Yes, you have to read the bytes and make sure first few bytes are the JPEG SOI format identifier. You then need to make sure the next few bytes is either the JFIF marker or you likely have an Exif. For JPEG, you need to read the first two bytes, which should be 0xFF 0xD8 (this is the 'Start of Image' or SOI marker required by JPEG). For JFIF (the JPEG File Interchange Format - the format defined by the mime type for .jpg files transferred around the web), the next 9 byte should be: 0xFF 0xE0 <two bytes> 0x4A 0x46 0x49 0x46 0x00 (This is the JFIF APP0 header marker, required by JFIF just after the SOI marker. Those last 5 bytes are the string "JFIF" followed by 0). If the file has the JPEG SOI marker but not the JFIF APP0 marker then it is likely an Exif format, used by Photoshop and some cameras I think. It is more like a TIFF but can have a jpg or jpeg extension, and has the metadata stored differently.
Do you need to ensure that only a JPEG is *uploaded*, or that only a JPEG can be *stored*? In the latter case I would run it through javax.imageio.ImageIO.read and then through ImageIO.write to store it as a JPEG. That allows you to accept a few more file formats, while still only storing JPEGs.
posted 5 years ago
Thanks for quick response Steve and Ulf.
Yes i need to ensure that only a JPEG can be stored. When i detect that byte array is not a jpeg, i'll send 406 not acceptable response.