In this case, since it is a multipart request in which the CSRF token is unavailable to Spring security unless MultipartFilter
along with MultipartResolver
is properly configured so that the multipart request can be processed by Spring.
MulipartResolver
in the applicationContext.xml
file has to be registered as follows
<bean id="filterMultipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="-1" />
</bean>
The attribute value -1
of maxUploadSize
puts no limit on the uploaded file size. This value may vary depending upon the requirements. In case of multiple files, the file size is the size of all uploaded files.
Also,
<servlet-name>/*</servlet-name>
of <filter-mapping>
of MultipartFilter
needs to be changed to
<url-pattern>/*</url-pattern>
This is a bug in the documentation.
This will work just fine, in case, it is Spring MVC alone.
but if it is an integration of Spring and Struts(2), it incurs another problem in the associated Struts action class. The information of the uploaded file will be null
in the associated Struts action class(es).
To solve this particular issue, see this answer to customize a multipart request.