1、背景

笔者的springboot在一个非root用户环境下运行,这种环境下可以保证不被潜在的jar/开源框架漏洞提权。

比如在防火墙上把外网访问来的443端口映射到本地8443的java web端口。(注意对外服务的80-1024端口需要root权限才能申请),

具体映射方法可参考:Linux下使用iptables配置防火墙端口转发 。由于是受限用户遇到一些问题:

org.springframework.web.multipart.MultipartException: Failed to parse multipart servlet request; nested exception is java.io.IOException: The temporary upload location [/tmp/tomcat.8524616412347407692.8111/work/Tomcat/localhost/ROOT/asset] i

s not valid

        at org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.handleParseFailure(StandardMultipartHttpServletRequest.java:122)

        at org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.parseRequest(StandardMultipartHttpServletRequest.java:113)

        at org.springframework.web.multipart.support.StandardMultipartHttpServletRequest.<init>(StandardMultipartHttpServletRequest.java:86)

        at org.springframework.web.multipart.support.StandardServletMultipartResolver.resolveMultipart(StandardServletMultipartResolver.java:93)

        at org.springframework.web.servlet.DispatcherServlet.checkMultipart(DispatcherServlet.java:1128)

        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:960)

        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925)

        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:974)

        at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:877)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)

        at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:851)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:158)

        at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:126)

        at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:111)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:84)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

解决方法,根据SpringBoot版本不同设置

spring.servlet.multipart.location=YOUR_TEMP_LOCATION_PATH

或者

spring.http.multipart.location=YOUR_TEMP_LOCATION_PATH

笔者使用yaml配置文件,如下

起初经过如下一些设置,均无效

1、asset

2、./asset 对应结果:The temporary upload location [/tmp/tomcat.3611170690354284212.8111/work/Tomcat/localhost/ROOT/./asset] is not valid

后设置成绝对路径,这个绝对路径从JVM系统属性里获取ASSET_HOME属性,ASSET_HOME属性在启动类里面设置,如下:

import com.netmarch.web.common.mybatis.MyBatisConfig;

import org.springframework.boot.SpringApplication;

import org.springframework.boot.autoconfigure.EnableAutoConfiguration;

import org.springframework.boot.autoconfigure.SpringBootApplication;

import org.springframework.boot.system.ApplicationHome;

import org.springframework.cache.annotation.CacheConfig;

import org.springframework.cache.annotation.EnableCaching;

import org.springframework.scheduling.annotation.EnableAsync;

import java.io.File;

import java.nio.file.Path;

@EnableAsync

@EnableCaching

@CacheConfig

@EnableAutoConfiguration

@SpringBootApplication(exclude = {

        MyBatisConfig.class

},scanBasePackages = "com.xxx")

public class WebApplication{

    public static void main(String[] args) {

        ApplicationHome home = new ApplicationHome(WebApplication.class);

        // returns the folder where the jar is. This is what I wanted.

        File rootFolder = home.getDir();

        Path path = rootFolder.toPath().normalize().toAbsolutePath();

        System.setProperty("ASSET_HOME",path.toString());



        SpringApplication.run(WebApplication.class, args);

    }

}

其他参考:

https://spring.hhui.top/spring-blog/2019/02/13/190213-SpringBoot%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E5%BC%82%E5%B8%B8%E4%B9%8B%E6%8F%90%E7%A4%BAThe-temporary-upload-location-xxx-is-not-valid/

springboot放到linux启动报错:The temporary upload location [/tmp/tomcat.8524616412347407692.8111/work/Tomcat/localhost/ROOT/asset] is not valid的更多相关文章

  1. SpringBoot 上传文件突然报错 Failed to parse multipart servlet request; nested exception is java.io.IOException: The temporary upload location [/tmp/tomcat.1428942566812653608

    异常信息 org.springframework.web.multipart.MultipartException: Failed to parse multipart servlet request ...

  2. 在系统下文件上传报错:The temporary upload location [/tmp/tomcat.xxx/work/Tomcat/localhost/ROOT] is not valid

    线上的系统中长时间不访问时不能上传文件了,出现如下错误: 2019-03-11 23:37:42.741 ERROR 66505 --- [nio-8081-exec-3] o.a.c.c.C.[.[ ...

  3. org.springframework.web.multipart.MultipartException: Failed to parse multipart servlet request; nested exception is java.io.IOException: The temporary upload location [/tmp/tomcat.1428942566812653608

    一.异常信息 org.springframework.web.multipart.MultipartException: Failed to parse multipart servlet reque ...

