ajaxSettings.xhr() ;
//Set onprogress event handler
xhr.upload.onprogress = function(event){
var perc = Math.round((event.loaded / event.total) * 100);
$('#progressBar').text(perc + '%');
$('#progressBar').css('width',perc + '%');
};
return xhr ;
},
beforeSend: function( xhr ) {
//Reset alert message and progress bar
$('#alertMsg').text('');
$('#progressBar').text('');
$('#progressBar').css('width','0%');
}
});
// Called on success of file upload
ajaxReq.done(function(msg) {
$('#alertMsg').text(msg);
$('input[type=file]').val('');
$('button[type=submit]').prop('disabled',false);
});
// Called on failure of file upload
ajaxReq.fail(function(jqXHR) {
$('#alertMsg').text('Возникла ощибка\n'+jqXHR.responseText+'('+jqXHR.status+
' - '+jqXHR.statusText+')');
$('button[type=submit]').prop('disabled',false);
});
});
});
PetitController.java
@PostMapping("/fileUpload_hotcall")
public ResponseEntity<Object> fileUpload(@RequestParam(value = "_csrf", required = false) String csrf, @RequestParam("file") MultipartFile file)
throws IOException, JAXBException {
// Save file on system
if (!file.getOriginalFilename().isEmpty()) {
String pathStoreUploadedFile = Option.getDirectory("directory","directories.properties");
File f = new File(pathStoreUploadedFile, file.getOriginalFilename());
BufferedOutputStream outputStream = new BufferedOutputStream(new FileOutputStream(f));
outputStream.write(file.getBytes());
outputStream.flush();
outputStream.close();
List<Petit> pt = petitService.parseArchiveFile(f);
for(Petit p : pt) petitService.addPetit(p);
}else{
return new ResponseEntity<>("Файл не загружен.",HttpStatus.BAD_REQUEST);
}
return new ResponseEntity<>("Файл успешно загружен в базу.",HttpStatus.OK);
}
或者,您可以将 CSRF 令牌添加到操作中,这样它就可以工作了。
但是最好(因为安全参数)将此数据移动到请求的标头或正文中,例如使用 JavaScript。
第 18.5.4 段中的更多详细信息