View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.commons.fileupload.disk;
18  
19  import static java.lang.String.*;
20  
21  import java.io.ByteArrayInputStream;
22  import java.io.File;
23  import java.io.FileInputStream;
24  import java.io.FileOutputStream;
25  import java.io.IOException;
26  import java.io.InputStream;
27  import java.io.ObjectInputStream;
28  import java.io.ObjectOutputStream;
29  import java.io.OutputStream;
30  import java.io.UnsupportedEncodingException;
31  import java.util.Map;
32  import java.util.UUID;
33  import java.util.concurrent.atomic.AtomicInteger;
34  
35  import org.apache.commons.fileupload.FileItem;
36  import org.apache.commons.fileupload.FileItemHeaders;
37  import org.apache.commons.fileupload.FileUploadException;
38  import org.apache.commons.fileupload.ParameterParser;
39  import org.apache.commons.fileupload.util.Streams;
40  import org.apache.commons.io.FileUtils;
41  import org.apache.commons.io.IOUtils;
42  import org.apache.commons.io.output.DeferredFileOutputStream;
43  
44  /**
45   * <p> The default implementation of the
46   * {@link org.apache.commons.fileupload.FileItem FileItem} interface.
47   *
48   * <p> After retrieving an instance of this class from a {@link
49   * DiskFileItemFactory} instance (see
50   * {@link org.apache.commons.fileupload.servlet.ServletFileUpload
51   * #parseRequest(javax.servlet.http.HttpServletRequest)}), you may
52   * either request all contents of file at once using {@link #get()} or
53   * request an {@link java.io.InputStream InputStream} with
54   * {@link #getInputStream()} and process the file without attempting to load
55   * it into memory, which may come handy with large files.
56   *
57   * <p>Temporary files, which are created for file items, should be
58   * deleted later on. The best way to do this is using a
59   * {@link org.apache.commons.io.FileCleaningTracker}, which you can set on the
60   * {@link DiskFileItemFactory}. However, if you do use such a tracker,
61   * then you must consider the following: Temporary files are automatically
62   * deleted as soon as they are no longer needed. (More precisely, when the
63   * corresponding instance of {@link java.io.File} is garbage collected.)
64   * This is done by the so-called reaper thread, which is started and stopped
65   * automatically by the {@link org.apache.commons.io.FileCleaningTracker} when
66   * there are files to be tracked.
67   * It might make sense to terminate that thread, for example, if
68   * your web application ends. See the section on "Resource cleanup"
69   * in the users guide of commons-fileupload.</p>
70   *
71   * @since FileUpload 1.1
72   *
73   * @version $Id: DiskFileItem.java 1743503 2016-05-12 13:39:38Z jochen $
74   */
75  public class DiskFileItem
76      implements FileItem {
77  
78      // ----------------------------------------------------- Manifest constants
79  
80      /**
81       * The UID to use when serializing this instance.
82       */
83      private static final long serialVersionUID = 2237570099615271025L;
84  
85      /**
86       * Default content charset to be used when no explicit charset
87       * parameter is provided by the sender. Media subtypes of the
88       * "text" type are defined to have a default charset value of
89       * "ISO-8859-1" when received via HTTP.
90       */
91      public static final String DEFAULT_CHARSET = "ISO-8859-1";
92  
93      // ----------------------------------------------------------- Data members
94  
95      /**
96       * UID used in unique file name generation.
97       */
98      private static final String UID =
99              UUID.randomUUID().toString().replace('-', '_');
100 
101     /**
102      * Counter used in unique identifier generation.
103      */
104     private static final AtomicInteger COUNTER = new AtomicInteger(0);
105 
106     /**
107      * The name of the form field as provided by the browser.
108      */
109     private String fieldName;
110 
111     /**
112      * The content type passed by the browser, or <code>null</code> if
113      * not defined.
114      */
115     private final String contentType;
116 
117     /**
118      * Whether or not this item is a simple form field.
119      */
120     private boolean isFormField;
121 
122     /**
123      * The original filename in the user's filesystem.
124      */
125     private final String fileName;
126 
127     /**
128      * The size of the item, in bytes. This is used to cache the size when a
129      * file item is moved from its original location.
130      */
131     private long size = -1;
132 
133 
134     /**
135      * The threshold above which uploads will be stored on disk.
136      */
137     private final int sizeThreshold;
138 
139     /**
140      * The directory in which uploaded files will be stored, if stored on disk.
141      */
142     private final File repository;
143 
144     /**
145      * Cached contents of the file.
146      */
147     private byte[] cachedContent;
148 
149     /**
150      * Output stream for this item.
