1

I need to restrict users from attaching files with some extensions for e.g.: bat,exe,bin etc..

For this i believe i will need to write a servlet filter . I am new to servlets ,can someone please guide me how i can achieve this ?

Is using Servlet filter a correct approach ?

Any help highly appreciated. Please let me know if any other information is needed from me.

Roman C
  • 49,761
  • 33
  • 66
  • 176
Mizan
  • 450
  • 1
  • 5
  • 28
  • 1
    you can check this on client side too. – kaysush Jan 10 '13 at 12:42
  • Can the user manipulate the vaildation using firebug ? There is pop up which appears and i have to check the extension as soon as the user clicks attach button. The attach button calls an action and a method is invoked . Webwork is used for this action – Mizan Jan 10 '13 at 12:44
  • you can check the file type using JavaScript as follows `document.getElementById('fileChooserID').files[0].type` – kaysush Jan 10 '13 at 12:46
  • Are you sure the validation cannot be manipulated using firebug ? and Attaching a file is done on a pop up will the validation script run on the popup ? – Mizan Jan 10 '13 at 12:49
  • 1
    i'm sure you can use this code before actual upload starts and it will work fine. – kaysush Jan 10 '13 at 12:50
  • ok , i will try this and let you know how it goes :) Thanks , I will still wait for someone to provide an answer using servlet filter. – Mizan Jan 10 '13 at 12:51
  • this is the attachment input field , it does not have an id . – Mizan Jan 10 '13 at 12:53
  • you can include `id` attribute to it, i guess that's not a big issue – kaysush Jan 10 '13 at 12:54
  • 1
    I tried by using name but it is not working . I think this needs servlet filter. – Mizan Jan 10 '13 at 13:00
  • 1
    if you want to use `ServletFilter` you can follow the answer given by @Claudio. But i'm sure there are some implementation issues otherwise it works fine – kaysush Jan 10 '13 at 13:02

1 Answers1

1

Well, you can always use a servlet filter to add some kind of validation that runs before the code for your servlet. It might or might not be the way to go depending on how are your structuring your application. It is your architectural call.

The way to implement a servlet filter is really simple, you can take a look at http://www.oracle.com/technetwork/java/filters-137243.html

Regarding validating the input extension. How trusted do you need that validation to be? Please keep in mind that the user might always play with the extensions before uploading the file. If you are relaxed about it you might implement it in a really simple way, just check the Content-Type header out of your request for valid mime types.

If you need a more solid validation you will need to use something more like Mime-Utils or something like that. Check Getting A File's Mime Type In Java

Community
  • 1
  • 1
Claudio
  • 1,848
  • 12
  • 26
  • Thanks Claudio :) , I will try this . At present I need a simple filter , thanks for pointing out to the more restricted approach. – Mizan Jan 10 '13 at 13:04
  • Hi Claudio , I went through the basics of servlet filter . but i am not getting how to apply the filter . Please can you help me ? – Mizan Jan 11 '13 at 10:14
  • Hi Claudio , I am able to get the content type in my filter .. now i want to display an error message to the user .. How to do that ?? – Mizan Jan 11 '13 at 13:26