File Upload and download-servletfileupload

Solve upload chinese garbled problem-upload file Security problem-upload file covered problem-uuid algorithm

Attention:

In the HTML page
Input must have name

<input type= "file" name= "filename" >

The Enctype property of this form must be set if the form contains a transfer entry on a file.

Set to Multipart/form-data

<form action = "/day16/servlet/uploadservlet"

Enctype= "Multipart/form-data" method= "POST" >

Browser forms If the type is Multipart/form-data, then the browser submits the form data

, it will encapsulate the data after the MIME protocol, and it will not be used on the server side.

The original traditional positively identified vandalizing get the data.

On the server side you want to get the data through the stream.
The request provides a getinputstream read stream.

In order to facilitate user processing file upload data, the Apache Open source organization provides a to process the form

File upload an open source component (Commons-fileupload).

Using the Commons-fileupload component to implement file uploads, you need to import the appropriate jar packages for that component.
Commons-fileupload and Commons-io two jar packs.

Diskfileitemfactory is the factory that creates the Fileitem object including methods:

1.public void Setsizethreshold (Int?sizethreshold)
Sets the size of the memory buffer, the default value is 10K, and if the file is greater than 10K, the temporary file is used to slow

Save upload file.

2.public void Setrepository (Java.io.File repository)
Specify a temporary file directory

3.public diskfileitemfactory ();

Servletfileupload is responsible for processing uploaded file data and encapsulating each entry in the form as

In a Fileitem object.

Common methods:

1.boolean ismultipartcontent (HttpServletRequest request)
Determine if the upload form is an upload form type

2.List parserequest (HttpServletRequest request)
The requests object is parsed and each entry in the form is packaged into a fileitem

Object and returns a list collection that holds all fileitem.

3.setFileSizeMax (long Filesizemax) set maximum upload file size

4.setSizeMax (Long Sizemax) sets the maximum amount of uploaded files

5.setHeaderEncoding () Set encoding format

Instance:

public class Uploadservlet extends httpservlet{

Diskfileitemfactory factory=new diskfileitemfactory ();

Servletfileupload upload=new servletfileupload (Factory);

Determine if the type of the Submit form is Multipart/form-data

if (!upload.ismultipartcontent (Request))
{
Return
}

Try
{
List list=upload.parserequest (Request);
Iterator It=list.iterator ();

while (It.hasnext ())
{
Fileitem item= (Fileitem) it.next ();//each item represents a form output item

if (Item.isformfield ())//Determine if input is a normal form entry

String name=item.getfieldname (), Name of input

String value= item.getstring (), Value of input
}else{

Get the name of the uploaded file and intercept
String Filename=item.getname ();

Get the directory where the uploaded files will be written
String Path=this.getservletcontext (). Getrealpath ("/upload");
Create an output stream from directories and files

FileOutputStream out=new FileOutputStream (path+filename);

InputStream in = Item.getinputstream ();
byte buffer[] = new byte[1024];
int len = 0;
while ((Len=in.read (buffer)) >0) {
Out.write (Buffer,0,len);
}
In.close ();
Out.close ();
}
}
catch (Fileuploadexception e)
{
E.printstacktrace ();
}
}

}

Classmate Question:

When to use/when to use/

Teacher answers;

/: Represents a URL address, such as http://loacalhost:8080/

Request.getrequestdispacher ("/");

/: Represents a path, for example: c:/windows/

New FileOutputStream ("C://1.txt");

To the Java language, "/" represents the escape.

Solve the problem of uploading Chinese garbled text
Can pass
Upload.setheaderencoding ("Utf-8");

Examples of unsafe applications when uploading files
Runtime.getRuntime.exec ("")
DOS commands can be executed.

1. How to keep the server safe when uploading files?

Solution: Upload directory to prohibit direct access to the outside world, the general practice is to put the upload directory to the service

Web-inf directory. This directory server is protected and cannot be accessed by the outside world.

2. Upload file is covered by the problem

The server will generate a unique filename for each upload file.

You can use the UUID algorithm.

3. Uploaded files need to be scattered

Classic Face Test

The algorithm is a number of different or two times, which is the data itself.
X=1;
y=2;

X=x^y;
Y=x^y;
X=x^y;

Different or often used to encrypt

Deletion of temporary files

Fileitemdelete

Deleting a temporary file must occur after the stream has been closed, otherwise the file will be occupied, causing the deletion to fail.

Multiple File Upload problem:
Mainly JavaScript encoding, the page dynamically add File upload items.

Monitor upload progress:

Write a listener yourself Progresslistener