OAuth Access token expired while uploading large file to the server

Question

I have web application where I am uploading the large file more than 1 GB from browser to the server. Depending on network speed some time it will take more than 1 hour.

Server endpoint is secured with OAuth. When upload request is sent from browser it has valid token with 1 hour expiry.

In case of large file upload, it gives Unauthorised error because of token expiry after 1 hour.

How can I solve this problem where token should validate only in the beginning of the request not after complete file upload?

Technology used

AngularJs - UI
SpringBoot version 2 - Backend
POST request Content-Type: Multipart/form-data

I dont have option to increase the token expiry beyond 1 hour.

Can you recode the back-end to do the validation when a request is first made to it? — Travis Spencer, Aug 29 '20 at 13:20
@Thirmal I am already doing that. New token has 1 hour validity only — Gaurav Katkamwar, Aug 29 '20 at 13:32
@Travis I am using spring mc controller which takes MultipartFile as input parameter — Gaurav Katkamwar, Aug 29 '20 at 13:34
@GauravKatkamwar If your backend uses HTTP sessions you don't need to verify the OAuth token with every request. You only need to verity the first request. Then you could extend the HTTP session timeout. Like Travis wrote. — dur, Aug 30 '20 at 08:27
@GauravKatkamwar Have a look at https://stackoverflow.com/questions/54813440/cannot-use-apache-commons-fileupload-with-spring-boot-multipart-resolve-lazily Maybe that works also for you. — dur, Aug 30 '20 at 15:45
@dur I have also looked at that one..I will give it a try. Thanks — Gaurav Katkamwar, Aug 30 '20 at 19:18
Hi @GauravKatkamwar, how did you solve this issue? I'm having the same problem. — KrisKris1, Jun 09 '23 at 09:25

Lang · Answer 1 · 2020-10-19T09:42:42.770

The reason is that the tomcat will receive the file firstly, then dispatch the servlet request to your controller. When the upload takes too long time and the token has already expired, the security check will return 401, and your request will never enter the controller (the security check is before your controller).

You can put a breakpoint in your controller with the MultiPartFile parameter, then try to upload a huge size file to verify what I said.

One possible solution is you resolve the servlet yourself, maybe something like:

uploadFile(HttpServletRequest rawRequest)

Then when a token already expired, you can refresh it rather than return 401 then discard the already uploaded file.

Hope this may help you, and if you have a better idea, please let us know. Thank you!

useful link: https://docs.spring.io/spring-framework/docs/5.3.x/reference/html/web.html#mvc-multipart

OAuth Access token expired while uploading large file to the server

1 Answers1