151      */
152     private transient DeferredFileOutputStream dfos;
153 
154     /**
155      * The temporary file to use.
156      */
157     private transient File tempFile;
158 
159     /**
160      * File to allow for serialization of the content of this item.
161      */
162     private File dfosFile;
163 
164     /**
165      * The file items headers.
166      */
167     private FileItemHeaders headers;
168 
169     // ----------------------------------------------------------- Constructors
170 
171     /**
172      * Constructs a new <code>DiskFileItem</code> instance.
173      *
174      * @param fieldName     The name of the form field.
175      * @param contentType   The content type passed by the browser or
176      *                      <code>null</code> if not specified.
177      * @param isFormField   Whether or not this item is a plain form field, as
178      *                      opposed to a file upload.
179      * @param fileName      The original filename in the user's filesystem, or
180      *                      <code>null</code> if not specified.
181      * @param sizeThreshold The threshold, in bytes, below which items will be
182      *                      retained in memory and above which they will be
183      *                      stored as a file.
184      * @param repository    The data repository, which is the directory in
185      *                      which files will be created, should the item size
186      *                      exceed the threshold.
187      */
188     public DiskFileItem(String fieldName,
189             String contentType, boolean isFormField, String fileName,
190             int sizeThreshold, File repository) {
191         this.fieldName = fieldName;
192         this.contentType = contentType;
193         this.isFormField = isFormField;
194         this.fileName = fileName;
195         this.sizeThreshold = sizeThreshold;
196         this.repository = repository;
197     }
198 
199     // ------------------------------- Methods from javax.activation.DataSource
200 
201     /**
202      * Returns an {@link java.io.InputStream InputStream} that can be
203      * used to retrieve the contents of the file.
204      *
205      * @return An {@link java.io.InputStream InputStream} that can be
206      *         used to retrieve the contents of the file.
207      *
208      * @throws IOException if an error occurs.
209      */
210     public InputStream getInputStream()
211         throws IOException {
212         if (!isInMemory()) {
213             return new FileInputStream(dfos.getFile());
214         }
215 
216         if (cachedContent == null) {
217             cachedContent = dfos.getData();
218         }
219         return new ByteArrayInputStream(cachedContent);
220     }
221 
222     /**
223      * Returns the content type passed by the agent or <code>null</code> if
224      * not defined.
225      *
226      * @return The content type passed by the agent or <code>null</code> if
227      *         not defined.
228      */
229     public String getContentType() {
230         return contentType;
231     }
232 
233     /**
234      * Returns the content charset passed by the agent or <code>null</code> if
235      * not defined.
236      *
237      * @return The content charset passed by the agent or <code>null</code> if
238      *         not defined.
239      */
240     public String getCharSet() {
241         ParameterParser parser = new ParameterParser();
242         parser.setLowerCaseNames(true);
243         // Parameter parser can handle null input
244         Map<String, String> params = parser.parse(getContentType(), ';');
245         return params.get("charset");
246     }
247 
248     /**
249      * Returns the original filename in the client's filesystem.
250      *
251      * @return The original filename in the client's filesystem.
252      * @throws org.apache.commons.fileupload.InvalidFileNameException The file name contains a NUL character,
253      *   which might be an indicator of a security attack. If you intend to
254      *   use the file name anyways, catch the exception and use
255      *   {@link org.apache.commons.fileupload.InvalidFileNameException#getName()}.
256      */
257     public String getName() {
258         return Streams.checkFileName(fileName);
259     }
260 
261     // ------------------------------------------------------- FileItem methods
262 
263     /**
264      * Provides a hint as to whether or not the file contents will be read
265      * from memory.
266      *
267      * @return <code>true</code> if the file contents will be read
268      *         from memory; <code>false</code> otherwise.
269      */
270     public boolean isInMemory() {
271         if (cachedContent != null) {
272             return true;
273         }
274         return dfos.isInMemory();
275     }
276 
277     /**
278      * Returns the size of the file.
279      *
280      * @return The size of the file, in bytes.
281      */
282     public long getSize() {
283         if (size >= 0) {
284             return size;
285         } else if (cachedContent != null) {
286             return cachedContent.length;
287         } else if (dfos.isInMemory()) {
288             return dfos.getData().length;
289         } else {
290             return dfos.getFile().length();
291         }
292     }
293 
294     /**
295      * Returns the contents of the file as an array of bytes.  If the
296      * contents of the file were not yet cached in memory, they will be
297      * loaded from the disk storage and cached.
