TechQA.

SpringMVC and Java Servlet code in the same class

41 views Asked by At

Can you have Spring Controller/MVC and the traditional Java Servlet code (doPost) executed through the same servlet? We have a legacy webapp that implements a mix of Spring MVC on certain areas and Java Servlet code to support other areas. Now due to the below vulnerability identified, we are trying to replace Spring multipart file feature with Apache Commons FileUpload.

Spring Multipart/form-data vulnerability

Is there a way to add the doPost() handler to exclusively handle the fileUpload feature in a Spring Controller class? (implemented using @Controller).

In other words, use Spring Controller for rest of the functionalities and doPost() just for the file upload feature in the same servlet?

Spring Controller Code:

    @RequestMapping(value = "/uploadFile", method = RequestMethod.POST)
public ModelAndView uploadFile(@RequestParam("file") MultipartFile file,
        HttpServletRequest request, HttpServletResponse response) {

    try {
        boolean updated = false;
        String uploadDir = "/WEB-INF/";
        String realPath = request.getServletContext()
                .getRealPath(uploadDir);

        File transferFile = new File(
                realPath + "/" + file.getOriginalFilename());
        file.transferTo(transferFile);
        String contents = new String(Files.readAllBytes(
                Paths.get(realPath + file.getOriginalFilename())));
        logger.debug(contents);

        ..........
            more code
            
                updated = true;
                ((ModelMap) model).addAttribute("errors", ""); //reset any previous errors
        
        } else {//if invalid file, show error msg
            String error = MessageBoxUtil.getErrorMessageBox(
                    "Invalid Key Found. Please try again.");
            ((ModelMap) model).addAttribute("errors", error);

        }
        
        model.put("updated", updated);

        return mv;

    } catch (Exception e) {
        logger.debug("Exception ocurred: " +e);
        //e.printStackTrace();
        new TemplateManager(request).doError(e, request, response);
    }
    return null;
}

Replace the above with the code below:

    /* Apache Commons File Upload */
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
     
      try {

    DiskFileItemFactory factory = new DiskFileItemFactory();
        factory.setRepository(new File("C:\\temp\\"));
        ServletFileUpload fileUpload = new ServletFileUpload(factory);
        List<FileItem> fileItems = fileUpload.parseRequest(request);
    for(FileItem fileItem : fileItems) {
          if(!fileItem.isFormField()) {   
            File file = new File(fileItem.getName());  
            File fNew= new File("C:\\upload\\"  + file.getName());
            fileItem.write(fNew);
          }
        }
      } catch (Exception e) {
        String fileUploadError = "Problem with Apache Commons File Upload.";
        System.out.println(fileUploadError);
      } 
    }

JSp Code:

     <form name="uploadFile" method="POST" action="uploadFile" enctype="multipart/form-data">
        <input type="file" name="file" id="file"><br />     
        <input type="submit" name="submit" id="importkey" value="Import Key"/>
</form>
java spring-mvc servlets apache-commons-fileupload
Original Q&A
0

There are 0 answers

Related Questions in JAVA

Related Questions in SPRING-MVC

Related Questions in SERVLETS

Related Questions in APACHE-COMMONS-FILEUPLOAD

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions