Describe the bug After upgrading Spring Boot from 2.7.11 (Spring Security 5.7.8) to 3.1.2 (Spring Security 6.1.2) uploading multipart file has stopped working. We are using Apache Camel for processing uploaded file.
To Reproduce We have created repo with example (https://github.com/McNullty/camel-upload-with-security), on branch master we have used latest versions of Spring Boot / Spring Security and Camel, on branch old-spring boot there is version with older versions of Spring and Camel.
We have also tested latest Camel without Spring Security and it is working as expected.
Expected behavior
Example can be tested by sending any file with curl, eg.:
curl --location 'http://localhost:8080/camel/upload' \
--header 'Authorization: Basic dXNlcjpwYXNz' \
--form 'file=@"/path/examples.yaml"'
Expected behavior is that In Camel exchange body there is file with size different than 0.
Sample
A link to a GitHub repository with a minimal, reproducible sample.
Comment From: MladenCikara-Dextcloud
I have found workaround. If I add .requestCache(RequestCacheConfigurer::disable) to security configuration, application works as expected.
Eg.
http
.requestCache(RequestCacheConfigurer::disable)
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(authorize -> authorize
.anyRequest().authenticated()
)
.httpBasic(Customizer.withDefaults())
I have also found that if I put log statement that "tickles" request.getInputStream() in filter before RequestCacheAwareFilter application also works as expected.
Eg.
public class DebugFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
log.info("Input Stream: {}", request.getInputStream());
chain.doFilter(request, response);
}
}
Comment From: NuwanSameera
@marcusdacoregio your solution is working. Early I had .csrf(csrf -> csrf.disable()) CSRF configuration. It didn't work.
What is the difference between .csrf(csrf -> csrf.disable()) and csrf(AbstractHttpConfigurer::disable)