  4. Springboot集成ES启动报错

    报错内容 None of the configured nodes are available elasticsearch.yml配置 cluster.name: fans node.name: no ...

  5. SpringBoot发布WAR启动报错:Error assembling WAR: webxml attribute is required

    Spring Boot发布war包流程: 1.修改web model的pom.xml <packaging>war</packaging> SpringBoot默认发布的都是j ...

  6. SpringBoot整合nacos启动报错:java.lang.NoClassDefFoundError: org/springframework/boot/context/properties/ConfigurationBeanFactoryMetadata

    报错信息 org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'nacosCo ...

  7. springboot多数据源启动报错:required a single bean, but 6 were found:

    技术群: 816227112 参考:https://stackoverflow.com/questions/43455869/could-not-autowire-there-is-more-than ...

  8. springboot 文件上传 java.io.IOException: The temporary upload location [/tmp/xx] is not valid

    转自:http://meia.fun/article/1541578061808 首先分析下出现问题的原因:linux 下的 /tmp 目录,是用来存储由各种程序创建的临时文件的地方.一些配置,导致系 ...

  9. spring boot上传文件错误The temporary upload location [/tmp/tomcat.5260880110861696164.8090/work/Tomcat/localhost/ROOT] is not valid

    参考了:https://www.jianshu.com/p/cfbbc0bb0b84 再次感谢,但还是有些调整 一.在zuul服务中加入两个配置参数(location: /data/apps/temp ...

随机推荐

  1. 缓冲加载图片的 jQuery 插件 lazyload.js 使用方法详解

    在写代码的时候,经常会用到懒加载的模式,以前是通过window.onload的模式去加载,但是图片很多或者用ajax请求的时候,就会很麻烦,现在用lazyload的模式加载方便很多 <!doct ...

  2. SpringBoot——探究HelloWorld【三】

    前言 前面我们写了helloworld的一个,这里我们对他进行分析 探究 那么下面就开始我们的探究之旅吧,首先从POM文件来,在POM文件中我们导入了项目所需要的依赖 POM文件 父项目 <pa ...

  3. java 如何用pattern 和 Matcher 来使用正则表达式(一)

    近期用到了java或者scala的正则表达式的用法,抽点时间总结一下: 转自:https://www.cnblogs.com/haodawang/p/5967219.html java的regex库 ...

  4. docker 服务无法启动

    重装以后仍然不行,dockerd可以运行,但是systemctl start docker.service不行,后来在编辑一个文件时,提示没有空间可以保存,结果一查,发现服务器空间基本占满了, 通过 ...

  5. HDU-1848-Fibonacci again and again(SG函数,博弈)

    链接: http://acm.hdu.edu.cn/showproblem.php?pid=1848 题意: 任何一个大学生对菲波那契数列(Fibonacci numbers)应该都不会陌生,它是这样 ...

  6. Hibernate中对象的三种状态即save(),update(),saveOrUpdate()的使用【转】

    当new一个user的时候,是处于瞬时状态 当调用session.save(user)的时候,user对象会放到session里,此时处于持久状态 当提交事务的时候,user对象才会存到DB中 当调用 ...

  7. MySQL中SUM和COUNT的区别

    COUNT:是对记录进行汇总,即计数 SUM:是对符合条件的数值列字段进行求和 原表数据如下: 1,当在where子句中使用Price>25时, COUNT函数返回的是符合条件的记录,SUM函数 ...

  8. nave node 的虚拟环境管理工具

    nave 是类似python venv 的node 虚拟环境管理工具 安装 npm install -g nave 简单使用 帮助命令 Usage: nave <cmd> Commands ...

  9. HHHOJ #151. 「NOI模拟 #2」Nagisa

    计算几何板子题(我才没有拷板子的说--) 众所周知,三角形的重心坐标是\((\frac{x_1+x_2+x_3}{3},\frac{y_1+y_2+y_3}{3})\) 然后我们发现如果我们有一个点集 ...

  10. js中实现函数防抖跟函数节流

    最近刚接触两个新概念函数防抖与函数节流,虽然这些内容网上可以搜到很多,大家都有自己的一套的理解方式,都写得很好, 而自己则想在理解的基础上自己把代码实现一遍,加深印象. 一.函数防抖 假如我们有这样的 ...