Alireza Fattahi created WW-5520:
-----------------------------------
Summary: Fileupload Events
Key: WW-5520
URL: https://issues.apache.org/jira/browse/WW-5520
Project: Struts 2
Issue Type: Improvement
Reporter: Alireza Fattahi
According to security policies we should log different events and errors during
file upload. Example of these events are:
# file is not types set
# file is not right format
# file is too big
# user has uploaded
We find the only solution is to replace our own `AbstractInterceptor` and
`ActionFileUploadInterceptor` to achieve this. We copied `AbstractInterceptor`
and `ActionFileUploadInterceptor` sources (from struts) and put the log
commands inside the classes.
example
{code:java}
// Part of AbstractInterceptor line 145:
if (maximumSize != null && maximumSize < file.length()) {
String errMsg = getTextMessage(action,
STRUTS_MESSAGES_ERROR_FILE_TOO_LARGE_KEY, new String[]{
inputName, originalFilename, file.getName(), "" +
file.length(), getMaximumSizeStr(action)
});
errorMessages.add(errMsg);
LOG.warn(errMsg);
//@Addby project
socLogUtility.putLog("upload validated", "validation failed",
SOCEventCategory.fileUpload, "upload_validation", file.getOriginalName() + "
file is too big", SOCLevelCategory.CRITICAL);
} {code}
Although it works but seems not a good solution at all. Is it better way.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
