1、背景

笔者的springboot在一个非root用户环境下运行,这种环境下可以保证不被潜在的jar/开源框架漏洞提权。

比如在防火墙上把外网访问来的443端口映射到本地8443的java web端口。(注意对外服务的80-1024端口需要root权限才能申请),

具体映射方法可参考:Linux下使用iptables配置防火墙端口转发 。由于是受限用户遇到一些问题:

org.springframework.web.multipart.MultipartException: Failed to parse multipart servlet request; nested exception is java.io.IOException: The temporary upload location [/tmp/tomcat.8524616412347407692.8111/work/Tomcat/localhost/ROOT/asset] i

s not valid

        at org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.handleParseFailure(StandardMultipartHttpServletRequest.java:122)

        at org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.parseRequest(StandardMultipartHttpServletRequest.java:113)

        at org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.<init>(StandardMultipartHttpServletRequest.java:86)

        at org.springframework.web.multipart.support.StandardServletMultipartResolver.resolveMultipart(StandardServletMultipartResolver.java:93)

        at org.springframework.web.servlet.DispatcherServlet.checkMultipart(DispatcherServlet.java:1128)

        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:960)

        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925)

        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:974)

        at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:877)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)

        at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:851)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:158)

        at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:126)

        at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:111)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:84)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

解决方法,根据SpringBoot版本不同设置

spring.servlet.multipart.location=YOUR_TEMP_LOCATION_PATH

或者

spring.http.multipart.location=YOUR_TEMP_LOCATION_PATH

笔者使用yaml配置文件,如下

起初经过如下一些设置,均无效

1、asset

2、./asset 对应结果:The temporary upload location [/tmp/tomcat.3611170690354284212.8111/work/Tomcat/localhost/ROOT/./asset] is not valid

后设置成绝对路径,这个绝对路径从JVM系统属性里获取ASSET_HOME属性,ASSET_HOME属性在启动类里面设置,如下:

import com.netmarch.web.common.mybatis.MyBatisConfig;

import org.springframework.boot.SpringApplication;

import org.springframework.boot.autoconfigure.EnableAutoConfiguration;

import org.springframework.boot.autoconfigure.SpringBootApplication;

import org.springframework.boot.system.ApplicationHome;

import org.springframework.cache.annotation.CacheConfig;

import org.springframework.cache.annotation.EnableCaching;

import org.springframework.scheduling.annotation.EnableAsync;

import java.io.File;

import java.nio.file.Path;

@EnableAsync

@EnableCaching

@CacheConfig

@EnableAutoConfiguration

@SpringBootApplication(exclude = {

        MyBatisConfig.class

},scanBasePackages = "com.xxx")

public class WebApplication{

    public static void main(String[] args) {

        ApplicationHome home = new ApplicationHome(WebApplication.class);

        // returns the folder where the jar is. This is what I wanted.

        File rootFolder = home.getDir();

        Path path = rootFolder.toPath().normalize().toAbsolutePath();

        System.setProperty("ASSET_HOME",path.toString());



        SpringApplication.run(WebApplication.class, args);

    }

}

其他参考:

https://spring.hhui.top/spring-blog/2019/02/13/190213-SpringBoot%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E5%BC%82%E5%B8%B8%E4%B9%8B%E6%8F%90%E7%A4%BAThe-temporary-upload-location-xxx-is-not-valid/

springboot放到linux启动报错:The temporary upload location [/tmp/tomcat.8524616412347407692.8111/work/Tomcat/localhost/ROOT/asset] is not valid的更多相关文章

  1. SpringBoot 上传文件突然报错 Failed to parse multipart servlet request; nested exception is java.io.IOException: The temporary upload location [/tmp/tomcat.1428942566812653608

    异常信息 org.springframework.web.multipart.MultipartException: Failed to parse multipart servlet request ...

  2. 在系统下文件上传报错:The temporary upload location [/tmp/tomcat.xxx/work/Tomcat/localhost/ROOT] is not valid

    线上的系统中长时间不访问时不能上传文件了,出现如下错误: 2019-03-11 23:37:42.741 ERROR 66505 --- [nio-8081-exec-3] o.a.c.c.C.[.[ ...

