如何为用户最好地配置上传位置以上传支持文件 [英] How do I best configure an upload location for users to upload support files
问题描述
我有一个服务器(运行Apache Tomcat )与ftp支持,所以我可以让用户只需上传文件,但它需要用户名和密码。将用户名和密码嵌入到应用程序当然是一个坏主意,也许我可以配置一个不需要用户名/密码的位置,但是如何保护其他用户的数据。
上传支持文件是许多应用程序的标准行为,但我不清楚它是如何实现的。解决方案
您的用户只需要上传一个支持文件,他们不需要(而且不希望他们)在上传后查看它,甚至不需要其他用户发送的其他文件。所以我建议不要使用FTP。
您可以在Tomcat中部署一个简单的应用程序,使用一个简单的servlet接受使用HTTP POST上传的文件。 这是一个很好的答案,它解释了如何开发这样的servlet(忽略不适用于您的简介段落,但在其余阅读)。该servlet只需要回复支持文件上传与票号12345,谢谢。这个servlet应该受到保护,最起码的做法是只接受上传以及随应用程序分发的令牌。
在这个servlet中,你需要将文件保存在适当的位置,这是另一个详细的答案(由同一作者)来决定。在你的情况下,最简单的方法就是将它保存在Tomcat不能提供的位置,所以只有你可以去&使用SSH将它们收集到您的服务器上。或者,您可以将文件保存到受保护的位置,以便 可以看到&下载文件,但不是你的用户(所以你只需要1个密码,而不是你的用户)。
$ b
这个工作例子假定servlet 3.1需要Tomcat 8 ,如果您需要更老的Tomcat版本,请参阅链接的答案:
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.annotation.MultipartConfig;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
导入javax.servlet.http.HttpServletResponse;
import javax.servlet.http.Part;
import java.io.IOException;
import java.nio.file.Paths;
import java.util.UUID;
$ b $ @MultipartConfig //所以你可以在doPost(...)中调用getPart(...)
public class SupportFileUpload extends HttpServlet {
$ b $ private String uploadDirectory ;
@Override
public void init(ServletConfig config)throws ServletException {
super.init(config);
//使用< init-param>配置位置在web.xml中
uploadDirectory = config.getInitParameter(upload_directory);
if(uploadDirectory == null){
uploadDirectory = System.getProperty(java.io.tmpdir);
$ b @Override
protected void doPost(HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException {
String token = request.getHeader( 标记);
if(!isValid(token)){
response.setStatus(403);
response.getWriter()。println(Rejected);
return;
}
部分filePart = request.getPart(file);
String fileName = filePart.getSubmittedFileName();
UUID uuid = UUID.randomUUID();
filePart.write(Paths.get(uploadDirectory,support_+ uuid +_+ fileName).toString());
response.getWriter()。println(Uploaded:+ uuid);
}
private boolean isValid(String token){
returnplzhalp.equals(token); //在这里执行严格的安全性
$ c $ $ $ $ $ $ $ $ $ $ https://tomcat.apache.org/tomcat-7.0-doc/servletapi/javax/servlet/http/Part.html#write(java.lang.String)rel =nofollow noreferrer> Part.write(String) 是一个方便的方法,可以将上传的部分写入磁盘。
在客户端,会使用 Commons HttpClient 上传文件。
Problem:My java based software product has the facility to create support files as a zip file, if a user has an issue I ask them to email me or upload the file using something like dropbox. The trouble is the support file is often too large to send by email and using a tool such as dropbox is difficult for some users.
I have a server (running apache tomcat) with ftp support so I could give the user to simply upload the file, however it requires username and password. Embedding the username and password in the application is surely a bad idea, perhaps I could configure a location which requires no username/password but then how do I protect users data form other users.
Uploading support files is standard behaviour for many applications but I am unclear how it is best achieved.
解决方案 Your users only need to upload a support file, they don't need to (and you don't want them to) view it after upload, even less so other files sent by other users. So I would recommend against FTP.
You can instead deploy a simple application in your Tomcat, with a simple servlet that accepts files uploaded with HTTP POST. Here is a great answer that explains how to develop such a servlet (ignore the "Introduction" paragraph that does not apply to you, but read on the rest). The servlet just needs to reply with something like "Support file uploaded with ticket number 12345, thank you". That servlet should be protected, the minimum would be to only accept uploads along with a token that you would distribute with your application.
Within that servlet, you'll need to save the file at an appropriate location, here is another detailed answer (by same author) to decide on that. In your case, the simplest would be to save it at a location that Tomcat does not serve, so only you could go & collect them on your server using SSH. Alternatively you could save the files to a protected location so that you can see & download the files, but not your users (so you only need 1 password, for you, not your users).
Working example that assumes servlet 3.1, which requires Tomcat 8, see linked answers for details if you need this on an older Tomcat version:
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.annotation.MultipartConfig;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.Part;
import java.io.IOException;
import java.nio.file.Paths;
import java.util.UUID;
@MultipartConfig // So you can call getPart(...) in doPost(...)
public class SupportFileUpload extends HttpServlet {
private String uploadDirectory;
@Override
public void init(ServletConfig config) throws ServletException {
super.init(config);
// Configure location with <init-param> in web.xml
uploadDirectory = config.getInitParameter("upload_directory");
if (uploadDirectory == null) {
uploadDirectory = System.getProperty("java.io.tmpdir");
}
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String token = request.getHeader("token");
if (!isValid(token)) {
response.setStatus(403);
response.getWriter().println("Rejected");
return;
}
Part filePart = request.getPart("file");
String fileName = filePart.getSubmittedFileName();
UUID uuid = UUID.randomUUID();
filePart.write(Paths.get(uploadDirectory, "support_" + uuid + "_" + fileName).toString());
response.getWriter().println("Uploaded: " + uuid);
}
private boolean isValid(String token) {
return "plzhalp".equals(token); // Implement tight security here
}
}
Part.write(String) is a convenience method to write an uploaded part to disk.
On the client side, you would use Commons HttpClient to upload the file.
这篇关于如何为用户最好地配置上传位置以上传支持文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