298      *
299      * @return The contents of the file as an array of bytes
300      * or {@code null} if the data cannot be read
301      */
302     public byte[] get() {
303         if (isInMemory()) {
304             if (cachedContent == null && dfos != null) {
305                 cachedContent = dfos.getData();
306             }
307             return cachedContent;
308         }
309 
310         byte[] fileData = new byte[(int) getSize()];
311         InputStream fis = null;
312 
313         try {
314             fis = new FileInputStream(dfos.getFile());
315             IOUtils.readFully(fis, fileData);
316         } catch (IOException e) {
317             fileData = null;
318         } finally {
319             IOUtils.closeQuietly(fis);
320         }
321 
322         return fileData;
323     }
324 
325     /**
326      * Returns the contents of the file as a String, using the specified
327      * encoding.  This method uses {@link #get()} to retrieve the
328      * contents of the file.
329      *
330      * @param charset The charset to use.
331      *
332      * @return The contents of the file, as a string.
333      *
334      * @throws UnsupportedEncodingException if the requested character
335      *                                      encoding is not available.
336      */
337     public String getString(final String charset)
338         throws UnsupportedEncodingException {
339         return new String(get(), charset);
340     }
341 
342     /**
343      * Returns the contents of the file as a String, using the default
344      * character encoding.  This method uses {@link #get()} to retrieve the
345      * contents of the file.
346      *
347      * <b>TODO</b> Consider making this method throw UnsupportedEncodingException.
348      *
349      * @return The contents of the file, as a string.
350      */
351     public String getString() {
352         byte[] rawdata = get();
353         String charset = getCharSet();
354         if (charset == null) {
355             charset = DEFAULT_CHARSET;
356         }
357         try {
358             return new String(rawdata, charset);
359         } catch (UnsupportedEncodingException e) {
360             return new String(rawdata);
361         }
362     }
363 
364     /**
365      * A convenience method to write an uploaded item to disk. The client code
366      * is not concerned with whether or not the item is stored in memory, or on
367      * disk in a temporary location. They just want to write the uploaded item
368      * to a file.
369      * <p>
370      * This implementation first attempts to rename the uploaded item to the
371      * specified destination file, if the item was originally written to disk.
372      * Otherwise, the data will be copied to the specified file.
373      * <p>
374      * This method is only guaranteed to work <em>once</em>, the first time it
375      * is invoked for a particular item. This is because, in the event that the
376      * method renames a temporary file, that file will no longer be available
377      * to copy or rename again at a later time.
378      *
379      * @param file The <code>File</code> into which the uploaded item should
380      *             be stored.
381      *
382      * @throws Exception if an error occurs.
383      */
384     public void write(File file) throws Exception {
385         if (isInMemory()) {
386             FileOutputStream fout = null;
387             try {
388                 fout = new FileOutputStream(file);
389                 fout.write(get());
390                 fout.close();
391             } finally {
392             	IOUtils.closeQuietly(fout);
393             }
394         } else {
395             File outputFile = getStoreLocation();
396             if (outputFile != null) {
397                 // Save the length of the file
398                 size = outputFile.length();
399                 /*
400                  * The uploaded file is being stored on disk
401                  * in a temporary location so move it to the
402                  * desired file.
403                  */
404                 FileUtils.moveFile(outputFile, file);
405             } else {
406                 /*
407                  * For whatever reason we cannot write the
408                  * file to disk.
409                  */
410                 throw new FileUploadException(
411                     "Cannot write uploaded file to disk!");
412             }
413         }
414     }
415 
416     /**
417      * Deletes the underlying storage for a file item, including deleting any
418      * associated temporary disk file. Although this storage will be deleted
419      * automatically when the <code>FileItem</code> instance is garbage
420      * collected, this method can be used to ensure that this is done at an
421      * earlier time, thus preserving system resources.
422      */
423     public void delete() {
424         cachedContent = null;
425         File outputFile = getStoreLocation();
426         if (outputFile != null && outputFile.exists()) {
427             outputFile.delete();
428         }
429     }
430 
431     /**
432      * Returns the name of the field in the multipart form corresponding to
433      * this file item.
434      *
435      * @return The name of the form field.
436      *
437      * @see #setFieldName(java.lang.String)
438      *
439      */
440     public String getFieldName() {
441         return fieldName;
442     }
443 
444     /**
445      * Sets the field name used to reference this file item.
446      *
447      * @param fieldName The name of the form field.
448      *
449      * @see #getFieldName()
450      *
451      */
452     public void setFieldName(String fieldName) {
453         this.fieldName = fieldName;
454     }
455 
456     /**
457      * Determines whether or not a <code>FileItem</code> instance represents
458      * a simple form field.
459      *
460      * @return <code>true</code> if the instance represents a simple form
461      *         field; <code>false</code> if it represents an uploaded file.
