0

How can I display user uploaded files ?

I have some uploaded files on my local harddrive, but I cannot seem to display them with: <img src="appcontext/uploads/file.jpg" />.

When I try to view this from my browser, I get file not found - error 404. I'm wondering if this problem isn't because I'm building a REST application. Can I, in my servlet-context.xml , map a word to location ?

<resorces mapping="/uploads/**" location="D:/uploads/" />

or something like this?

Sled
  • 18,541
  • 27
  • 119
  • 168
Fixus
  • 4,631
  • 10
  • 38
  • 67
  • possible duplicate of [Reliable data serving](http://stackoverflow.com/questions/1502841/reliable-data-serving) – BalusC Jan 09 '12 at 20:45
  • @Fixus: your question is very confusing, I have read it several times and do still not understand what you are asking. So let me ask some question to understand it: 1) is it related to file upload? 2) where are the files located on hdd (in your web-app-directory)? 3) can you access the files from within your app (file access)? – Ralph Jan 09 '12 at 21:25
  • @Ralph - sory for the confusing. 1) yes, cause those files are uploaded by user 2) no they, aren't located in my web-app directory. just on a hdd 3) hmm i`m not sure do I understand you. But I can't get them from my jsp template – Fixus Jan 09 '12 at 21:27
  • @Fixus: Are the files uploaded through your application or through a other way? – Ralph Jan 09 '12 at 22:02
  • @Ralph: users are uploading them via form – Fixus Jan 09 '12 at 22:49
  • @Fixus: so you have a controller that save the file. -- You only need a second controller to download it. – Ralph Jan 10 '12 at 08:32
  • @Ralph: yes I got a controller. I use there srcFile.transferTo(destFile); where transferTo is a method of MultipartFile. So I need a controller that has RequestMapping on /uploads/ and serve the file with model.addAttribute ? – Fixus Jan 10 '12 at 08:52
  • @Fixus: no, no model attribute - see my extended answer. – Ralph Jan 10 '12 at 09:05
  • @Ralph: but i want to display it on my site. So why user should download it ? o.O Maybe you missunderstood me. or maybe i'm missing something again :/ – Fixus Jan 10 '12 at 09:57
  • @Fixus: I assue the files are pictures: So diplayging pictures on your site mean that there is a `` tag in your hthm, wich point to an url where the file can be get. Technical it is a download. – Ralph Jan 10 '12 at 10:13

1 Answers1

2

One way is to have a controller, that takes the file name as an argument. And then this controller returns the file (and not a rendered jsp like the most other ones).

@RequestMapping(value = "/download", method = RequestMethod.GET)
public ResponseEntity<byte[]> thumbnail(@RequestParam(value = "name") String name ) {
    File file = new File(BASEPATH + "/" + name);
    if (file.exists)) {
        byte[] content = org.apache.commons.io.FileUtils.readFileToByteArray(file);

        HttpHeaders headers = new HttpHeaders();
        headers.setContentType("yourcontentType");
        headers.setContentLength(thumbnailContent.length);
        return new ResponseEntity<byte[]>(content, headers, HttpStatus.OK);
    } else {
        return new ResponseEntity<byte[]>(HttpStatus.NOT_FOUND);
    }
}

Attention: this simple example is a strong security issue, a user could use this to download every file from the server where the tomcat has read access. Is is not restricted to the BASEPATH. (The attacker could send for example: name = "....\differentDir\secret.txt") -- One way to handle is is to use a whitelist of alloed chars (only A..Z, a..z, 0..9)

Ralph
  • 118,862
  • 56
  • 287
  • 383
  • i've done everything as you wrote BUT nothing happens. My method isn't invoked. I've made RequesMapping(value = /uploads/{fileName") and it isn't working. I've also checked with mapping like in your example but still nothing. in my i got src like this /uploads/file.jpg – Fixus Jan 11 '12 at 17:04
  • maybe it's because of apache tiles ? – Fixus Jan 11 '12 at 17:29
  • hmm I've added new servlet mapping for path /uploads/ so now I can use this method. But I get only byte code on screen :) But i'm close :) – Fixus Jan 11 '12 at 17:59
  • @Fixus: sorry for no response, I was in an internet free zone the whole day. – Ralph Jan 11 '12 at 21:40
  • no way ? i thought that places like that are just in old books :) no problem. I`ve tested few solutions and it works great. rly big thx for your help and time – Fixus Jan 12 '12 at 07:36