Problem About Java File Upload

Hello Masters,

I met a very difficult problem.That is I want to upload a file , and Before the server doing real upload work, Some validation to make sure there is no harmful script in the file should be done.
One point is that the real upload work will be done by the classes in a package,in which I'm now allowed to change anything.

In JSP file, the form's defination is as following:

<FORM NAME="frmInitAttach" METHOD = "POST" ACTION="<%=basePath%>/UploadFileValidation?appid=<%=Constants.STR_FRAMEWORK_APPID%>&this_url=<%= basePath2 %>"ENCTYPE = "multipart/form-data">

<INPUT TYPE="FILE" SIZE="30" NAME="fileInitAttachment" CLASS="f2">

</FORM>

In Servlet, I first read content from InputStream and then doing some validating operation. This part works OK.But when I complete validating and call the servlet in package to do real upload operation. There is an error occurs :"java.io.IOException: Corrupt form data: no leading boundary". If I remove the part of reading content from InputStream to do validationmentioned above, The whole upload process works OK.So I don't know why.But one thing is certain, in real uploading operation, the inputStream is used again.The following is the part of that Servlet(My added part, doing validation).

InputStream in = request.getInputStream();
int total = 0;
int once = 0;
while ((total < 1024) && (once >= 0)) {
once = in1.read(buffer, total, 1024);
total += once;
ss += new String(buffer).toString();
}
ss += new String(buffer).toString();
in1.close();

boolean isValid = testFile(ss);

If I remove the above part, There is no Exeption being thrown and whole upload function works ok.

I hope masters here can help me solve the problem or give me some sound advise.

(Because I'm not a native speaker of English, I hope you can understand what I mean )

Thank you very much!

Welcome to JavaRanch.

Is there a particular reason you're coding and debugging this yourself, instead of using a ready-made library like Apache Commons FileUpload? This is not trivial to get right.

By the way, "new String(buffer)" is almost certainly incorrect, as it ignores the issue of encodings.

Hello Ulf Dittmer and all other masters,

To tell the true, I write some code for validation for company, So I don't need to concern how to upload a file. What I should do is to Validate the content of the file before it being uploaded. So I added validation in the servlet. The first step, I should get InputStream to read upload file information. But After I reading the Stream and doing Validation.There is an Exception occured(java.io.IOException: Corrupt form data: no leading boundary) .when Other Servlet doing real upload operation. If I remove my added part(means Don't read inputStream).The upload part works OK. So I want Masters here give some advises to troubleshoot the problem or provide me with other solutions for my situation. As to ready-made library like Apache Commons FileUpload, I don't have the privilleges to use this and I don't need to focus on how to upload the file.I should just focus on whether the file you want to upload is safe or not.

Thanks for your reply, Ulf Dittmer!

What do you mean by "I don't need to focus on how to upload the file" - that's exactly what you're trying to do here: You're implementing the server side of an HTTP file upload. What you intend to do with the file contents afterwards (validate the contents, save it to disk, whatever) makes no difference - you have to get the upload process right first.

I'm not sure what you're trying to say by "not having privileges to use a 3rd party library". Coding a solution to a problem like this for which free -and debugged- solutions are readily available is a waste of your time, and thus implicitly of your company's (or your client's) money. I'd question this decision, whoever made it.

Hello Ulf Dittmer,

I failed to describe my question clearly due to my limited English. I submit the form to this servlet and this servlet call another servlet to do upload file. That is the normal process. But Because the will-be upload file may contain dangerouos information , such as"<script>......</script>". Boss ask me to do validation before this servlet call the servlet doing upload file operation.That is the point.

But When added my part, and read content from inputstream, there is an Exception thrown from the uploading Servlet. java.io.IOException: Corrupt form data: no leading boundary. I think maybe this uploading servlet use the this inputStream too. And maybe some information is missing due to my first read.

Thanks for your special help Ulf Dittmer.

I submit the form to this servlet and this servlet call another servlet to do upload file. That is the normal process.

How does it "call" the servlet - forward? include? Or an actual HTTP call? Either way, the first servlet should extract the file contents (using the FileUpload library or something similar) and then store it where other pieces of code that need access to it can get at it (maybe as request attribute, or as a temporary file).

Hello Ulf Dittmer,

I got what you mean. You mean I should first read the content from the inputStream , then validate it and store the content in a local accessible place for uploading piece of code using it, is that correct? But I can't do what you've suggested, forI can't change the piece of code doing upload , it directly read content (req.getInputStream()) from input Stream. I think there is some information missing due to the first time read.

So what I want to get to know is Can we use "request.getInputStream" second times?and read content from that Stream instance several times in a request.
And why some information in the header of uploading stream is missing when code read it second times? And how do I troubleshoot the problem in my situation.

Thanks again Ulf Dittner!

You mean I should first read the content from the inputStream , then validate it and store the content in a local accessible place for uploading piece of code using it, is that correct?

Yes.

I can't change the piece of code doing upload, it directly read content (req.getInputStream()) from input Stream. I think there is some information missing due to the first time read.

There's no guarantee that you can read the stream twice, especially after it's been forwarded. You'll need to do all the processing in the first pass, even if that means some design changes elsewhere.