返回ResponseEntity< InputStreamResource>是否安全?在REST控制器中包装S3Object.getObjectContent()的方法? [英] Is it safe to return an ResponseEntity<InputStreamResource> that wraps S3Object.getObjectContent() in REST controller?

问题描述

我正在开发一个Spring Boot应用程序，该应用程序应该允许用户通过指定的应用程序REST接口从Amazon S3间接下载文件.为此，我有一个REST-Controller，它向用户返回InputStreamResource，如下所示:

I'm developing an Spring Boot Application, that should allow users to download files indirectly from Amazon S3 via specified application REST interface. For this purpose I have an REST-Controller, that returns an InputStreamResource to the user like following:

@GetMapping(path = "/download/{fileId}")
public ResponseEntity<InputStreamResource> downloadFileById(@PathVariable("fileId") Integer fileId) {
    Optional<LocalizedFile> fileForDownload = fileService.getConcreteFileForDownload(fileId);

    if (!fileForDownload.isPresent()) {
        return ResponseEntity.notFound().build();
    }

    return ResponseEntity.ok()
            .header(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + fileForDownload.get().getFilename())
            .body(new InputStreamResource(fileService.download(fileForDownload.get())));
}

文件服务中的下载方法如下:

Download method in file service looks like this:

@Override
public InputStream download(LocalizedFile file) {
    S3Object obj = s3client.getObject(bucketName, file.getFilename());
    return obj.getObjectContent();
}

我在这里担心的是，无法在控制器中显式关闭来自Amazon SDK的输入流.有以下

My concern here is that this input stream from Amazon SDK could not be closed explicitly in controller. There is a following warning in AWS documentation of the getObjectContent() method, that makes me suspicious about success of my approach described above:

如果检索到S3Object，则应以以下方式关闭此输入流: 尽快，因为没有将对象内容缓冲在其中 直接从Amazon S3进行存储和流传输.此外，无法关闭 该流可能导致请求池被阻塞.

If you retrieve an S3Object, you should close this input stream as soon as possible, because the object contents aren't buffered in memory and stream directly from Amazon S3. Further, failure to close this stream can cause the request pool to become blocked.

因此，我的问题是: 在控制器中返回ResponseEntity<InputStreamResource>是否安全?成功下载后，是否会自动关闭S3Object.getObjectContent()中的InputStream?到目前为止，我的方法已经成功运行，但是我不确定将来可能会发生什么.

Therefore my question: Is it safe to return an ResponseEntity<InputStreamResource> in controller? Will this InputStream from S3Object.getObjectContent() be closed automatically after successful download? So far my approach has worked successfully, but I'm not so sure about possible future consequences.

推荐答案

经过研究，我发现了答案，应该适用于我的问题.

After some research I found the answer, that should be applicable to my question.

Tl; dr版本:Spring MVC

Tl;dr version: Spring MVC handles the closing of the given input stream, so my approach described above should be safe.

这篇关于返回ResponseEntity< InputStreamResource>是否安全?在REST控制器中包装S3Object.getObjectContent()的方法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！