alfred.w
- 浏览: 90235 次
- 性别:
- 来自: 杭州
-
文章分类
最新评论
-
xtpgyaps:
楼主,问下,,怎么我重构了JakartaMultiPartRe ...
struts2 使用 jakarta 上传文件时commons fileupload的异常捕捉 -
netfork:
时间变化真快,楼主08年5月份发的贴,现在再看涉及到的源代码, ...
struts2 使用 jakarta 上传文件时commons fileupload的异常捕捉 -
harry:
不错很不错
Linda Rising:“你相信谁?”
问题:
struts2 使用jakarta 上传文件时,如果上传文件的大小超出commons fileupload(jakarta上传文件还是依赖commons-fileupload)设置的大小就会在进入action以前抛出异常.
如果想返回用户的输入界面(input),那么页面原来的参数会丢失。
首先看一下struts2 执行一个action的过程
1. 将用户请求发给org.apache.struts2.dispatcher.Dispatcher,
wrapRequest(HttpServletRequest request, ServletContext servletContext) 方法会判断是否"multipart/form-data",如果是建立一个multiPartRequest 的实例,并且建立MultiPartRequestWrapper
写道
...if (content_type != null && content_type.indexOf("multipart/form-data") != -1) {
MultiPartRequest multi = getContainer().getInstance(MultiPartRequest.class);
request = new MultiPartRequestWrapper(multi, request, getSaveDir(servletContext));
} else {
request = new StrutsRequestWrapper(request);
}
MultiPartRequest multi = getContainer().getInstance(MultiPartRequest.class);
request = new MultiPartRequestWrapper(multi, request, getSaveDir(servletContext));
} else {
request = new StrutsRequestWrapper(request);
}
2. 建立 MultiPartRequestWrapper 时解析(parse) request,
public void parse(HttpServletRequest servletRequest, String saveDir)
throws IOException {
DiskFileItemFactory fac = new DiskFileItemFactory();
// Make sure that the data is written to file
fac.setSizeThreshold(0);
if (saveDir != null) {
fac.setRepository(new File(saveDir));
}
// Parse the request
try {
ServletFileUpload upload = new ServletFileUpload(fac);
upload.setSizeMax(maxSize);
//upload 解析request并取得页面参数
List items = upload.parseRequest(createRequestContext(servletRequest));
......
3.我们看一下ServletFileUpload(commons-fileupload v1.1.1) 的parseRequest做了什么
public List /* FileItem */ parseRequest(RequestContext ctx)
throws FileUploadException {
if (ctx == null) {
throw new NullPointerException("ctx parameter");
}
ArrayList items = new ArrayList();
String contentType = ctx.getContentType();
if ((null == contentType)
|| (!contentType.toLowerCase().startsWith(MULTIPART))) {
throw new InvalidContentTypeException(
"the request doesn't contain a "
+ MULTIPART_FORM_DATA
+ " or "
+ MULTIPART_MIXED
+ " stream, content type header is "
+ contentType);
}
int requestSize = ctx.getContentLength();
if (requestSize == -1) {
throw new UnknownSizeException(
"the request was rejected because its size is unknown");
}
//关键就这里了,大小超出的异常,这里是所有上传文件合计的大小,如果超出就抛出异常
//这时上层是拿不到保存参数的items的
if (sizeMax >= 0 && requestSize > sizeMax) {
throw new SizeLimitExceededException(
"the request was rejected because its size (" + requestSize
+ ") exceeds the configured maximum (" + sizeMax + ")",
requestSize, sizeMax);
}
String charEncoding = headerEncoding;
if (charEncoding == null) {
charEncoding = ctx.getCharacterEncoding();
}
try {
byte[] boundary = getBoundary(contentType);
if (boundary == null) {
throw new FileUploadException(
"the request was rejected because "
+ "no multipart boundary was found");
}
InputStream input = ctx.getInputStream();
MultipartStream multi = new MultipartStream(input, boundary);
multi.setHeaderEncoding(charEncoding);
boolean nextPart = multi.skipPreamble();
while (nextPart) {
Map headers = parseHeaders(multi.readHeaders());
String fieldName = getFieldName(headers);
if (fieldName != null) {
String subContentType = getHeader(headers, CONTENT_TYPE);
if (subContentType != null && subContentType
.toLowerCase().startsWith(MULTIPART_MIXED)) {
// Multiple files.
byte[] subBoundary = getBoundary(subContentType);
multi.setBoundary(subBoundary);
boolean nextSubPart = multi.skipPreamble();
while (nextSubPart) {
headers = parseHeaders(multi.readHeaders());
if (getFileName(headers) != null) {
FileItem item =
createItem(headers, false);
OutputStream os = item.getOutputStream();
try {
multi.readBodyData(os);
} finally {
os.close();
}
items.add(item);
} else {
// Ignore anything but files inside
// multipart/mixed.
