Spring Security & Multipart requests

To solve the problem, do not use spring MultiPartHttpServerRequest, instead taking the request as HttpServletRequest, using the apache commons fileupload library to parse the request from PUT method, and processing the file. Here are some sample code:

ServletFileUpload fileUpload = new ServletFileUpload(new DiskFileItemFactory());
List<FileItem> fileItems = fileUpload.parseRequest(httpServletRequest);
InputStream in = fileItems.get(0).getInputStream();
...

The problem is that I'm using a PUT instead of a POST. Commons FileUpload is hard coded to only accept POST requests for files.

Check the isMultipartContent method there. To fix this, either use a POST or extend that class and override that method to work how you like.

I opened FILEUPLOAD-214 for this issue.