PathUtil

最新推荐文章于 2024-10-01 08:13:01 发布
原创 最新推荐文章于 2024-10-01 08:13:01 发布 · 856 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#基于日期创建文件夹路径

//根据当前时间在给定目录下创建文件夹
public static String createFolder(String rootPath){
Calendar date = Calendar.getInstance();

SimpleDateFormat formatYear=new SimpleDateFormat("yyyy");
SimpleDateFormat formatMonth=new SimpleDateFormat("MM");
SimpleDateFormat formatDay=new SimpleDateFormat("dd");
String folderNameYear = formatYear.format(date.getTime());
String folderNameMonth = formatMonth.format(date.getTime());
String folderNameDay = formatDay.format(date.getTime());
//创建年文件夹
File fileYear=new File(rootPath+"/"+folderNameYear);
if (!fileYear.exists()&&!fileYear.isDirectory()) {
fileYear.mkdir();
}

//创建月文件夹
File fileMonth=new File(rootPath+"/"+folderNameYear+"/"+folderNameMonth);
if (!fileMonth.exists()&&!fileMonth.isDirectory()) {
fileMonth.mkdir();
}
String path="/"+folderNameYear+"/"+folderNameMonth+"/"+folderNameDay;
File fileDay=new File(rootPath+path);
if (!fileDay.exists()&&!fileDay.isDirectory()) {
fileDay.mkdir();
}
return  path;
}
public static void main(String[] args) {
String rootPath="/you";
String folder = PlistUtil.createFolder(rootPath);
System.out.println(folder);
}
PathUtils路径拼接工具类
松子落
06-09 2136
package com.jzxs.etp.utils; import java.io.File; /** * @author zj * @version 1.0 * @functin * @date 2020/5/22 14:20 */ public class PathUtils { /** * 文件系统路径 拼接 * * @param rootDir * @param subs * @return */ pub.
Unity 工具类PathUtils
Zyt
01-20 753
using System.Collections; using System.Collections.Generic; using UnityEngine; using System.IO; public class PathUtils { /// <summary> /// 根据一个绝对路径 获得这个资源的assetbundle name /// </summary> /// <param name="path"></par
PathUtils 路径拼接工具类
08-30
获取资源在不同系统下路径,拼接资源在不同系统下的路径
PathUtil java中获取路径的工具类,如WebClassesPath、WebInfPath、WebRoot
司刚军的个人专栏
08-12 4353
二话不说,直接上代码 package cn.sigangjun.util; /** * Title: Get Path Util * Description: this class can getWebClassesPath,getWebInfPath and getWebRoot * @since 2013-8-12 下午4:09:00 * @version 1.0
PathUtil.java
11-24
java获取项目根目录,windows/linux通用
PathUtil.GetUnityPath是在哪个库函数里
09-19
根据用户的问题,他询问的是“PathUtil.GetUnityPath”是在哪个库中定义的。 首先,我需要明确这个函数的具体来源。在Unity引擎中,并没有一个名为`PathUtil`的标准类,也没有一个名为`GetUnityPath`的标准方法。 ...
public class BuildTool : Editor { [MenuItem("Tools/Build Windows Bundle")] static void BundleWindowsBuuld() { Build(BuildTarget.StandaloneWindows); } [MenuItem("Tools/Build Android Bundle")] static void BundleAndroidBuuld() { Build(BuildTarget.Android); } [MenuItem("Tools/Build iPone Bundle")] static void BundleiPoneBuuld() { Build(BuildTarget.iOS); } static void Build(BuildTarget target) { List<AssetBundleBuild> assetBundleBuilds = new List<AssetBundleBuild>(); string[] files = Directory.GetFiles(PathUtil.BuildResourcesPath, "*", SearchOption.AllDirectories); for (int i = 0; i < files.Length; i++) { if (files[i].EndsWith(".meta")) { continue; } Debug.Log("files:" + files[i]); AssetBundleBuild assetBundle = new AssetBundleBuild(); string assetName = PathUtil.GetUnityPath(files[i]); assetBundle.assetNames = new string[] { assetName }; string assetBundleName = files[i].Replace(PathUtil.BuildResourcesPath, "").ToLower(); assetBundle.assetBundleName = assetBundleName + ".ab"; assetBundleBuilds.Add(assetBundle); } if (Directory.Exists(PathUtil.BuildOutPath)) { Directory.Delete(PathUtil.BuildOutPath,true); } Directory.CreateDirectory(PathUtil.BuildOutPath); BuildPipeline.BuildAssetBundles(PathUtil.BuildOutPath, assetBundleBuilds.ToArray(), BuildAssetBundleOptions.None, target); } }public class PathUtil { //根目录 public static readonly string AssetsPath = Application.dataPath; //需要打Bundle的目录 public static readonly string BuildResourcesPath = AssetsPath + "/BuildResources/"; //bundle的输出目录 public static readonly string BuildOutPath = Application.streamingAssetsPath; /// <summary> /// 获取Unity的相对路径 /// </summary> /// <param name="path"></param> /// <returns></returns> public static string GetUnityPath(string path) { if (string.IsNullOrEmpty(path)) { return string.Empty; } return path.Substring(path.IndexOf("Assets")); } }为什么Windows创建没有内容
最新发布
10-01
string assetBundleName = files[i].Replace(PathUtil.BuildResourcesPath, "").ToLower(); ``` 例如:`C:/Project/Assets/BuildResources/Texture.png` → 替换后变成 `/texture.png.ab` **导致问题**:路径...
/* * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved. */ package com.huawei.it.tgmes.tmas.basedata.service.impl; import com.huawei.his.jalor.helper.StoreHelper; import com.huawei.it.env.support.EnvHolder; import com.huawei.it.jalor5.attachment.AttachmentVO; import com.huawei.it.jalor5.attachment.dao.IAttachmentDao; import com.huawei.it.jalor5.core.config.ApplicationConfigProperties; import com.huawei.it.jalor5.core.exception.ApplicationException; import com.huawei.it.jalor5.core.exception.ExceptionHandler; import com.huawei.it.jalor5.core.exception.impl.CommonSystemException; import com.huawei.it.jalor5.core.io.CheckResult; import com.huawei.it.jalor5.core.io.FileInfoVO; import com.huawei.it.jalor5.core.io.IFileContentHandler; import com.huawei.it.jalor5.core.ioc.Jalor; import com.huawei.it.jalor5.core.log.ILogger; import com.huawei.it.jalor5.core.log.JalorLoggerFactory; import com.huawei.it.jalor5.core.request.impl.Application; import com.huawei.it.jalor5.core.util.CollectionUtil; import com.huawei.it.jalor5.core.util.FileUtil; import com.huawei.it.jalor5.core.util.PathUtil; import com.huawei.it.jalor5.core.util.StringUtil; import com.huawei.it.jalor5.logs.LogVO; import com.huawei.it.jalor5.logs.service.ILogService; import com.huawei.it.jalor5.security.AuthorizationException; import com.huawei.it.jalor5.security.OperationDefinitionVO; import com.huawei.it.jalor5.security.SecurityConstants; import com.huawei.it.jalor5.security.UserVO; import com.huawei.it.jalor5.upload.support.FolderSplitType; import com.huawei.it.jalor5.upload.support.IUploadFileConsumer; import com.huawei.it.jalor5.upload.support.IUploadSupportService; import com.huawei.it.jalor5.upload.support.UploadException; import com.huawei.it.jalor5.upload.support.UploadSettingVO; import com.huawei.it.jalor5.web.support.internal.impl.RequestUtil; import com.huawei.it.tgmes.tmas.basedata.dao.IBaseFilePermissionDao; import com.huawei.it.tgmes.tmas.basedata.entity.vo.BaseFilePermission; import com.huawei.it.tgmes.tmas.basedata.service.IBaseFilePermissionService; import com.huawei.it.tgmes.tmas.common.security.ValuesUtils; import com.huawei.it.tgmes.tmas.unit.SystemParameters; import com.huawei.it.tgmes.tmas.unit.TmasSqlSessionBatchDealUtils; import org.apache.commons.fileupload.FileItem; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.fileupload.RequestContext; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; import org.apache.commons.fileupload.servlet.ServletRequestContext; import org.apache.commons.io.FileUtils; import java.io.File; import java.io.InputStream; import java.text.MessageFormat; import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Arrays; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Locale; import java.util.Map; import java.util.UUID; import javax.inject.Inject; import javax.inject.Named; import javax.servlet.http.HttpServletRequest; /** * 文件权限管控Service类 * * @author duzhongao * @since 2023.03.07 */ @Named public class BaseFilePermissionServiceImpl implements IBaseFilePermissionService { private static final ILogger LOGGER = JalorLoggerFactory.getLogger(BaseFilePermissionServiceImpl.class); private static final String UPLOAD_TYPE = "TmasAttachment"; @Inject private IBaseFilePermissionDao iBaseFilePermissionDao; @Inject private IUploadSupportService uploadSupportService; @Inject private ILogService logService; @Inject private IAttachmentDao iAttachmentDao; @Override public int deleteAttachment(int attachmentId) { AttachmentVO attachmentVO = new AttachmentVO(); attachmentVO.setAttachmentId(attachmentId); attachmentVO.setAttachmentType("AttachmentDemo"); iAttachmentDao.deleteAttachment(attachmentVO); return iBaseFilePermissionDao.deleteByAttachmentId(attachmentId); } @Override public int createBatch(String jalorResourceCode, List<Integer> attachmentIdList) { if (ValuesUtils.isEmpty(jalorResourceCode) || ValuesUtils.isEmpty(attachmentIdList)) { LOGGER.warn("The parameter is empty"); return 0; } List<BaseFilePermission> filePermissionList = new ArrayList<>(attachmentIdList.size()); attachmentIdList.forEach(attachmentId -> { BaseFilePermission filePermission = new BaseFilePermission(); filePermission.setAttachmentId(attachmentId); filePermission.setCode(jalorResourceCode); filePermission.setLastUpdatedBy(SystemParameters.getUserNum()); filePermission.setCreatedBy(SystemParameters.getUserNum()); filePermissionList.add(filePermission); }); return TmasSqlSessionBatchDealUtils.batchSaveDatas(filePermissionList, IBaseFilePermissionDao.class, IBaseFilePermissionDao::create); } @Override public void checkFilePermission(int attachmentId) { BaseFilePermission filePermission = iBaseFilePermissionDao.selectLatestOneByAttachmentId(attachmentId); // 表里没记录的,不需要做校验 if (ValuesUtils.isEmpty(filePermission) || ValuesUtils.isEmpty(filePermission.getCode())) { return; } // 获取当前用户信息 UserVO userVO = SystemParameters.getUserRoleName(); if (ValuesUtils.isEmpty(userVO) || ValuesUtils.isEmpty(userVO.getCurrentRole()) || ValuesUtils.isEmpty( userVO.getCurrentRole().getPersonalPermissions())) { // 您无权执行该操作 throw new AuthorizationException(); } // 校验权限 // 拼接权限前缀,operationCode 传空是为了不指定具体某一个方法的权限,只要用户有对应功能的某一权限即可 String permissionKeyPrefix = OperationDefinitionVO.getKeyString( SecurityConstants.SECURITY_RESOURCE_TYPE_SERVICE, filePermission.getCode(), ""); String currentAppname = Application.getCurrent().getAppName(); // 权限前缀带appName的 String permissionKeyWithAppNamePrefix = currentAppname + SecurityConstants.RESOURCE_OPERATION_JOINT + permissionKeyPrefix; boolean permissionFlag = userVO.getCurrentRole() .getPersonalPermissions() .stream() .anyMatch(userPermission -> userPermission.startsWith(permissionKeyPrefix) || userPermission.startsWith( permissionKeyWithAppNamePrefix)); if (!permissionFlag) { // 您无权执行该操作 throw new AuthorizationException(); } } @Override public Object uploadFile(HttpServletRequest request, String jalorResourceCode) throws ApplicationException { Map<String, String> parameters = CollectionUtil.convert(request.getParameterMap()); parameters.put("jalorResourceCode", jalorResourceCode); parameters.put("ulType", UPLOAD_TYPE); IUploadFileConsumer uls = uploadSupportService.findUploadConsumer(UPLOAD_TYPE); if (!uls.validatePrivilege(parameters)) { // 您无权执行该操作 throw new UploadException("huawei.jalor5.security.00010001"); } UploadSettingVO uploadSetting = uls.getUploadSetting(parameters); File file = new File(uploadSetting.getTempRepository()); PathUtil.makeDirs(file); DiskFileItemFactory factory = new DiskFileItemFactory(); factory.setSizeThreshold(uploadSetting.getMaxMemory()); factory.setRepository(file); ServletFileUpload upload = new ServletFileUpload(factory); upload.setSizeMax(uploadSetting.getMaxFileSize() + 2000L); // 比较文件大小 RequestContext requestContext = new ServletRequestContext(request); long rLength = requestContext.getContentLength(); long setLength = upload.getSizeMax(); if (rLength > setLength) { throw new UploadException("huawei.jalor5.upload.support.00010004", rLength, setLength); } try { List<FileItem> fileItemList = upload.parseRequest(request); return processFileItems(parameters, uploadSetting, uls, fileItemList); } catch (ApplicationException e1) { LOGGER.error(e1); throw e1; } catch (FileUploadException e2) { LOGGER.error(e2); throw new UploadException("huawei.jalor5.upload.support.00010001", e2, ExceptionHandler.getFriendlyFault(e2).getMessage()); } } /** * 处理文件 * * @param parameters 前端传参 * @param uploadSetting 上传配置 * @param consumer 上传消费类 * @param fileItemList 文件列表 * @return 上传结果 * @throws ApplicationException 异常 */ private Object processFileItems(Map<String, String> parameters, UploadSettingVO uploadSetting, IUploadFileConsumer