multi.discardBodyData();
}
nextSubPart = multi.readBoundary();
}
multi.setBoundary(boundary);
} else {
FileItem item = createItem(headers,
getFileName(headers) == null);
OutputStream os = item.getOutputStream();
try {
multi.readBodyData(os);
} finally {
os.close();
}
items.add(item);
}
} else {
// Skip this part.
multi.discardBodyData();
}
nextPart = multi.readBoundary();
}
} catch (IOException e) {
throw new FileUploadException(
"Processing of " + MULTIPART_FORM_DATA
+ " request failed. " + e.getMessage());
}
return items;
}
4.这之后才开始逐个进入interceptor,见DefaultActionInvocation.invoke()
....
//递归interceptor
if (interceptors.hasNext()) {
final InterceptorMapping interceptor = (InterceptorMapping) interceptors.next();
UtilTimerStack.profile("interceptor: "+interceptor.getName(),
new UtilTimerStack.ProfilingBlock<String>() {
public String doProfiling() throws Exception {
resultCode = interceptor.getInterceptor().intercept(DefaultActionInvocation.this);
return null;
}
});
} else {
//如果有errors,resultCode会得到‘input’
resultCode = invokeActionOnly();
}
...
5.我们的目标就是返回input并且保留页面原来的参数,那么就要不要让ServletFileUpload抛出异常,并且要让strusts使用我们自己的jakart.
6.写自己的ServletFileUpload
/*
* Copyright 2001-2005 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.infowarelab.newcentury.web.util;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileItemFactory;
import org.apache.commons.fileupload.FileUpload;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.MultipartStream;
import org.apache.commons.fileupload.RequestContext;
import org.apache.commons.fileupload.servlet.ServletRequestContext;
import org.apache.log4j.Logger;
/**
* come from commons-fileupload
* @author alfred
*/
public class ServletFileUpload extends FileUpload {
// ---------------------------------------------------------- Class methods
/**
* Logger for this class
*/
private static final Logger logger = Logger.getLogger(ServletFileUpload.class);
private List<String> errors = new ArrayList<String>();
/**
* Constructs an uninitialised instance of this class. A factory must be
* configured, using <code>setFileItemFactory()</code>, before attempting
* to parse requests.
*
* @see FileUpload#FileUpload(FileItemFactory)
*/
public ServletFileUpload() {
super();
}
/**
* Constructs an instance of this class which uses the supplied factory to
* create <code>FileItem</code> instances.
*
* @see FileUpload#FileUpload()
*/
public ServletFileUpload(FileItemFactory fileItemFactory) {
super(fileItemFactory);
}
/**
* overide parseRequest
*/
public List /* FileItem */parseRequest(RequestContext ctx) throws FileUploadException {
if (ctx == null) {
throw new NullPointerException("ctx parameter");
}
ArrayList items = new ArrayList();
String contentType = ctx.getContentType();
if ((null == contentType) || (!contentType.toLowerCase().startsWith(MULTIPART))) {
throw new InvalidContentTypeException("the request doesn't contain a " + MULTIPART_FORM_DATA + " or "
+ MULTIPART_MIXED + " stream, content type header is " + contentType);
}
int requestSize = ctx.getContentLength();
if (requestSize == -1) {
// throw new UnknownSizeException(
// "the request was rejected because its size is unknown");
logger.error("the request was rejected because its size is unknown");
errors.add("the request was rejected because its size is unknown");
}
String charEncoding = getHeaderEncoding();
if (charEncoding == null) {
charEncoding = ctx.getCharacterEncoding();
}
try {
byte[] boundary = getBoundary(contentType);
if (boundary == null) {
// throw new FileUploadException(
// "the request was rejected because "
// + "no multipart boundary was found");
logger.error("the request was rejected because no multipart boundary was found");
errors.add("the request was rejected because no multipart boundary was found");
}
InputStream input = ctx.getInputStream();
MultipartStream multi = new MultipartStream(input, boundary);
multi.setHeaderEncoding(charEncoding);
boolean nextPart = multi.skipPreamble();
while (nextPart) {
Map headers = parseHeaders(multi.readHeaders());
String fieldName = getFieldName(headers);
if (fieldName != null) {
String subContentType = getHeader(headers, CONTENT_TYPE);
if (subContentType != null && subContentType.toLowerCase().startsWith(MULTIPART_MIXED)) {
// Multiple files.