462      *
463      * @see #setFormField(boolean)
464      *
465      */
466     public boolean isFormField() {
467         return isFormField;
468     }
469 
470     /**
471      * Specifies whether or not a <code>FileItem</code> instance represents
472      * a simple form field.
473      *
474      * @param state <code>true</code> if the instance represents a simple form
475      *              field; <code>false</code> if it represents an uploaded file.
476      *
477      * @see #isFormField()
478      *
479      */
480     public void setFormField(boolean state) {
481         isFormField = state;
482     }
483 
484     /**
485      * Returns an {@link java.io.OutputStream OutputStream} that can
486      * be used for storing the contents of the file.
487      *
488      * @return An {@link java.io.OutputStream OutputStream} that can be used
489      *         for storing the contents of the file.
490      *
491      * @throws IOException if an error occurs.
492      */
493     public OutputStream getOutputStream()
494         throws IOException {
495         if (dfos == null) {
496             File outputFile = getTempFile();
497             dfos = new DeferredFileOutputStream(sizeThreshold, outputFile);
498         }
499         return dfos;
500     }
501 
502     // --------------------------------------------------------- Public methods
503 
504     /**
505      * Returns the {@link java.io.File} object for the <code>FileItem</code>'s
506      * data's temporary location on the disk. Note that for
507      * <code>FileItem</code>s that have their data stored in memory,
508      * this method will return <code>null</code>. When handling large
509      * files, you can use {@link java.io.File#renameTo(java.io.File)} to
510      * move the file to new location without copying the data, if the
511      * source and destination locations reside within the same logical
512      * volume.
513      *
514      * @return The data file, or <code>null</code> if the data is stored in
515      *         memory.
516      */
517     public File getStoreLocation() {
518         if (dfos == null) {
519             return null;
520         }
521         if (isInMemory()) {
522         	return null;
523         }
524         return dfos.getFile();
525     }
526 
527     // ------------------------------------------------------ Protected methods
528 
529     /**
530      * Removes the file contents from the temporary storage.
531      */
532     @Override
533     protected void finalize() {
534         if (dfos == null) {
535             return;
536         }
537         File outputFile = dfos.getFile();
538 
539         if (outputFile != null && outputFile.exists()) {
540             outputFile.delete();
541         }
542     }
543 
544     /**
545      * Creates and returns a {@link java.io.File File} representing a uniquely
546      * named temporary file in the configured repository path. The lifetime of
547      * the file is tied to the lifetime of the <code>FileItem</code> instance;
548      * the file will be deleted when the instance is garbage collected.
549      * <p>
550      * <b>Note: Subclasses that override this method must ensure that they return the
551      * same File each time.</b>
552      *
553      * @return The {@link java.io.File File} to be used for temporary storage.
554      */
555     protected File getTempFile() {
556         if (tempFile == null) {
557             File tempDir = repository;
558             if (tempDir == null) {
559                 tempDir = new File(System.getProperty("java.io.tmpdir"));
560             }
561 
562             String tempFileName = format("upload_%s_%s.tmp", UID, getUniqueId());
563 
564             tempFile = new File(tempDir, tempFileName);
565         }
566         return tempFile;
567     }
568 
569     // -------------------------------------------------------- Private methods
570 
571     /**
572      * Returns an identifier that is unique within the class loader used to
573      * load this class, but does not have random-like appearance.
574      *
575      * @return A String with the non-random looking instance identifier.
576      */
577     private static String getUniqueId() {
578         final int limit = 100000000;
579         int current = COUNTER.getAndIncrement();
580         String id = Integer.toString(current);
581 
582         // If you manage to get more than 100 million of ids, you'll
583         // start getting ids longer than 8 characters.
584         if (current < limit) {
585             id = ("00000000" + id).substring(id.length());
586         }
587         return id;
588     }
589 
590     /**
591      * Returns a string representation of this object.
592      *
593      * @return a string representation of this object.
594      */
595     @Override
596     public String toString() {
597         return format("name=%s, StoreLocation=%s, size=%s bytes, isFormField=%s, FieldName=%s",
598                       getName(), getStoreLocation(), Long.valueOf(getSize()),
599                       Boolean.valueOf(isFormField()), getFieldName());
600     }
601 
602     /**
603      * Returns the file item headers.
604      * @return The file items headers.
605      */
606     public FileItemHeaders getHeaders() {
607         return headers;
608     }
609 
610     /**
611      * Sets the file item headers.
612      * @param pHeaders The file items headers.
613      */
614     public void setHeaders(FileItemHeaders pHeaders) {
615         headers = pHeaders;
616     }
617 
618 }