1、背景

笔者的springboot在一个非root用户环境下运行,这种环境下可以保证不被潜在的jar/开源框架漏洞提权。

比如在防火墙上把外网访问来的443端口映射到本地8443的java web端口。(注意对外服务的80-1024端口需要root权限才能申请),

具体映射方法可参考:Linux下使用iptables配置防火墙端口转发 。由于是受限用户遇到一些问题:

org.springframework.web.multipart.MultipartException: Failed to parse multipart servlet request; nested exception is java.io.IOException: The temporary upload location [/tmp/tomcat.8524616412347407692.8111/work/Tomcat/localhost/ROOT/asset] i

s not valid

        at org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.handleParseFailure(StandardMultipartHttpServletRequest.java:122)

        at org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.parseRequest(StandardMultipartHttpServletRequest.java:113)

        at org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.<init>(StandardMultipartHttpServletRequest.java:86)

        at org.springframework.web.multipart.support.StandardServletMultipartResolver.resolveMultipart(StandardServletMultipartResolver.java:93)

        at org.springframework.web.servlet.DispatcherServlet.checkMultipart(DispatcherServlet.java:1128)

        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:960)

        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925)

        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:974)

        at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:877)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)

        at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:851)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:158)

        at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:126)

        at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:111)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:84)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

解决方法,根据SpringBoot版本不同设置

spring.servlet.multipart.location=YOUR_TEMP_LOCATION_PATH

或者

spring.http.multipart.location=YOUR_TEMP_LOCATION_PATH

笔者使用yaml配置文件,如下

起初经过如下一些设置,均无效

1、asset

2、./asset 对应结果:The temporary upload location [/tmp/tomcat.3611170690354284212.8111/work/Tomcat/localhost/ROOT/./asset] is not valid

后设置成绝对路径,这个绝对路径从JVM系统属性里获取ASSET_HOME属性,ASSET_HOME属性在启动类里面设置,如下:

import com.netmarch.web.common.mybatis.MyBatisConfig;

import org.springframework.boot.SpringApplication;

import org.springframework.boot.autoconfigure.EnableAutoConfiguration;

import org.springframework.boot.autoconfigure.SpringBootApplication;

import org.springframework.boot.system.ApplicationHome;

import org.springframework.cache.annotation.CacheConfig;

import org.springframework.cache.annotation.EnableCaching;

import org.springframework.scheduling.annotation.EnableAsync;

import java.io.File;

import java.nio.file.Path;

@EnableAsync

@EnableCaching

@CacheConfig

@EnableAutoConfiguration

@SpringBootApplication(exclude = {

        MyBatisConfig.class

},scanBasePackages = "com.xxx")

public class WebApplication{

    public static void main(String[] args) {

        ApplicationHome home = new ApplicationHome(WebApplication.class);

        // returns the folder where the jar is. This is what I wanted.

        File rootFolder = home.getDir();

        Path path = rootFolder.toPath().normalize().toAbsolutePath();

        System.setProperty("ASSET_HOME",path.toString());



        SpringApplication.run(WebApplication.class, args);

    }

}

其他参考:

https://spring.hhui.top/spring-blog/2019/02/13/190213-SpringBoot%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E5%BC%82%E5%B8%B8%E4%B9%8B%E6%8F%90%E7%A4%BAThe-temporary-upload-location-xxx-is-not-valid/

最新文章

  1. React 学习,需要注意几点
  2. spark 入门整理
  3. *HDU2147 博弈
  4. 未来WEB程序员
  5. golang获取字符串长度需要注意的地方
  6. 二、MLlib统计指标之关联/抽样/汇总
  7. Kattis - Peragrams
  8. Python内置函数(2)——divmod
  9. 实验吧_简单的sql注入_1、2、3
  10. poi控制简单的word
  11. Flask 之东方不败一
  12. linux 截图工具 shutter
  13. C++内存管理-new,delete,new[],placement new的简单使用
  14. AndroidStudio 代码(导入类)报错但可正常运行,以及解决此问题后带来的系列问题解决
  15. 判断一个url是否是图片
  16. git从安装到使用
  17. 20155229《网络对抗技术》Exp:网络欺诈防范
  18. 关于Unity中的世界坐标和局部坐标
  19. C学习笔记(2)--指针
  20. [2016北京集训试题6]魔法游戏-[博弈论-sg函数]

热门文章

  1. mysql-mysqldump
  2. Flux 和 Mono 的区别
  3. 查看spark on yarn的日志和程序状态的方法
  4. Java 多线程学习扩展
  5. 20182310 第二周&amp;第三周学习总结
  6. 手写spark wordCount
  7. Game of Cards Gym - 101128G (SG函数)
  8. php面试题收藏
  9. Wbbpack --3配置
  10. 给codeblocks的c编译选项添加c99标准