Honestly I avoid using sessions like the plague, so I may not be the best person to answer your question. However, I don't think calling getSession should cause your file upload to break at all. What happens if the getSession() returns null though? Maybe you want getSession(true)?
What error are you getting? > -----Original Message----- > From: resin-interest-boun...@caucho.com [mailto:resin-interest- > boun...@caucho.com] On Behalf Of Riccardo Cohen > Sent: Wednesday, February 11, 2009 4:17 PM > To: General Discussion for the Resin application server > Subject: Re: [Resin-interest] upload limit > > Thanks for your answer, I have read the doc too quicly and now I > understand the "per request" statement. I did this: > > public void service(HttpServletRequest req, HttpServletResponse res) > { > req.setAttribute("caucho.multipart.form.upload-max", new Long > (300000) ); > > This works all right. > Now the "administrator" status is given to as session at the time where > the administrator log-in. After that I keep in the session the fact > that > this user is the administrator. (this is to protect administrative > tasks > from being used by someone that knows the URL request and not the > password). > So actually my code is this : > > public void service(HttpServletRequest req, HttpServletResponse res) > { > if (req.getSession().getAttribute("adl_stored_msmg")!=null) > { > req.setAttribute("caucho.multipart.form.upload-max", new Long > (300000) ); > > This one does not work. I beleive that if I call getSession() this > breaks the flow and the uploaded file is already processed. So how do > you suggest to handle the "administrator" status (I do not use HTTP > AUTH > because the administrator backoffice is in flex) ? > > Thanks. > > > Aaron Freeman wrote: > > No it should be per request. So somewhere at the beginning of the > servlet > > that handles the fileupload you would do: > > > > if ( administrator ) { > > setAttribute("caucho.multipart.form.upload-max", new Long > (300000) ); > > } else { > > setAttribute("caucho.multipart.form.upload-max", new Long (10000) > ); > > } > > > > Obviously you have to replace "administrator" in the "if" with the > logic > > that tells you whether the person is an administrator or not. For > example > > if you are using HTTP AUTH then you would do something like: > > > > if( req.isUserInRole('administrator') ) { > > setAttribute("caucho.multipart.form.upload-max", new Long > (300000) ); > > } else { > > setAttribute("caucho.multipart.form.upload-max", new Long (10000) > ); > > } > > > > Aaron > > > > > >> -----Original Message----- > >> From: resin-interest-boun...@caucho.com [mailto:resin-interest- > >> boun...@caucho.com] On Behalf Of Riccardo Cohen > >> Sent: Tuesday, February 10, 2009 11:23 AM > >> To: General Discussion for the Resin application server > >> Subject: Re: [Resin-interest] upload limit > >> > >> I answer to these uploads with a servlet in java. > >> The setting you suggest will apply for all sessions > >> Am I right ? > >> But I want to limit differently if it is the public or if it is the > >> administrator of the application. > >> > >> Aaron Freeman wrote: > >>>> Hi > >>>> For one of my project I have to set <multipart-form enable='true' > >>>> upload-max='300M'/> > >>>> > >>>> I guess this is a security problem, and I would rather let it to > >> 100K > >>>> except for the application administrator session where I would set > >>>> dynamically to 300M. > >>> > >>> Riccardo are you using a JSP to process the file? If so, according > >> to this: > >>> > >>> https://www.gopay.com.cn/resin-doc/config/webapp.xtp#multipart-form > >>> > >>> you can set a request attribute at run time, > >>> caucho.multipart.form.upload-max to override the maximum file size. > >>> > >>> Aaron > >>> > >>> > >>> > >>> > >>> _______________________________________________ > >>> resin-interest mailing list > >>> resin-interest@caucho.com > >>> http://maillist.caucho.com/mailman/listinfo/resin-interest > >>> > >>> > >> -- > >> Riccardo Cohen > >> Architecte du Logiciel > >> http://www.architectedulogiciel.fr > >> +33 (0)6.09.83.64.49 > >> > >> > >> > >> _______________________________________________ > >> resin-interest mailing list > >> resin-interest@caucho.com > >> http://maillist.caucho.com/mailman/listinfo/resin-interest > > > > > > > > _______________________________________________ > > resin-interest mailing list > > resin-interest@caucho.com > > http://maillist.caucho.com/mailman/listinfo/resin-interest > > > > > > -- > Riccardo Cohen > Architecte du Logiciel > http://www.architectedulogiciel.fr > +33 (0)6.09.83.64.49 > > > > _______________________________________________ > resin-interest mailing list > resin-interest@caucho.com > http://maillist.caucho.com/mailman/listinfo/resin-interest _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
