Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Uploading Files with Servlets Read more about the FileUpload APIFileUpload API.

Published byDwain Gordon Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Uploading Files with Servlets Read more about the FileUpload APIFileUpload API."— Presentation transcript:

1 1 Uploading Files with Servlets Read more about the FileUpload APIFileUpload API

2 2 Handling Uploads with Package Commons FileUpload Commons FileUpload is a package of Apache for handling uploaded files in the Servlet side Files are sent in the body of post requests Using this package, uploaded files are temporarily written into the memory or the disk (depending on the file size) You can set the size threshold beyond which files are written to disk This is not a configuration parameter in web.xml but a part of the API as we’ll see in the next slides

3 3 Handling Uploads with Package Commons FileUpload Servlets read the file from the disk or memory In Tomcat, the default temporary directory is $CATALINA_BASE/temp/ However, you can specify a temporary directory of your own (e.g., /tmp ) What if a very big file is uploaded? -You can define the maximal size of uploaded files -Exception is thrown for larger files

4 4 Example 1 Upload Files and Parameters <form action="upload1" method="post" enctype="multipart/form-data"> File: upload1.html Sends the client the uploaded file This is the right encoding type for files uploading

5 5 import org.apache.commons.fileupload.disk.*; import org.apache.commons.fileupload.servlet.*; import org.apache.commons.fileupload.*; public class Upload1 extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { DiskFileItemFactory factory = new DiskFileItemFactory(); //factory.setRepository(new File("/tmp")); factory.setSizeThreshold(1000); ServletFileUpload upload = new ServletFileUpload(factory); upload.setSizeMax(60000); Upload1.java Sets the repository directory Sets the memory vs. disk threshold (bytes) Sets the maximum file size (bytes). Bigger files generate exceptions

6 6 try { List items = upload.parseRequest(request); Iterator it = items.iterator(); FileItem item = (FileItem) it.next(); response.setContentType(item.getContentType()); response.setContentLength((int)item.getSize()); InputStream is = item.getInputStream(); OutputStream os = response.getOutputStream(); byte[] buffer = new byte[4096]; int read = -1; while((read=is.read(buffer))>=0) os.write(buffer,0,read); } catch (FileUploadException exp) { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println(" Error : " + exp.getMessage() + " "); }}} Upload1.java In our exmaple, we expect a single parameter We use an Output stream and not the out PrintWriter

7 7 Example 2 Upload Files and Parameters <form action="upload2" method="post" enctype="multipart/form-data"> Parameter x: File: Parameter y: upload2.html Mixed parameter types

8 8 List items = upload.parseRequest(request); Iterator it = items.iterator(); out.println(" "); while (it.hasNext()) { FileItem item = (FileItem) it.next(); if (item.isFormField()) out.println(" Field : " + item.getFieldName() + " = " + item.getString() + " "); else out.println(" File " + ": parameter name: " + item.getFieldName() + ", file name: " + item.getName() + ", file size: " + item.getSize() + " bytes, file type: " + item.getContentType() + " "); } out.println(" "); Upload2.java This time we use a loop since there’re several parameters

9 9 Example 3 The latter example reflected a common design problem: combining complex HTML code and Java code in a Servlet or a JSP -Java code for processing parameters and uploaded files -HTML code for generating the (dynamic) response An accepted solution is to process the parameters in a Servlet, and forward the request to a JSP for generating the response -Attributes can be sent to the JSP The next example also uses JSTL

10 10 JSTL JSTL stands for JSP Standard Tag Library This is a regular tag library that can be imported to your page, like the ones we created in the past This library includes some standard actions that are common in JSP, like iteration and conditions over EL expressions, parsing/manipulation of XML and database access More details can be found in Sun's J2EE Tut.Sun's J2EE Tut

11 11 Example 3 Upload Files and Parameters <form action="upload3" method="post" enctype="multipart/form-data"> Parameter x: File: Parameter y: upload3.html

12 12 List formParams = new LinkedList(); List files = new LinkedList(); List items = upload.parseRequest(request); Iterator it = items.iterator(); while (it.hasNext()) { FileItem item = (FileItem) it.next(); if (item.isFormField())formParams.add(item); else files.add(item); } request.setAttribute("formParams",formParams); request.setAttribute("files",files); this.getServletContext().getRequestDispatcher ("/WEB-INF/jsp/upload3.jsp").forward(request,response); Upload3.java We’ll store parameters and fileitems in those lists Attach the lists to the request

