I'm writing a servlet 3.0 for handle FTP upload. The home page is a JSP page with a simple HTML form like this:
Servlet have the @Multipartconfig decoration. I'm using common-io and common-net library too.
How can I upload the file? I can't use InputStream or similar because i can't get file path from an HTML form!
What I wrong?
What is the best practice to do this?
Ok but, in my scenario, user browser (client) and server can comunicate only by FTP protocol (SFTP particular).
I think that server is protect inside a lot of firewalls. Next will be done a iptable rule to avoid file upload and other stuff.
I need to write a web application (next to deploy on Liferay) that can do this. User needs to put a file on server via (S)FTP.
Don't get confused by the names: SFTP is not a version of FTP. It's more like a version of SSH. At any rate it isn't supported in browsers. I think you should consider having your clients install SFTP client software and using that. This is going to be directed at a small list of clients, rather than open to the general public, right?
posted 7 years ago
Ulf Dittmer wrote:An applet runs on the client; it changes nothing about the server side. Are you saying an HTTP upload is out of the question? The servlet could put the file onto the FTP server after the HTTP upload.
Continue please. I'm very interest!
If I've just finished the HTTP upload, the file is already on server, isn't true?
Like I sad before (but after your answer :P ) the only way to communicate with server is over FTP. I think that HTTP upload could be blocked!
Luca Verdi wrote:Ok this is the way:
Client ------- HTTP --------> Tomcat (servlet) ------ SFTP -------> Server
Tomorrow I'll test all of this and notify you if it is right.
I see no point in this! You copy the file from the client in an insecure manner (HTTP) to a server then copy the file again from the server to the server securely using SFTP! Since the file is on the server after the HTTP copy why do you need the second copy stage?
It seems to me that all you need it to use HTTPS (maybe with client authentication) to copy the file from the client to the server.
I'm not sure if I approve of this interruption. But this tiny ad checks out: