java - Spring MVC Safe way to Upload, generate and download a file -


i´m working on webapp spring mvc , maven. have following process: first of user has upload file. afterwards uploaded file edited. last not least want create download contains edited file.

the first step "upload file" works well. have controller contains following post method:

    @requestmapping(value = "/circleup", method = requestmethod.post)     public string circleuppost(httpservletrequest request, model model, //             @modelattribute("circleupform") circleupform circleupform) {          return this.doupload(request, model, circleupform);     }      private string doupload(httpservletrequest request, model model, //             circleupform circleupform) {          file file = circleupform.getfile();          if (file != null) {             try { //some edit stuff                 serialize(file, serializationmodeenum.standard);              } catch (exception e) {                 e.printstacktrace();             }         }         model.addattribute("uploadedfiles", file);         return "uploadresult";     }      protected static string serialize(file file, serializationmodeenum serializationmode) {          java.io.file test = null;          try {             test = java.io.file.createtempfile("test", ".pdf");         } catch (ioexception e1) {             // todo auto-generated catch block             e1.printstacktrace();         }         try {             file.save(test, serializationmode);         } catch (exception e) {             e.printstacktrace();         }          // test.deleteonexit();          return test.getpath();     } 

in "serialize" method pdfclown file saved temp folder.

afterwards "uploadresult" page appear contains folloing code:

    <%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>  <html> <head> <meta charset="utf-8"> <title>download</title> </head> <body>     <h3>download files:</h3>      <a href="${pagecontext.request.contextpath}/download">circleup</a>  </body> </html> 

when user clicks on link controller called handles download. dont know how design controller can works edited file saved in temp folder. think should :

    @requestmapping(value = "/download") public void download(httpservletrequest request, httpservletresponse response) throws ioexception {       final string temperotyfilepath = ???      string filename = "test.pdf";     response.setcontenttype("application/pdf");     response.setheader("content-disposition", "attachment; filename=" + filename);      try {         bytearrayoutputstream baos = new bytearrayoutputstream();         baos = convertpdftobytearrayoutputstream(temperotyfilepath + "\\" + filename);         outputstream os = response.getoutputstream();         baos.writeto(os);         os.flush();     } catch (exception e1) {         e1.printstacktrace();     }  }  private bytearrayoutputstream convertpdftobytearrayoutputstream(string filename) {      inputstream inputstream = null;     bytearrayoutputstream baos = new bytearrayoutputstream();     try {          inputstream = new fileinputstream(filename);         byte [] buffer = new byte [1024];         baos = new bytearrayoutputstream();          int bytesread;         while ((bytesread = inputstream.read(buffer)) != -1) {             baos.write(buffer, 0, bytesread);         }      } catch (filenotfoundexception e) {         e.printstacktrace();     } catch (ioexception e) {         e.printstacktrace();     } {         if (inputstream != null) {             try {                 inputstream.close();             } catch (ioexception e) {                 e.printstacktrace();             }         }     }     return baos; } 

i have 2 questions now:

  1. how can downloadcontroller attain temp path file?
  2. is process of uploading,generating , downloading file safe? or there better way handle process?

i´m new spring mvc , webapp development , i´m thankful every suggestion :)

you can use same approach use in upload

test = java.io.file.createtempfile("test", ".pdf"); 

all need point same file , read it.

if need custom dir files saving can either define property - my.file.path=some path here or

use system temp dir

public class main {   public static void main(string[] args) {     string property = "java.io.tmpdir";      string tempdir = system.getproperty(property);     system.out.println("os current temporary directory " + tempdir);   } } 

got code the link

  1. actually approach not safe. if 2 different users upload files same name& if 1 uploaded , user tries download it? amount of files millions? etc. etc.

it's better use independent file storage test project it's fine


Comments

Popular posts from this blog

ZeroMQ on Windows, with Qt Creator -

unity3d - Unity SceneManager.LoadScene quits application -

python - Error while using APScheduler: 'NoneType' object has no attribute 'now' -