我有一个从哪里上传文件到我的Spring API。Spring MVC文件上传 - 验证
控制器:
@RequestMapping(value = "/upload", method = RequestMethod.POST)
public JSONObject handleCVUpload(@RequestParam("file") MultipartFile file,HttpServletRequest request) {
User user=userService.findUserByAccessToken(new AccessTokenFromRequest().getAccessToken(request));
JSONObject messageJson = new JSONObject();
messageJson.put("success", userService.uploadCV(user, file));
return messageJson;
}
库:
@Override
public boolean uploadCV(User user, MultipartFile file) {
boolean uploadsuccess = false;
String fileName = user.getUserId() + "_" + user.getName();
if (!file.isEmpty()) {
try {
String type = file.getOriginalFilename().split("\\.")[1];
BufferedOutputStream stream = new BufferedOutputStream(
new FileOutputStream(new File("/data/" + fileName + "." + type)));
FileCopyUtils.copy(file.getInputStream(), stream);
stream.close();
uploadsuccess = true;
} catch (Exception e) {
System.err.println(e);
uploadsuccess = false;
}
}
return uploadsuccess;
}
我想验证,用户只能上传特定类型的文件(PDF/DOC/DOCX ...)。 如何在Spring中做到这一点?
在'MultipartFile'实例上调用'getContentType'并查看它是什么.. –
这是安全的吗?你不能只是伪造一个ContentType? –
您可以使用Apache Tika查看文件的实际内容并查看它是否合法 –