目录
一、文件上传注意点
二、JavaWeb上传文件的核心
三、常规的JavaWeb上传实现
四、运行效果
一、文件上传注意点
1. 为保证服务器安全,上传文件应该放在外界无法直接访问的目录下,比如放于WEB-INF目录下。
2. 为防止文件覆盖的现象发生,要为上传文件产生一个唯一的文件名。
3. 要限制上传文件的最大值
4. 可以限制上传文件的类型,在收到上传文件名时,判断后缀名是否合法。
二、JavaWeb上传文件的核心
JavaWeb文件上传的核心是使用Servlet API中的javax.servlet.http.Part接口,它代表了一个HTML表单中的文件字段或其他类型的数据字段,以下是简单的代码示例:
@WebServlet("/upload")
@MultipartConfig(maxFileSize = 16177215) // 设置最大文件大小
public class UploadServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
Part filePart = request.getPart("file"); // 获取上传的文件
String fileName = Paths.get(filePart.getSubmittedFileName()).getFileName().toString(); // 获取文件名
// 保存文件逻辑(这里需要自己实现)
// 例如,保存到服务器的某个目录
filePart.write(Paths.get("uploadDir", fileName).toString());
// 响应
response.getWriter().println("File " + fileName + " uploaded successfully");
}
}<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.example</groupId>
<artifactId>UploadFile</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>war</packaging>
<name>UploadFile Maven Webapp</name>
<!-- FIXME change it to the project's website -->
<url>http://www.example.com</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>8</maven.compiler.source>
<maven.compiler.target>8</maven.compiler.target>
</properties>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.13.1</version>
<scope>test</scope>
</dependency>
<!-- Apache Commons FileUpload -->
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.4</version>
</dependency>
<!-- Apache Commons IO -->
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.13.0</version>
</dependency>
</dependencies>
<build>
<finalName>UploadFile</finalName>
<pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
<plugins>
<plugin>
<artifactId>maven-clean-plugin</artifactId>
<version>3.4.0</version>
</plugin>
<!-- see http://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_war_packaging -->
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>3.3.1</version>
</plugin>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.13.0</version>
</plugin>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.3.0</version>
</plugin>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<version>3.4.0</version>
</plugin>
<plugin>
<artifactId>maven-install-plugin</artifactId>
<version>3.1.2</version>
</plugin>
<plugin>
<artifactId>maven-deploy-plugin</artifactId>
<version>3.1.2</version>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>
三、常规的JavaWeb上传实现
我们通常会采用开源的Apache Commons FileUpload来实现文件上传,其中有几个比较重要的类。ServletFileUpload类负责处理上传的文件数据,使用其parseRequest(HttpServletRequest)方法将表单中每个输入项(比如表单中每一个HTML标签提交的数据)封装成一个FileItem对象,然后以List列表的形式返回,在使用ServletFileUpload对象解析请求时需要DiskFileItemFactory对象。所以,我们需要在进行解析工作前构造好DiskFileItemFactory对象,通过ServletFileUpload对象的构造方法或setFileItemFactory方法设置ServletFileUpload对象的fileItemFactory属性。大致的原理图如下:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.example</groupId>
<artifactId>UploadFile</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>war</packaging>
<name>UploadFile Maven Webapp</name>
<!-- FIXME change it to the project's website -->
<url>http://www.example.com</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>8</maven.compiler.source>
<maven.compiler.target>8</maven.compiler.target>
</properties>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.13.1</version>
<scope>test</scope>
</dependency>
<!-- Apache Commons FileUpload -->
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.4</version>
</dependency>
<!-- Apache Commons IO -->
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.13.0</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.1</version>
</dependency>
</dependencies>
<build>
<finalName>UploadFile</finalName>
<pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
<plugins>
<plugin>
<artifactId>maven-clean-plugin</artifactId>
<version>3.4.0</version>
</plugin>
<!-- see http://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_war_packaging -->
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>3.3.1</version>
</plugin>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.13.0</version>
</plugin>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.3.0</version>
</plugin>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<version>3.4.0</version>
</plugin>
<plugin>
<artifactId>maven-install-plugin</artifactId>
<version>3.1.2</version>
</plugin>
<plugin>
<artifactId>maven-deploy-plugin</artifactId>
<version>3.1.2</version>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>
