[
https://issues.apache.org/jira/browse/WW-3025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Cranford updated WW-3025:
-------------------------------
Attachment: JakartaStreamMultiPartRequest.java
This class uses the FileUpload Streaming API to minimize the memory footprint
and avoid memory consumption on large uploads.
It allows for the maximum request size check that generally was suggested to be
set to -1 and be skipped. Instead, this class checks the request size itself
rather than delegate to the FileUpload API, avoiding the exception that causes
parameters to be lost.
Parameter information is still passed to the action layer, excluding files
should the request exceed the maximum size, populates an error messages list
that is passed to the action.
I configured this in my struts.xml as follows:
{code:xml}
<bean type="org.apache.struts2.dispatcher.multipart.MultiPartRequest"
name="jakartaStream"
class="com.setech.mrovelocityhub.web.struts2.dispatcher.multipart.JakartaStreamMultiPartRequest"
scope="default" />
<constant name="struts.multipart.parser"
value="jakartaStream" />
<constant name="struts.multipart.bufferSize"
value="10240" />
{code}
I added an additional constant called bufferSize to allow users to customize
this as needed which would need to be added to StrutsConstants and removed from
the attached class should this get bundled.
Please review, tweak as needed.
> Parameters get lost when file upload over max size allowed
> ----------------------------------------------------------
>
> Key: WW-3025
> URL: https://issues.apache.org/jira/browse/WW-3025
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Interceptors
> Affects Versions: 2.1.6
> Environment: All
> Reporter: Tom Nguyen
> Fix For: Future
>
> Attachments: JakartaStreamMultiPartRequest.java
>
>
> When the uploaded file gets rejected because it's content, size, or because
> of a general problem an Exception is thrown by the MultiPartRequest class.
> Exceptions are: InvalidContentTypeException, UnknownSizeException,
> SizeLimitExceededException, and FileUploadException. This can lead to serious
> problems within the application because the other parameters from the upload
> form get lost. Happening in a profile page for example means that the user
> data is lost this can lead to a security Exception. In other case this
> usually just involves a OGNL-Exception. Meaning your field data like personal
> file name is lost. Workaround found in
> http://henning.kropponline.de/index.php/2009/01/18/struts2-fileuploadbase-exception/,
> but the the still keep uploading to server, not secured.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