byte[] subBoundary = getBoundary(subContentType);
multi.setBoundary(subBoundary);
boolean nextSubPart = multi.skipPreamble();
while (nextSubPart) {
headers = parseHeaders(multi.readHeaders());
if (getFileName(headers) != null) {
FileItem item = createItem(headers, false);
OutputStream os = item.getOutputStream();
try {
multi.readBodyData(os);
} finally {
os.close();
}
items.add(item);
} else {
// Ignore anything but files inside
// multipart/mixed.
multi.discardBodyData();
}
nextSubPart = multi.readBoundary();
}
multi.setBoundary(boundary);
} else {
FileItem item = createItem(headers, getFileName(headers) == null);
OutputStream os = item.getOutputStream();
try {
multi.readBodyData(os);
} finally {
os.close();
}
items.add(item);
}
} else {
// Skip this part.
multi.discardBodyData();
}
nextPart = multi.readBoundary();
}
// remove SizeLimitExceededException
if (getSizeMax() >= 0 && requestSize > getSizeMax()) {
// throw new SizeLimitExceededException(
// "the request was rejected because its size (" + requestSize
// + ") exceeds the configured maximum (" + getSizeMax() + ")",
// requestSize, getSizeMax());
logger.error("the request was rejected because its size (" + requestSize
+ ") exceeds the configured maximum (" + getSizeMax() + ")");
}
} catch (IOException e) {
logger.error("Processing of " + MULTIPART_FORM_DATA + " request failed. " + e.getMessage());
errors.add("Processing of " + MULTIPART_FORM_DATA + " request failed. " + e.getMessage());
// throw new FileUploadException(
// "Processing of " + MULTIPART_FORM_DATA
// + " request failed. " + e.getMessage());
}
return items;
}
/**
* @return the errors
*/
public List<String> getErrors() {
return errors;
}
/**
* @param errors the errors to set
*/
public void setErrors(List<String> errors) {
this.errors = errors;
}
}
7.copy org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest,只是import上面自己的ServletFileUpload.这样就可以保存页面的所有参数了。
8.更改struts配置文件加入你自己的JakartaMultiReques
<bean type="org.apache.struts2.dispatcher.multipart.MultiPartRequest"
name="jakarta_yourself"
class="com.xxxxx.util.JakartaMultiPartRequest"
scope="default" optional="true" />
9.更改struts.properties
struts.multipart.parser=jakarta_yourself
10.就OK啦
分享到:
评论
2 楼
xtpgyaps
2008-12-16
楼主,问下,,怎么我重构了JakartaMultiPartRequest这个类后,好像struts2不走我重构的这个类,怎么回事呢
1 楼
netfork
2008-12-04
时间变化真快,楼主08年5月份发的贴,现在再看涉及到的源代码,已经变化不小了。
不过说实在的,FileUploadBase这个类写的真得不怎么样,把错误信息直接throw了,struts2的JakartaMultiPartRequest类也不怎么样,把异常的错误信息直接加到errors中就算完事了,太不负责任了吧,国际化在哪里啊?
commons-fileupload组件抛异常有他的道理,楼主的作法会引发一个大的漏洞,我作了个上传文件的完整分析,大家可以看下面的文章。
http://www.iteye.com/topic/287800
不过说实在的,FileUploadBase这个类写的真得不怎么样,把错误信息直接throw了,struts2的JakartaMultiPartRequest类也不怎么样,把异常的错误信息直接加到errors中就算完事了,太不负责任了吧,国际化在哪里啊?
commons-fileupload组件抛异常有他的道理,楼主的作法会引发一个大的漏洞,我作了个上传文件的完整分析,大家可以看下面的文章。
http://www.iteye.com/topic/287800
发表评论
-
[转载]maven&jetty&eclipse
2008-10-28 20:09 1939个人觉得最好还是不要再pom.xml中写入关于maven-je ... -
Maven权威指南
2008-10-24 13:39 921这个网站对maven很全面的介绍 写道 虽然网络上有许多Ma ... -
spring IOC 在Web容器中的初始化
2008-07-16 15:50 01.web容器读取web.xml配置 <listener ... -
ransactionAttributeSourceAdvisor
2008-06-05 16:57 0在使用 Spring 自动代理配置事务时,要配置 Transa ...
相关推荐
要求JDK1.5以上,lib库要包含如下jar文件:antlr.jar,commons-beanutils.jar,commons-collections.jar,commons-digester.jar,commons-fileupload.jar,commons-logging.jar,commons-validator.jar,jakarta-oro...
struts2.3.1.1是目前最新struts2版本,至少需要如下6 个jar包: struts2-core-2.3.1.1.jar freemarker-2.3.18.jar commons-logging-1.1.1.jar ognl-3.0.3.jar xwork-core-2.3.1.1.jar commons-fileupload-1.2.2.jar ...