package servlet;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.ProgressListener;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import java.util.UUID;
public class UploadServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
super.doGet(req, resp);
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.setCharacterEncoding("utf-8");
response.setCharacterEncoding("utf-8");
// 判断上传的文件是普通表单还是带文件的表单
if (!ServletFileUpload.isMultipartContent(request)) {
return; // 普通表单直接返回
}
// 创建上传文件的路径,建议在WEB-INF路径下,比较安全,用户无法直接访问上传的文件
String filePath = getServletContext().getRealPath("/WEB-INF/uploads");
// 创建固定的文件上传目录
File uploadFile = new File(filePath);
if (!uploadFile.exists()) {
uploadFile.mkdir();
}
// 缓存 临时文件
// 假如文件超过预期大小,就把它放到一个临时文件中,设定指定时间后自动删除,或者提醒用户转存为永久
String tmpPath = this.getServletContext().getRealPath("/WEB-INF/tmp");
File tmpFile = new File(tmpPath);
if (!tmpFile.exists()) {
tmpFile.mkdir();
}
// 处理文件的上传,一般都需要通过流来获取,我们可以使用request.getInputStream(),原生的文件上传流来获取。
// 项目中为了代码健壮性和便捷性,使用开源封装好的工具来实现。common-fileupload(它依赖与commons-io组件)
// 1. 创建DiskFileItemFactory,处理文件上传路径或者大小限制
DiskFileItemFactory factory = new DiskFileItemFactory(); //
factory.setSizeThreshold(1024 * 1024); // 设置缓冲区大小为1M
factory.setRepository(tmpFile); // 临时保存文件的目录
// 2. 获取ServletFileUpload
ServletFileUpload upload = new ServletFileUpload(factory);
// 监听上传文件进度:
upload.setProgressListener(new ProgressListener() {
// l:已经读取到的文件大小
// l1:文件大小
@Override
public void update(long l, long l1, int i) {
System.out.println("总大小:" + l1 + "已上传:" + l);
}
});
// 处理乱码问题
upload.setHeaderEncoding("UTF-8");
// 设置单个文件最大值
upload.setFileSizeMax(1024 * 1024 * 10);
// 设置总共能够上传文件的大小 10MB
upload.setSizeMax(1024 * 1024 * 10);
// 3. 处理上传的文件
// 把前端请求解析,封装成一个FileItem对象,需要从ServletFileUpload对象中获取
List<FileItem> fileItems = null;
try {
fileItems = upload.parseRequest(request);
} catch (FileUploadException e) {
e.printStackTrace();
}
// fileItem 每一个表单对象
for (FileItem fileItem: fileItems) {
// 判断上传的文件是普通表单还是带文件的表单
if (fileItem.isFormField()) {
// getFiledName指的是前端表单控件的name
String name = fileItem.getFieldName();
String value = fileItem.getString("UTF-8");// 处理乱码
System.out.println(name + ":" + value);
} else {
String uploadFileName = fileItem.getName();
if (uploadFileName.trim().equals("") || uploadFileName == null) {
continue;
}
// 获取文件名
String fileName = uploadFileName.substring(uploadFileName.lastIndexOf("/") + 1);
// 获取文件后缀
String fileExtName = uploadFileName.substring(uploadFileName.lastIndexOf(".") + 1);
// 如果文件后缀名不是我们需要的,就不上传,该逻辑此处不做处理
// 通过UUID生成一个唯一的路径
String uuid = UUID.randomUUID().toString();
// 文件真实存在的唯一路径
String realPath = filePath + "/" + uuid;
File realPathFile = new File(realPath);
// 给每个文件创建一个文件夹
if (!realPathFile.exists()) {
realPathFile.mkdir();
}
// 完整文件名 文件夹+文件名 /xx/xx/xx.jpg
String completeFileName = realPath + "/" + fileName;
// 获得文件上传流
InputStream inputStream = fileItem.getInputStream();
// 创建文件输出流
FileOutputStream fos = new FileOutputStream(completeFileName);
// 创建一个缓冲区
byte[] buffer = new byte[1024 * 1024];
int len = 0;
// 判断文件是否读取完毕
while ((len = inputStream.read(buffer)) > 0) {
fos.write(buffer, 0, len);
}
fos.close();
inputStream.close();
// 输出文件流到上传文件路径下也可以这样写
// fileItem.write(completeFileName);
fileItem.delete(); //上传成功,删除临时文件
request.setAttribute("msg", "文件上传成功");
request.getRequestDispatcher("info.jsp").forward(request, response);
}
}
}
}
<?xml version="1.0" encoding="UTF-8"?>
<web-app
version="4.0"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:javaee="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xml="http://www.w3.org/XML/1998/namespace"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd">
<display-name>Archetype Created Web Application</display-name>
<servlet>
<servlet-name>uploadServlet</servlet-name>
<servlet-class>servlet.UploadServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>uploadServlet</servlet-name>
<url-pattern>/upload.do</url-pattern>
</servlet-mapping>
</web-app>
<!DOCTYPE html>
<%@page contentType="text/html; charset=UTF-8" language="java" %>
<html>
<body>
<form action="${pageContext.servletContext.contextPath}/upload.do" method="post" enctype="multipart/form-data">
选择文件:<input type="file" name="file">
<input type="submit" value="上传">
</form>
</body>
</html><!DOCTYPE html>
<%@page contentType="text/html; charset=UTF-8" language="java" %>
<html>
<body>
${msg}
</body>
</html>四、运行效果
![[万字长文]stable diffusion代码阅读笔记](https://img-blog.csdnimg.cn/img_convert/b54ec4b4e510bc9bd11f6d4d95a9f229.png)
![BUUCTF [SCTF2019]电单车](https://i-blog.csdnimg.cn/direct/72e6dc0adfc94d0887da8e9e9b6d3d14.png)
