OOP-ResearchMake It Simpler by Object Oriented Programming

File upload Servlet/JSP example for how to restrict the file size and mime-types

File upload Servlet/JSP example for how to restrict the file size and mime-types. If the user tries to upload the larger files or the file of invalid mime-types, the Servlet refuses the request. After InputStream of multipart/form-data parsed, the binary contents of the uploaded files can be saved on the server side.
Where to save the uploaded files is the main subject of this example. This example Servlet allocates the unique directory for each login. To keep the track of each user, it depends on HttpSession by Cookie. In addition, the unique file name is allocated for each file upload request, and this file name is specified by the HIDDEN INPUT in the departing CGI FORM. By this way, the example Servlet can avoid the existing file to be overridden by the subsequent requests. Please download the source code and try it.

Another solution... file upload by e-mail :

The file upload by multipart/form-data works in most cases. However, a growing number of the WAP phones are shipped with the digital cameras, i.e. the users can take the pictures by their mobile phones and send them to their friends by the e-mails. And, by OOP Pop3Receiver API, you can take the advantage of this feature. It is the Java API for connecting to the POP3 servers through JavaMail API, and you can extract the file attachment from the received e-mail. Be ready for file upload from WAP phone!

Download the source code example:

Related Pages:


More source code examples...

On our web site, there are more source code examples for how to upload the files by JSP/Servlet through multipart/form-data request. Please also try and download these examples too:
[The simplest example for file upload JSP by multipart/form-data]

This example consists of only one JSP and its helper classes. It is the simplest example in the world for how to upload files by JSP through multipart/form-data! If this is your first time to try OOP MimeParser, please try it and download its source code.
[The very simple example for file upload JSP by multipart/form-data]

This example consists of only one JSP and its helper classes. It is the very simple example for how to upload files by JSP through multipart/form-data. But, to avoid the existing file being overridden, the unique file name can be allocated to each uploaded file.
[More practical example, Photo Album]

The practical example source code for the simple Photo Album is also available on our site. Because it is the Photo Album, it implements the following features:
  • Simple access privilege by the user name and password in the text file. To track the login information, HttpSession object will be used.
  • The unique directory will be allocated per user.
  • Only the JPEG and GIF files can be uploaded
  • The uploaded files will be saved as the file name same as the original file name on the client side.
The pairs of the valid user name and password are written in the text file, and the user will be asked to type the user name and password. Once s/he enters to this system, s/he can view the list of the uploaded files. The web browser detects the file name on the client side and sends it the server, so the original file name on the client side can be used for the file name on the server side.

You will be surprised at how the things can be easy by OOP MimeParser.
[How to save the uploaded file by the original file name]

The web browser detects the file name on the client side and sends it the server, so the original file name on the client side can be used for the file name on the server side. If you'd like to save the uploaded file in the file name same as the one on the client side, please try this example and download its source codes. In this example, the unique directory can be allocated per each user. To track the directory for each user, this example fully depends on the HttpSession by Cookie. So, it will be a good example for how to use HttpSession in Servlet/JSP programming.
[Get the binary contents of the uploaded file]

You may not want to save the uploaded file on the file system. Rather, you'd like to get its binary contents directly. Don't worry. OOP MimeParser also implements the methods for this case. To show you how to get the binary contents of the uploaded file, we build this example. By the destination Servlet, the binary contents of the upload the file will be attached to the e-mail along with the file name and the Content-Type. Then, the e-mail will be sent at the scheduled time by JavaMail API. Please try it and download its source code.

About this source code example...

This source code example shows how to upload the files by Servlet/JSP through multipart/form-data. The main subjects of this example are:

  • Specify the directory where to save the uploaded file
  • Specify the file name by the HIDDEN INPUT
  • How to set the maximum size of the file to be uploaded
  • How to restrict the mime-type (Content-Type) of the file to be uploaded. For example, if you'd like to allow the users to upload the files only of image/gif, image/jpeg or image/pjpeg, how can you do it?
OOP MimeParser is the Java API for File upload Servlet/JSP. With the easy programming interface of this API, a few lines of code will be enough for your file upload Servlet. This API parses the multipart/form-data and saves the file under the specific directory. You can specify the maximum size of the file to be uploaded. If the larger file is uploaded, this API throws the exception. In this case, your Servlet/JSP can catch the exception and show the appropriate message. Moreover, you can restrict the mime-type of the file to be uploaded. If the user tries to upload the file of other mime-type, this API throws the exception and your Servlet/JSP has a chance to catch the exception.
In this Java API, you can write:
  • The maximum file size to be uploaded
  • The list of the acceptable mime-types (Content-Types)
in the property files. So, you can change the maximum file size, and can add/delete the acceptable mime-types (Content-Types) without updating the source code of your JSP/Servlet! For details of the property files for this Java API, please visit the link below:

How to specify the file name...

