p:imageCropper https servlet 路径问题
p:imageCropper with https servlet path problem
我正在尝试使用 imageCropper 实现 primefaces 文件上传,以在 https 下更改用户头像。
我上传图像并将其保存到应用程序服务器的临时文件夹中。
我使用来自服务器临时路径
的 WebServlet 将上传的图像传送到 primefaces imageCropper
当我使用 http 时一切正常,但是当我转为 https 时出现错误 {0}: Conversion error occurred.
这是我的代码:
xhtml 代码
<p:imageCropper
id="avatarImage"
image="https://#{request.serverName}:#{request.serverPort}#{request.contextPath}/reports/#{UserpreferencesBean.imageFilePath}"
value="#{UserpreferencesBean.croppedImage}"
aspectRatio="1.0" initialCoords="225,75,300,125"
boxWidth="400"
boxHeight="400"
minSize="90,90"/>
<br/>
<p:commandButton id="cropButton"
value="Crop"
action="#{UserpreferencesBean.crop()}"
update="form:messages image avatarImage avatarForm"
icon="ui-icon-scissors"/>
豆码
public void crop() throws IOException {
avatarImage = new DefaultStreamedContent(null);
avatarImage = new DefaultStreamedContent(new ByteArrayInputStream(croppedImage.getBytes()));
in = new ByteArrayInputStream(croppedImage.getBytes());
avatarByteArray = croppedImage.getBytes();
FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(FacesMessage.SEVERITY_INFO, "Success", "Cropping finished."));
}
WebServlet 代码
@WebServlet("/reports/*")
public class ImageServlet extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String filename = request.getPathInfo().substring(1);
File file = new File(System.getProperty("jboss.server.temp.dir"), filename);
response.setHeader("Content-Type", getServletContext().getMimeType(filename));
response.setHeader("Content-Length", String.valueOf(file.length()));
response.setHeader("Content-Disposition", "inline; filename="+File.separator + filename + File.separator );
Files.copy(file.toPath(), response.getOutputStream());
}
}
一些笔记
-> 我的 SSL 无效。我使用自签名证书
-> 我的应用服务器是 Wildfly 16
终于,我找到了解决办法。问题是 self-sign 证书。
解决方案是信任 java 不受信任的证书。您可以在应用程序开始时在侦听器中只使用此代码,并且将信任所有证书。
private static class TrustAllManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
public static void initTrustAllClient() {
try {
TrustManager[] trustAll = new TrustManager[]{new TrustAllManager()};
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAll, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HostnameVerifier allHostValid = new HostnameVerifier() {
@Override
public boolean verify(String string, SSLSession ssls) {
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(allHostValid);
} catch (Exception e) {
e.printStackTrace();
}
}
一些链接
https://gist.github.com/michalbcz/4170520
其他解决方法(不是很好)是将 WebServlet URL 从 SSL 安全性中排除,我在没有 https 的情况下提供图像。
所以除了图像 servlet 之外,所有应用程序都使用 https。
我仍然认为问题出在 self-sign 证书上。
<security-constraint>
<web-resource-collection>
<web-resource-name>SecureResource</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Non-SecureResource</web-resource-name>
<url-pattern>/reports/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
我正在尝试使用 imageCropper 实现 primefaces 文件上传,以在 https 下更改用户头像。
我上传图像并将其保存到应用程序服务器的临时文件夹中。
我使用来自服务器临时路径
当我使用 http 时一切正常,但是当我转为 https 时出现错误 {0}: Conversion error occurred.
这是我的代码:
xhtml 代码
<p:imageCropper
id="avatarImage"
image="https://#{request.serverName}:#{request.serverPort}#{request.contextPath}/reports/#{UserpreferencesBean.imageFilePath}"
value="#{UserpreferencesBean.croppedImage}"
aspectRatio="1.0" initialCoords="225,75,300,125"
boxWidth="400"
boxHeight="400"
minSize="90,90"/>
<br/>
<p:commandButton id="cropButton"
value="Crop"
action="#{UserpreferencesBean.crop()}"
update="form:messages image avatarImage avatarForm"
icon="ui-icon-scissors"/>
豆码
public void crop() throws IOException {
avatarImage = new DefaultStreamedContent(null);
avatarImage = new DefaultStreamedContent(new ByteArrayInputStream(croppedImage.getBytes()));
in = new ByteArrayInputStream(croppedImage.getBytes());
avatarByteArray = croppedImage.getBytes();
FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(FacesMessage.SEVERITY_INFO, "Success", "Cropping finished."));
}
WebServlet 代码
@WebServlet("/reports/*")
public class ImageServlet extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String filename = request.getPathInfo().substring(1);
File file = new File(System.getProperty("jboss.server.temp.dir"), filename);
response.setHeader("Content-Type", getServletContext().getMimeType(filename));
response.setHeader("Content-Length", String.valueOf(file.length()));
response.setHeader("Content-Disposition", "inline; filename="+File.separator + filename + File.separator );
Files.copy(file.toPath(), response.getOutputStream());
}
}
一些笔记
-> 我的 SSL 无效。我使用自签名证书
-> 我的应用服务器是 Wildfly 16
终于,我找到了解决办法。问题是 self-sign 证书。 解决方案是信任 java 不受信任的证书。您可以在应用程序开始时在侦听器中只使用此代码,并且将信任所有证书。
private static class TrustAllManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
public static void initTrustAllClient() {
try {
TrustManager[] trustAll = new TrustManager[]{new TrustAllManager()};
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAll, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HostnameVerifier allHostValid = new HostnameVerifier() {
@Override
public boolean verify(String string, SSLSession ssls) {
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(allHostValid);
} catch (Exception e) {
e.printStackTrace();
}
}
一些链接
https://gist.github.com/michalbcz/4170520
其他解决方法(不是很好)是将 WebServlet URL 从 SSL 安全性中排除,我在没有 https 的情况下提供图像。
所以除了图像 servlet 之外,所有应用程序都使用 https。
我仍然认为问题出在 self-sign 证书上。
<security-constraint>
<web-resource-collection>
<web-resource-name>SecureResource</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Non-SecureResource</web-resource-name>
<url-pattern>/reports/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>