13 13 Submitted Parameters Submitted Parameters: Parameter : name: ${item.fieldName}, value: ${item.string} File : name: ${item.name}, length: ${item.size}, size: type:${item.contentType} /WEB-INF/jsp/upload3.jsp

14 14 A Question What is the advantage of redirecting to JSP pages that are under WEB-INF? -Pages under the WEB-INF are not accessible -You can make sure no one invokes the JSP directly -You can hide the implementation

15 15 Programmatic Security with Servlets

16 16 Programmatic-Security Methods Servlet API contains several accessories for handling programmatic security: - getRemoteUser() - isUserInRole(String role) - getAuthType() These are all methods of HttpServletRequest To enable user authentication (even for public URLs), provide a link to some protected page Returns the authenticated user or null if none exists

17 17 An Example: Security Constraints in web.xml Firm People /login.html employees managers web.xml Roles, some users and their roles are defined in /conf/tomcat-users.xml Some secured resources Roles that can view those resources

18 18 FORM /login /login?fail=fail managers employees web.xml An Example: Security Constraints in web.xml Roles used in this application (recommended but not a necessity)

19 19 public class FirmServlet extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); out.println(" Firm "); out.println(" Hello. "); String username = req.getRemoteUser(); if(username==null) { out.println(" "); out.println(" Login "); out.println(" "); return; } FirmServlet Returns the authenticated user or null if none exists

20 20 if(req.isUserInRole("employees")) { out.println(" "); out.print(" Welcome Employee " + username + "! "); } if(req.isUserInRole("managers")) { out.println(" "); out.print(" Executive average salary: 42764NIS! "); } out.print(" Log Out "); out.println(" "); } FirmServlet

21 21 public class LoginServlet extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); out.println(" Login "); if(req.getParameter("fail")!=null) out.print(" Login Failed. Try Again. "); out.println(" " + " Login: " + " Password: " + " " + " "); } LoginServlet.java Notice that though this code contains no getSession() calls, the server tries to put session-cookie as a part of the FORM authorization

22 22 public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { this.doGet(req,res); } LoginServlet.java Login LoginServlet Login /login web.xml

23 23 public class EndSession extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { HttpSession session = req.getSession(false); if(session!=null) session.invalidate(); res.sendRedirect("firm"); } EndSession.java EndSession EndSession /endsession web.xml Tomcat’s session implementation saves the user details in the session but not as attributes. Recovering this data is done by calling the mentioned request methods, but of course invalidating the session leads to logout

24 24 Logged On You are logged on! Back to the firm page. login.html

25 25 Managing User Authentication with Tomcat

26 26 A Reminder create table users ( username varchar(30) not null primary key, pass varchar(30) not null ); create table users_roles ( username varchar(30) not null, role varchar(30) not null, primary key (username,role), foreign key (username) references users(username) );

27 27 In tomcat-base/conf/server.xml <Realm className="org.apache.catalina.realm.JDBCRealm" driverName="oracle.jdbc.driver.OracleDriver" connectionURL= "jdbc:oracle:thin:snoopy/snoopy@sol4:1521:stud" userTable="users" userNameCol="username" userCredCol="pass" userRoleTable="users_roles" roleNameCol="role"/>

28 28 User Tables What if we do not have one table that stores usernames and passwords? What if we only have one role for the all users? What if we wanted the above information to be stored in several tables (e.g., users and administrators)? The idea is to use views rather than real tables

29 29 Creating Views create view up as (select username u, pass p from users union select u,p from admin); create view ur as (select username u, 'myRole' r from users union select u, 'admin' r from admin); Unifies the user/password data from 2 tables Default role for “simple” users Default role for “admin” users

30 30 Fixing server.xml <Realm className="org.apache.catalina.realm.JDBCRealm" driverName="oracle.jdbc.driver.OracleDriver" connectionURL= "jdbc:oracle:thin:snoopy/snoopy@sol4:1521:stud" userTable="up" userNameCol="u" userCredCol="p" userRoleTable="ur" roleNameCol="r"/>

Download ppt "1 Uploading Files with Servlets Read more about the FileUpload APIFileUpload API."

