public class DiskFileItemFactory extends Object implements FileItemFactory
implementation. This implementation creates
FileItem instances which keep their
content either in memory, for smaller items, or in a temporary file on disk,
for larger items. The size threshold, above which content will be stored on
disk, is configurable, as is the directory in which temporary files will be
If not otherwise configured, the default configuration values are as follows:
NOTE: Files are created in the system default temp directory with
predictable names. This means that a local attacker with write access to that
directory can perform a TOUTOC attack to replace any uploaded file with a
file of the attackers choice. The implications of this will depend on how the
uploaded file is used but could be significant. When using this
implementation in an environment with local, untrusted users,
setRepository(File) MUST be used to configure a repository location
that is not publicly writable. In a Servlet container the location identified
by the ServletContext attribute
may be used.
Temporary files, which are created for file items, should be
deleted later on. The best way to do this is using a
FileCleaningTracker, which you can set on the
DiskFileItemFactory. However, if you do use such a tracker,
then you must consider the following: Temporary files are automatically
deleted as soon as they are no longer needed. (More precisely, when the
corresponding instance of
File is garbage collected.)
This is done by the so-called reaper thread, which is started and stopped
automatically by the
FileCleaningTracker when there are files to be
It might make sense to terminate that thread, for example, if
your web application ends. See the section on "Resource cleanup"
in the users guide of commons-fileupload.
|Modifier and Type||Field and Description|
The default threshold above which uploads will be stored on disk.
|Constructor and Description|
Constructs an unconfigured instance of this class.
Constructs a preconfigured instance of this class.
|Modifier and Type||Method and Description|
Create a new
Returns the default charset for use when no explicit charset parameter is provided by the sender.
Returns the tracker, which is responsible for deleting temporary files.
Returns the directory used to temporarily store files that are larger than the configured size threshold.
Returns the size threshold beyond which files are written directly to disk.
Sets the default charset for use when no explicit charset parameter is provided by the sender.
Sets the tracker, which is responsible for deleting temporary files.
Sets the directory used to temporarily store files that are larger than the configured size threshold.
Sets the size threshold beyond which files are written directly to disk.
public DiskFileItemFactory(int sizeThreshold, File repository)
sizeThreshold- The threshold, in bytes, below which items will be retained in memory and above which they will be stored as a file.
repository- The data repository, which is the directory in which files will be created, should the item size exceed the threshold.
public File getRepository()
public void setRepository(File repository)
repository- The directory in which temporary files will be located.
public int getSizeThreshold()
public void setSizeThreshold(int sizeThreshold)
sizeThreshold- The size threshold, in bytes.
public FileItem createItem(String fieldName, String contentType, boolean isFormField, String fileName)
DiskFileIteminstance from the supplied parameters and the local factory configuration.
fieldName- The name of the form field.
contentType- The content type of the form field.
trueif this is a plain form field;
fileName- The name of the uploaded file, if any, as supplied by the browser or other client.
public org.apache.commons.io.FileCleaningTracker getFileCleaningTracker()
FileCleaningTracker, or null (default), if temporary files aren't tracked.
public void setFileCleaningTracker(org.apache.commons.io.FileCleaningTracker pTracker)
pTracker- An instance of
FileCleaningTracker, which will from now on track the created files, or null (default), to disable tracking.
public String getDefaultCharset()
Copyright © 2002–2019 The Apache Software Foundation. All rights reserved.