  3. org.springframework.web.multipart.MultipartException: Failed to parse multipart servlet request; nested exception is java.io.IOException: The temporary upload location [/tmp/tomcat.1428942566812653608

    一.异常信息 org.springframework.web.multipart.MultipartException: Failed to parse multipart servlet reque ...

  4. Springboot集成ES启动报错

    报错内容 None of the configured nodes are available elasticsearch.yml配置 cluster.name: fans node.name: no ...

  5. SpringBoot发布WAR启动报错:Error assembling WAR: webxml attribute is required

    Spring Boot发布war包流程: 1.修改web model的pom.xml <packaging>war</packaging> SpringBoot默认发布的都是j ...

  6. SpringBoot整合nacos启动报错:java.lang.NoClassDefFoundError: org/springframework/boot/context/properties/ConfigurationBeanFactoryMetadata

    报错信息 org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'nacosCo ...

  7. springboot多数据源启动报错:required a single bean, but 6 were found:

    技术群: 816227112 参考:https://stackoverflow.com/questions/43455869/could-not-autowire-there-is-more-than ...

  8. springboot 文件上传 java.io.IOException: The temporary upload location [/tmp/xx] is not valid

    转自:http://meia.fun/article/1541578061808 首先分析下出现问题的原因:linux 下的 /tmp 目录,是用来存储由各种程序创建的临时文件的地方.一些配置,导致系 ...

  9. spring boot上传文件错误The temporary upload location [/tmp/tomcat.5260880110861696164.8090/work/Tomcat/localhost/ROOT] is not valid

    参考了:https://www.jianshu.com/p/cfbbc0bb0b84 再次感谢,但还是有些调整 一.在zuul服务中加入两个配置参数(location: /data/apps/temp ...

随机推荐

  1. 如何测试Web服务.1

    一.什么是web服务  web服务在简单术语中可被定义为通过安装了特定设备或服务器到另一装置或客户端应用程序通过WWW彼此通信后的应用程序(万维网)提供的服务. Web服务通常在计算机网络的应用层上使 ...

  2. jmeter使用正则表达式从上一个http响应数据里提取关键字传递给下一个http请求(二)

    通过jmeter从表格批量读取数据(一)(http://www.cnblogs.com/lelexiong/p/8728993.html)介绍了从表格批量读取数据,读取数据之后,如果要提取响应数据里面 ...

  3. jmeter压测学习2-linux运行jmeter环境

    前言 使用jmeter做压测的时候,在windows上不太稳定,所有一直在linux服务器上使用jmeter做压力测试. 本篇记录下linux上搭建jmeter环境,以及运行jmeter脚本,查看报告 ...

  4. Access denied for user '密码'@'192.18.0.0' (using password: YES)

    Failed to execute goal org.mybatis.generator:mybatis-generator-maven-plugin:1.3.6:generate (default- ...

  5. How would you differentiate JDK, JRE, JVM, and JIT?

    Q5. How would you differentiate JDK, JRE, JVM, and JIT?A5. There is no better way to get the big pic ...

  6. 轻松学习之三——IMP指针的作用

    http://www.jianshu.com/p/425a39d43d16 可能大家一直看到有许多朋友在Runtime相关文章中介绍IMP指针的概念,那么IMP究竟有什么实际作用呢?让我们先从一个函数 ...

  7. [Inside HotSpot] Serial垃圾回收器 (一) Full GC

    Serial垃圾回收器Full GC Serial垃圾回收器的Full GC使用标记-压缩(Mark-Compact)进行垃圾回收,该算法基于Donald E. Knuth提出的Lisp2算法,它会把 ...

  8. html css div固定底部

    <div id="father"> <footer></footer> </div> #father{ position:relat ...

  9. vue的认识===下载

    VUE:不建议直接操作DOM Vue.js是前端三大新框架:Angular.js.React.js.Vue.js之一,Vue.js目前的使用和关注程度在三大框架中稍微 胜出,并且它的热度还在递增 Vu ...

  10. 文件夹上传控件webupload插件

    我们平时经常做的是上传文件,上传文件夹与上传文件类似,但也有一些不同之处,这次做了上传文件夹就记录下以备后用. 这次项目的需求: 支持大文件的上传和续传,要求续传支持所有浏览器,包括ie6,ie7,i ...