In this example, the HIDDEN INPUT in the departing CGI FORM specifies the file name of the uploaded file on the server side. The web browser detects the file name on the client side and sends it to this API, but it will be ignored in this example. If you'd like to save the uploaded file in the file name same as the one on the client side, please try another example and download its source codes at:


If the HIDDEN INPUT whose name is same as the FILE INPUT is included in the CGI FORM, MimeParser is wise enough to detect it. And the value of such a HIDDEN INPUT will be used as the file name on the server side. For example:
CGI FORM for file upload with file name by JSP
Note that both INPUT in this CGI FORM has the same name. In the above example, the uploaded file is always saved as userphoto.gif on the local file system, regardless of the file name of the client side. Only the first HIDDEN INPUT before the FILE INPUT can be picked up as the file name by MimeParser.

In this example, the file name will be determined by the number of files in the specified directory. The file name on the server side will be:
  • file_1.gif
  • file_2.gif
  • ......
  • file_x.gif
To set these file names into the values of the HIDDEN INPUT within the CGI FORM, the CGI FORM will be generated by the JSP. This JSP counts the number of the files under the specified directory and allocates the unique file name for each request.

But, you may want to specify the file name on the destination Servlet/JSP. If it is true for you, please try another example and download its source codes at: It consists of only one JSP and its helper class. It will show you one of the simplest way to upload the file via JSP!

How to use HttpSessionBindingListener...

To avoid the uploaded file being overridden by other users, this example allocates the unique directory for each user. At the very first stage, the available directories will be listed to the user and s/he can select one of them. The selected directory will no longer be listed to other users, as long as s/he is playing with this example. By this way, s/he can use the selected directory to save the uploaded files exclusively. The selected directory is stored in the HttpSession object, which implements HttpSessionBindingListener interface. At the time when s/he goes away from this example,

  • HttpSessionBindingListener.valueUnbound(HttpSessionBindingEvent)
is called on the HttpSession object. Then, the selected directory will be released and be available for other users. In this point, this example may also be a good example for how to use HttpSessionBindingListener.

Session tracking without Cookie...

As you notice, this example fully depends on the session tracking by Cookie. But, you may hate the Cookie. Or you may be eager for the explicit control over the access privilege without the Realm mechanisum offered by the Servlet/JSP server. If this is the case, please try OOP LoginManager, another Java API by OOP-Research.

Download the required APIs...

The source code of this example is available at the link below:

Along with this source code example, please also download OOP MimeParser, which is available at Java API Shop by OOP-Research. There, you can select the 30 days FREE trial version.

Installation...

First of all, please read through README.html in the distribution of OOP MimeParser and edit the property resource file. If you use the trial version, please set your serial ID in the property resource file.
OOP MimeParser requires the following APIs:

After the source code of this example extracted, please place all the required JAR files and property file. As a result, the mime_2 directory will include the following JAR files and property file:
  • mime_2/WEB-INF/lib/mime.jar
  • mime_2/WEB-INF/lib/oop_util_1_x.jar
  • mime_2/WEB-INF/lib/activation.jar
  • mime_2/WEB-INF/lib/mail.jar
  • mime_2/WEB-INF/classes/MimeParser.properties
  • mime_2/WEB-INF/classes/AcceptMime.properties
Note that mime.jar and oop_util_1_x.jar are included in OOP MimeParser. Be sure to give the Read permission for these files. In addition, please give the Write permission to:
  • mime_2/WEB-INF/upfiles
where the uploaded files will be saved. For example, if the Servlet/JSP server (such as Apache Tomcat) is running as the user of nobody, please give Write permission for nobody to upfiles directory and its sub-directories.
In addition, please edit:
  • mime_2/WEB-INF/classes/MimeParser.properties
so that the value of file_root property points the above directory.

NOTE for oop_util_1_x.jar:
If you have the older version oop_util_1_x.jar, please replace it with the new one. In other words, please be sure to find only the latest version of oop_util_1_x.jar under WEB-INF/lib directory.

NOTE for JBuilder:
Please add all the jar files above to Required Libraries of your project.

Caution!
All the APIs for Servlet/JSP introduced by this web site are now included in Bento framework:
  • Simpler than JSTL or Apache Struts
  • MVC framework by HTML
  • Input validation from CGI FORM
  • Easy user authentication
  • Easy localization (L10n)
To download the APIs and source code examples, please visit the web site of Bento framework.


JBuilder 2007


General Information

For Java Development

Java and all Java-based trademarks and logos are trademarks or registered of Sun Microsystems, Inc. in the United States and other countries.


ALL CONTENTS COPYRIGHT 1997-2007, OOP-Research Corporation. All rights reserved.