Struts2本身没有自带的两个jar 如果不导入的话会有Unable to load bean org.apache.struts2.dispatcher.multipart.MultiPartRequest (jakarta) - [unknown location]异常
Struts2默认使用的是Jakarta的Common-FileUpload框架来上传文件,因此,要在web应用中增加两个Jar文件:commons-fileupload-1.2.jar和commons-io-1.3.1.jar。它在原上传框架上做了进一步封装,简化了文件上传的代码...
Struts框架常用配置jar包:struts.jar jakarta-oro.jar commons-logging.jar commons-fileupload.jar commons-digester.jar
struts1.2.9的lib,jar包 antlr commons-beanutils commons-digester commons-fileupload commons-logging commons-validator jakarta-oro struts
commons-fileupload.jar commons-lang.jar commons-logging.jar commons-pool-1.2.jar commons-validator.jar jakarta-oro.jar jdom.jar jstl.jar junit.jar log4j-1.2.8.jar naming-factory.jar poi-3.0-alpha2-...
struts1.2jar包(antlr.iar , commons-beanutils.jar , commons-digester.jar ,commons-fileupload.jar ,commons-logging.jar ,commons-validator.jar ,jakarta-oro.jar ,struts.jar等)
struts1.2所需jar包大全: antlr.jar commons-beanutils.jar commons-digester.jar commons-fileupload.jar commons-logging.jar commons-validator.jar jakarta-oro.jar struts.jar
位于 "\spring-framework-2.5.5\lib\jakarta-commons" 目录下的jar文件: commons-dbcp.jar commons-pool.jar commons-logging.jar (四)、Struts: 位于 "\Struts\struts-1.3.10\struts-1.3.10-all\struts-1.3.10\...
位于 "\spring-framework-2.5.5\lib\jakarta-commons" 目录下的jar文件: commons-dbcp.jar commons-pool.jar commons-logging.jar (四)、Struts: 位于 "\Struts\struts-1.3.10\struts-1.3.10-all\struts-1.3.10\...
位于 "\spring-framework-2.5.5\lib\jakarta-commons" 目录下的jar文件: commons-dbcp.jar commons-pool.jar commons-logging.jar (四)、Struts: 位于 "\Struts\struts-1.3.10\struts-1.3.10-all\struts-1.3.10\...
位于 "\spring-framework-2.5.5\lib\jakarta-commons" 目录下的jar文件: commons-dbcp.jar commons-pool.jar commons-logging.jar (四)、Struts: 位于 "\Struts\struts-1.3.10\struts-1.3.10-all\struts-1.3.10\...
commons-fileupload commons-httpclient commons-io commons-lang commons-logging commons-logging-1.0.4 commons-pool dom4j-1.6.1 dwr ehcache-1.1 hibernate3 itext-1.3 jaas jakarta-oro-2.0.8 jaxen-1.1-beta-...
struts.jar spring-web.jar spring-webmvc.jar spring-portlet.jar struts.jar commons-fileupload.jar commons-httpclient.jar freemarker.jar jasperreports-1.3.3.jar commons-io.jar...
collections-2.1.1.jar commons-dbcp.jar commons-digester.jar commons-fileupload.jar commons-httpclient.jar commons-lang.jar commons-logging.jar commons-pool.jar commons-validator.jar cos.jar db-ojb-...
logging.jar commons-logging-1.0.4.jar commons-validator.jar dom4j-1.6.1.jar dwr.jar hibernate3.jar jaas.jar jakarta-oro.jar jaxen-1.1-beta-7.jar jdbc2_0-stdext.jar jstl.jar jta.jar junit-4.1.jar log4j...
(2)将Struts 2.0驱动包(antlr.jar、commons-beanutils.jar、commons-digester.jar、commons-fileupload.jar、commons-logging.jar、commons-validator.jar、jakarta-oro.jar、jsf-api.jar、jsf-impl.jar、jstl-...
antlr.jar commons-beanutils.jar commons-digester.jar commons-fileupload.jar commons-logging.jar commons-validator.jar jakarta-oro.jar struts.jar struct用到的8个jar包
上传的lib包中需要加入以下文件,因为容量过大,没有上传,请见谅! antlr-2.7.6.jar antlr-2.7.6rc1.jar aopalliance.jar asm.jar asm-attrs.jar asm-commons-2.2.3.jar asm-util-2.2.3.jar aspectjrt.jar ...