Websphere 7 上的文件上传身份验证问题
目前,我们在 Websphere 7 上遇到了有关 richfaces 文件上传组件的生产问题。问题描述是,使用该组件浏览并选择要上传的文件后,立即出现基本身份验证对话框,要求输入用户凭据。
以下是我们在项目中使用的框架:
JSF 1.2 和 JSF 1.2。富脸3.3.3 Spring框架3.x Spring Webflow 2.1 Spring Security 3.x(仅使用登录对话框进行基本身份验证)
用户在开始使用基本身份验证想要访问应用程序时会进行一次身份验证。所有不使用文件上传组件的屏幕都工作正常。但是,如果我们使用文件上传组件,正如我上面提到的,文件选择(甚至从本地计算机路径)会再次触发基本身份验证对话框。奇怪的是,这种行为不会发生在我们使用 Tomcat 6 的开发环境中。在 Tomcat 上,文件上传不会触发任何用户登录,上传工作正常。
仅当应用程序时才会出现此问题。部署在 Websphere 7 上。任何人都可以告诉我们 Websphere 是否需要任何额外的配置才能通过此组件访问文件吗?
我们花了很多时间研究这个问题,但没有任何有意义的结果。因为这对我们来说是一个生产问题,所以非常关键,需要尽早解决。
所以请在这方面提供帮助。提前致谢。
We are currently facing a production issue on Websphere 7 with respect to richfaces fileupload component. The problem description is that immediately after the file for upload is browsed and selected using this component, the basic authentication dialogbox appears asking for user credentials.
Following are the frameworks we are using in our project:
JSF 1.2 & Richfaces 3.3.3
Spring Framework 3.x
Spring Webflow 2.1
Spring Security 3.x (only basic authentication using login dialogbox)
The user is authenticated once when he wants to access the application at the beginning using basic authentication. All screens that dont use fileupload component are working fine. But if we use fileupload component, as I mentioned above, the file selection (even from local machine path) triggers the basic authentication dialogbox again. The strange thing is that this behaviour does not occur on our Dev Environment which uses Tomcat 6. On Tomcat, the fileupload is not triggering any user login and upload is working fine.
This problem is occuring only when the app. is deployed on Websphere 7. Can anybody please tell whether Websphere requires any additional configuration for accessing Files through this component ?
We have spent a lot of time investigating this problem without any meaningful results. As this is a production issue for us now, it is very critical and needs to be resolved at the earliest.
So please help in this regard. Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我不知道文件上传组件,答案很可能在于其工作原理的细节,但一般来说,如果针对受保护资源的 HTTP 请求到达且该请求不包含有效的 LTPA cookie,那么 WebSphere 会提出质疑。当身份验证发生一次时,浏览器通常会在每次请求时发送 cookie,但只有当浏览器认为 cookie 与给定域相关时才会这样做。因此,如果您网站的主要部分是从(比如说)提供的,
并且文件上传与略有不同的主机相关
,那么 cookie 将不会被发送,并且会产生质询。
我诊断此问题的方法是使用某种流量嗅探器。准确查看正在流动的内容和正在使用的地址。我预测您会在通常情况下看到 LTPA cookie,而不是在上传情况下。然后就是弄清楚“为什么”的问题。
I don't know the File Upload component, and the answer may well lie in the detail of how that works, but in general WebSphere will challenge if an HTTP request arrives for a protected resource and the request does not contain a valid LTPA cookie. The cookie is normally sent by the browser on each request when authentication has happended once, BUT it will only do so if it believes that the cookie is related to a given domain. So if the main part of your website were served from, say,
and the file upload were related to a subtly different host
Then the cookie would not be sent, and a challenge would result.
My approach to diagnosing this would be get some kind of traffic sniffer. See exactly what is flowing and the addresses being used. I'm predicting that you will see the LTPA cookie in the usual case and not in the upload case. Then it's a matter of figuring out "why".