Package com.vaadin.external.apache.commons.fileupload2.disk

Class DiskFileItemFactory

java.lang.Object
com.vaadin.external.apache.commons.fileupload2.disk.DiskFileItemFactory
All Implemented Interfaces:
FileItemFactory
public class DiskFileItemFactory extends Object implements FileItemFactory

The default FileItemFactory implementation. This implementation creates FileItem instances which keep their content either in memory, for smaller items, or in a temporary file on disk, for larger items. The size threshold, above which content will be stored on disk, is configurable, as is the directory in which temporary files will be created.

If not otherwise configured, the default configuration values are as follows:

  • Size threshold is 10KB.
  • Repository is the system default temp directory, as returned by System.getProperty("java.io.tmpdir").

NOTE: Files are created in the system default temp directory with predictable names. This means that a local attacker with write access to that directory can perform a TOUTOC attack to replace any uploaded file with a file of the attackers choice. The implications of this will depend on how the uploaded file is used but could be significant. When using this implementation in an environment with local, untrusted users, setRepository(File) MUST be used to configure a repository location that is not publicly writable. In a Servlet container the location identified by the ServletContext attribute javax.servlet.context.tempdir may be used.

Temporary files, which are created for file items, should be deleted later on. The best way to do this is using a FileCleaningTracker, which you can set on the DiskFileItemFactory. However, if you do use such a tracker, then you must consider the following: Temporary files are automatically deleted as soon as they are no longer needed. (More precisely, when the corresponding instance of File is garbage collected.) This is done by the so-called reaper thread, which is started and stopped automatically by the FileCleaningTracker when there are files to be tracked. It might make sense to terminate that thread, for example, if your web application ends. See the section on "Resource cleanup" in the users guide of commons-fileupload.

Since:
1.1

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final int
    DEFAULT_SIZE_THRESHOLD
    The default threshold above which uploads will be stored on disk.

  • Constructor Summary

    Constructors
    Constructor
    Description
    DiskFileItemFactory()
    Constructs an unconfigured instance of this class.
    DiskFileItemFactory(int sizeThreshold, File repository)
    Constructs a preconfigured instance of this class.

  • Method Summary

    Modifier and Type
    Method
    Description
    FileItem
    createItem(String fieldName, String contentType, boolean isFormField, String fileName)
    Create a new DiskFileItem instance from the supplied parameters and the local factory configuration.
    String
    getDefaultCharset()
    Returns the default charset for use when no explicit charset parameter is provided by the sender.
    org.apache.commons.io.FileCleaningTracker
    getFileCleaningTracker()
    Returns the tracker, which is responsible for deleting temporary files.
    File
    getRepository()
    Returns the directory used to temporarily store files that are larger than the configured size threshold.
    int
    getSizeThreshold()
    Returns the size threshold beyond which files are written directly to disk.
    void
    setDefaultCharset(String pCharset)
    Sets the default charset for use when no explicit charset parameter is provided by the sender.
    void
    setFileCleaningTracker(org.apache.commons.io.FileCleaningTracker pTracker)
    Sets the tracker, which is responsible for deleting temporary files.
    void
    setRepository(File repository)
    Sets the directory used to temporarily store files that are larger than the configured size threshold.
    void
    setSizeThreshold(int sizeThreshold)
    Sets the size threshold beyond which files are written directly to disk.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • DEFAULT_SIZE_THRESHOLD

      public static final int DEFAULT_SIZE_THRESHOLD
      The default threshold above which uploads will be stored on disk.
      See Also:

  • Constructor Details

    • DiskFileItemFactory

      public DiskFileItemFactory()
      Constructs an unconfigured instance of this class. The resulting factory may be configured by calling the appropriate setter methods.

    • DiskFileItemFactory

      public DiskFileItemFactory(int sizeThreshold, File repository)
      Constructs a preconfigured instance of this class.
      Parameters:
      sizeThreshold - The threshold, in bytes, below which items will be retained in memory and above which they will be stored as a file.
      repository - The data repository, which is the directory in which files will be created, should the item size exceed the threshold.

  • Method Details

    • getRepository

      public File getRepository()
      Returns the directory used to temporarily store files that are larger than the configured size threshold.
      Returns:
      The directory in which temporary files will be located.
      See Also:

    • setRepository

      public void setRepository(File repository)
      Sets the directory used to temporarily store files that are larger than the configured size threshold.
      Parameters:
      repository - The directory in which temporary files will be located.
      See Also:

    • getSizeThreshold

      public int getSizeThreshold()
      Returns the size threshold beyond which files are written directly to disk. The default value is 10240 bytes.
      Returns:
      The size threshold, in bytes.
      See Also:

    • setSizeThreshold

      public void setSizeThreshold(int sizeThreshold)
      Sets the size threshold beyond which files are written directly to disk.
      Parameters:
      sizeThreshold - The size threshold, in bytes.
      See Also:

    • createItem

      public FileItem createItem(String fieldName, String contentType, boolean isFormField, String fileName)
      Create a new DiskFileItem instance from the supplied parameters and the local factory configuration.
      Specified by:
      createItem in interface FileItemFactory
      Parameters:
      fieldName - The name of the form field.
      contentType - The content type of the form field.
      isFormField - true if this is a plain form field; false otherwise.
      fileName - The name of the uploaded file, if any, as supplied by the browser or other client.
      Returns:
      The newly created file item.

    • getFileCleaningTracker

      public org.apache.commons.io.FileCleaningTracker getFileCleaningTracker()
      Returns the tracker, which is responsible for deleting temporary files.
      Returns:
      An instance of FileCleaningTracker, or null (default), if temporary files aren't tracked.

    • setFileCleaningTracker

      public void setFileCleaningTracker(org.apache.commons.io.FileCleaningTracker pTracker)
      Sets the tracker, which is responsible for deleting temporary files.
      Parameters:
      pTracker - An instance of FileCleaningTracker, which will from now on track the created files, or null (default), to disable tracking.

    • getDefaultCharset

      public String getDefaultCharset()
      Returns the default charset for use when no explicit charset parameter is provided by the sender.
      Returns:
      the default charset

    • setDefaultCharset

      public void setDefaultCharset(String pCharset)
      Sets the default charset for use when no explicit charset parameter is provided by the sender.
      Parameters:
      pCharset - the default charset