Similar presentations

Java Server Pages (JSP)

Java Server Pages (JSP)
 2002 Prentice Hall. All rights reserved. Chapter 9: Servlets Outline 9.1 Introduction 9.2 Servlet Overview and Architecture 9.2.1 Interface Servlet and.

 2002 Prentice Hall. All rights reserved. Chapter 9: Servlets Outline 9.1 Introduction 9.2 Servlet Overview and Architecture Interface Servlet and.
1 Servlets: Leftover Odds and Ends (Most apply to JSPs as well, duh….) Representation and Management of Data on the Internet, 2007 CS Department, HUJI.

1 Servlets: Leftover Odds and Ends (Most apply to JSPs as well, duh….) Representation and Management of Data on the Internet, 2007 CS Department, HUJI.
Objectives Ch. D - 1 At the end of this chapter students will: Know the general architecture and purpose of servlets Understand how to create a basic servlet.

Objectives Ch. D - 1 At the end of this chapter students will: Know the general architecture and purpose of servlets Understand how to create a basic servlet.
Servlets Stoney Jackson

Servlets Stoney Jackson
WEB1P servintro1 Introduction to servlets and JSP Dr Jim Briggs.

WEB1P servintro1 Introduction to servlets and JSP Dr Jim Briggs.
An introduction to Java Servlet Programming

An introduction to Java Servlet Programming
1 Servlets Part 2 Representation and Management of Data on the Web.

1 Servlets Part 2 Representation and Management of Data on the Web.
1 Servlet/JSP Miscellaneous Representation and Management of Data on the Web.

1 Servlet/JSP Miscellaneous Representation and Management of Data on the Web.
18-Jun-15 JSP Java Server Pages Reference: Tutorial/Servlet-Tutorial-JSP.html.

18-Jun-15 JSP Java Server Pages Reference: Tutorial/Servlet-Tutorial-JSP.html.
Liang, Introduction to Java Programming, Sixth Edition, (c) 2005 Pearson Education, Inc. All rights reserved. 0-13-148952-6 1 Chapter 34 Servlets.

Liang, Introduction to Java Programming, Sixth Edition, (c) 2005 Pearson Education, Inc. All rights reserved Chapter 34 Servlets.
JSP Java Server Pages Reference: http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/Servlet-Tutorial-JSP.html.

JSP Java Server Pages Reference:
2/16/2004 Dynamic Content February 16, 2004. 2/16/2004 Assignments Due – Message of the Day Part 1 Due – Reading and Warmup Work on Message of the Day.

2/16/2004 Dynamic Content February 16, /16/2004 Assignments Due – Message of the Day Part 1 Due – Reading and Warmup Work on Message of the Day.
27-Jun-15 Directories and DDs. 2 Web apps A web application is basically a web site that: “Knows who you are”--it doesn’t just give you static pages,

27-Jun-15 Directories and DDs. 2 Web apps A web application is basically a web site that: “Knows who you are”--it doesn’t just give you static pages,
1 Servlets: Leftover Odds and Ends (Most apply to JSPs as well, duh….)

1 Servlets: Leftover Odds and Ends (Most apply to JSPs as well, duh….)
Comp2513 Java Servlet Basics Daniel L. Silver, Ph.D.

Comp2513 Java Servlet Basics Daniel L. Silver, Ph.D.
Chapter 4 Servlets Concept of Servlets (What, Why, and How) Servlet API Third-party tools to run servlets Examples of Using Servlets HTML tag with GET.

Chapter 4 Servlets Concept of Servlets (What, Why, and How) Servlet API Third-party tools to run servlets Examples of Using Servlets HTML tag with GET.
Servlets. Our Project 3-tier application Develop our own multi-threaded server Socket level communication.

Servlets. Our Project 3-tier application Develop our own multi-threaded server Socket level communication.
SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.

SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.
CSCI 6962: Server-side Design and Programming History and Background.

CSCI 6962: Server-side Design and Programming History and Background.

Similar presentations

Ads by Google