public class DiskFileItemFactory extends Object implements FileItemFactory
The default FileItemFactory
implementation. This implementation creates
FileItem
instances which keep
their
content either in memory, for smaller items, or in a temporary file on disk,
for larger items. The size threshold, above which content will be stored on
disk, is configurable, as is the directory in which temporary files will be
created.
If not otherwise configured, the default configuration values are as follows:
System.getProperty("java.io.tmpdir")
.
NOTE: Files are created in the system default temp directory with
predictable names. This means that a local attacker with write access to that
directory can perform a TOUTOC attack to replace any uploaded file with a
file of the attackers choice. The implications of this will depend on how the
uploaded file is used but could be significant. When using this
implementation in an environment with local, untrusted users,
setRepository(File)
MUST be used to configure a repository location
that is not publicly writable. In a Servlet container the location identified
by the ServletContext attribute javax.servlet.context.tempdir
may be used.
Temporary files, which are created for file items, should be deleted later on.
Modifier and Type | Field and Description |
---|---|
static int |
DEFAULT_SIZE_THRESHOLD
The default threshold above which uploads will be stored on disk.
|
Constructor and Description |
---|
DiskFileItemFactory()
Constructs an unconfigured instance of this class.
|
DiskFileItemFactory(int sizeThreshold,
File repository)
Constructs a preconfigured instance of this class.
|
Modifier and Type | Method and Description |
---|---|
FileItem |
createItem(String fieldName,
String contentType,
boolean isFormField,
String fileName)
Create a new
DiskFileItem
instance from the supplied parameters and the local factory
configuration. |
File |
getRepository()
Returns the directory used to temporarily store files that are larger
than the configured size threshold.
|
int |
getSizeThreshold()
Returns the size threshold beyond which files are written directly to
disk.
|
void |
setRepository(File repository)
Sets the directory used to temporarily store files that are larger
than the configured size threshold.
|
void |
setSizeThreshold(int sizeThreshold)
Sets the size threshold beyond which files are written directly to disk.
|
public static final int DEFAULT_SIZE_THRESHOLD
public DiskFileItemFactory()
public DiskFileItemFactory(int sizeThreshold, File repository)
sizeThreshold
- The threshold, in bytes, below which items will be
retained in memory and above which they will be
stored as a file.repository
- The data repository, which is the directory in
which files will be created, should the item size
exceed the threshold.public File getRepository()
setRepository(java.io.File)
public void setRepository(File repository)
repository
- The directory in which temporary files will be located.getRepository()
public int getSizeThreshold()
setSizeThreshold(int)
public void setSizeThreshold(int sizeThreshold)
sizeThreshold
- The size threshold, in bytes.getSizeThreshold()
public FileItem createItem(String fieldName, String contentType, boolean isFormField, String fileName)
DiskFileItem
instance from the supplied parameters and the local factory
configuration.createItem
in interface FileItemFactory
fieldName
- The name of the form field.contentType
- The content type of the form field.isFormField
- true
if this is a plain form field;
false
otherwise.fileName
- The name of the uploaded file, if any, as supplied
by the browser or other client.Copyright © 2000-2016 Apache Software Foundation. All Rights Reserved.