consumer, List<FileItem> fileItemList) throws ApplicationException { List<FileInfoVO> fileInfoList = new ArrayList<>(); for (FileItem item : fileItemList) { if (!item.isFormField()) { if (item.getSize() == 0L) { throw new UploadException("huawei.jalor5.upload.support.00010003"); } // 校验文件 validateFile(uploadSetting, item); String fileStorePath = MessageFormat.format("{0}/{1}", uploadSetting.getRepository(), generatePathPart(uploadSetting)); String fileStore = MessageFormat.format("{0}/{1}.jlr", fileStorePath, UUID.randomUUID().toString()); // 校验文件名是否有非法字符 if (PathUtil.isInvalidPath(fileStore)) { throw new UploadException("huawei.jalor5.upload.support.00010002", "fileStore contains .."); } PathUtil.makeDirs(fileStorePath); File uploadedFile = FileUtils.getFile(fileStore); FileInfoVO fileInfo = new FileInfoVO(); fileInfo.setDisplayName(FileUtil.getFileName(item.getName())); fileInfo.setFileSize(item.getSize()); fileInfo.setFilePath(fileStore); // 文件内容校验 if (!checkFileContent(parameters, fileInfo, uploadedFile, item)) { throw new UploadException("huawei.jalor5.upload.support.00010006"); } // 写入文件 fileStore = writeFile(item, uploadedFile); // 文件上传到s3后,文件路径会有变化(会返回s3的文件id) fileInfo.setFilePath(fileStore); fileInfoList.add(fileInfo); } } // 记录日志 this.sendlogMessage(parameters.get("ulType"), fileInfoList); // 上传附件记录到表中 return consumer.processFiles(parameters, fileInfoList); } /** * 校验文件内容 * * @param parameters 前端传参 * @param fileInfo 文件信息 * @param uploadedFile 文件 * @param item 上传的文件内容 * @return boolean * @throws ApplicationException 异常 */ private boolean checkFileContent(Map<String, String> parameters, FileInfoVO fileInfo, File uploadedFile, FileItem item) throws ApplicationException { Map<String, IFileContentHandler> downloadHandlersMap = Jalor.getContext().getBeansOfType(IFileContentHandler.class); if (ValuesUtils.isNotEmpty(downloadHandlersMap)) { try { item.write(uploadedFile); for (Map.Entry<String, IFileContentHandler> entry : downloadHandlersMap.entrySet()) { Object result = entry.getValue().handler(parameters, fileInfo, "upload"); if (result != null && result instanceof CheckResult) { CheckResult reslut = (CheckResult) result; if (!reslut.isContinuation()) { // 删除服务器上的文件 if (uploadedFile.exists() && !uploadedFile.delete()) { LOGGER.error("delete temporary file fail, fileName: {0}", item.getName()); } // 抛出异常,终止上传 return false; } } } } catch (Exception e) { LOGGER.error("写文件异常,", e); // 删除服务器上的临时文件 if (uploadedFile.exists() && !uploadedFile.delete()) { LOGGER.error("delete temporary file fail, fileName: {0}", item.getName()); } throw new UploadException("huawei.jalor5.upload.support.00010001", "文件上传失败"); } } return true; } private void sendlogMessage(String type, List<FileInfoVO> fileInfoList) throws ApplicationException { LogVO logVO = new LogVO(); logVO.buildAotoAttribute(); logVO.setClazz("UploadServlet"); logVO.setOperation("Upload"); logVO.setLogType(0); StringBuilder message = new StringBuilder(); for (FileInfoVO fileInfoVO : fileInfoList) { message.append(", ").append(fileInfoVO.getDisplayName()); } String mess = null; if (message.length() > 1) { mess = message.substring(1, message.length()); } logVO.setStatus(1); logVO.setModule(type + " Upload"); logVO.setServerName(RequestUtil.getServerName()); logVO.setMessage("upload file name is " + mess); logService.asyncCreateLog(logVO); } private String writeFile(FileItem item, File uploadedFile) throws UploadException { try { // 做kia检测,提前写入本地 if (!uploadedFile.exists()) { item.write(uploadedFile); } // 上传文件到s3 try { PathUtil.canonicalPath(uploadedFile.getPath()); return StoreHelper.store(uploadedFile.getPath()); } catch (CommonSystemException e) { LOGGER.error("upload file to s3 fail", e); return uploadedFile.getPath(); } } catch (Exception e) { LOGGER.error("写文件异常", e); throw new UploadException("huawei.jalor5.upload.support.00010001", "写文件异常"); } finally { // 删除服务器上的文件 if (uploadedFile.exists() && !uploadedFile.delete()) { LOGGER.error("delete temporary file fail, fileName: {0}", item.getName()); } } } /** * 生成文件路径 * * @param uploadSetting 上传配置 * @return 路径 */ private String generatePathPart(UploadSettingVO uploadSetting) { if (uploadSetting.getFileSplitType().equals(FolderSplitType.ByDay)) { SimpleDateFormat dayFormat = new SimpleDateFormat("yyyy-MM-dd"); return dayFormat.format(new Date()); } else { return com.huawei.it.jalor5.core.request.impl.RequestContext.getCurrent().getUser().getUserAccount(); } } /** * 校验文件 * * @param uploadSetting 上传配置 * @param item 文件信息 * @throws UploadException 上传异常 */ private void validateFile(UploadSettingVO uploadSetting, FileItem item) throws UploadException { // 校验文件类型 if (!isFileTypesAllowed(item.getName(), uploadSetting.getFileTypesAllowed())) { LOGGER.debug("File type {0} is not valid for {1}", FileUtil.getExtension(item.getName()), item.getName()); throw new UploadException("huawei.jalor5.upload.support.00010002", StringUtil.join(uploadSetting.getFileTypesAllowed(), ",")); } // 校验文件名是否有非法字符 if (PathUtil.isInvalidPath(item.getName())) { throw new UploadException("huawei.jalor5.upload.support.00010002", "Path contains .."); } // 校验文件真实类型 if ("true".equals(ApplicationConfigProperties.getContextProperty("checkRealsFile")) && !checkRealFileType( uploadSetting, item)) { throw new UploadException("huawei.jalor5.upload.support.00010002", StringUtil.join(uploadSetting.getFileTypesAllowed(), ",")); } } /** * 校验文件真实类型 * * @param uploadSetting 上传配置 * @param item 文件信息 * @return boolean */ private boolean checkRealFileType(UploadSettingVO uploadSetting, FileItem item) { try (InputStream inputStream = item.getInputStream()) { byte[] byt = new byte[4]; int read = inputStream.read(byt, 0, byt.length); if (read == -1) { return false; } String code = bytesToHexString(byt); LOGGER.info("The file real_code is :" + code); HashMap mimeTypeMap = Jalor.getContext().getBean("HashMap." + EnvHolder.getApplication(), HashMap.class); String realType = (String) mimeTypeMap.get(code); if (ValuesUtils.isEmpty(realType)) { LOGGER.error("The file real_code cannot be discovered. Please configure it"); return false; } String lowFileType = StringUtil.toLower(realType); List<String> realTypeList = Arrays.asList(lowFileType.split(",")); return realTypeList.stream().anyMatch(fileType -> { for (String allowFileType : uploadSetting.getFileTypesAllowed()) { if (fileType.equals(StringUtil.toLower(allowFileType))) { return true; } } return false; }); } catch (Exception e) { LOGGER.error("Check file real file type fail", e); } return false; } /** * bytesToHexString 取byte[]字节转换为16进制字符串 * * @param src byte[] * @return String */ private static String bytesToHexString(byte[] src) { StringBuilder stringBuilder = new StringBuilder(); if (src == null || src.length <= 0) { return null; } for (byte bt : src) { int vi = bt & 0xFF; String hv = Integer.toHexString(vi).toUpperCase(Locale.ENGLISH); if (hv.length() < 2) { stringBuilder.append(0); } stringBuilder.append(hv); } return stringBuilder.toString(); } /** * 校验文件类型 * * @param fileName 文件名 * @param allowFileTypeList 允许上传的文件类型后缀集合 * @return boolean */ private boolean isFileTypesAllowed(String fileName, List<String> allowFileTypeList) { if (ValuesUtils.isEmpty(allowFileTypeList)) { return false; } String lowFileName = StringUtil.toLower(fileName); boolean allowedFlag = false; for (String fileType : allowFileTypeList) { if (lowFileName.endsWith("." + StringUtil.toLower(fileType))) { allowedFlag = true; break; } } return allowedFlag; } }
08-26
- 路径注入防护(`PathUtil.isInvalidPath()`) - 文件头真实类型校验(`checkRealFileType`) - 大小双重校验(请求头+实际写入) #### 优化建议 1. **大文件支持**: - 增加分片上传接口 - 实现断点续传功能...
// // Source code recreated from a .class file by IntelliJ IDEA // (powered by FernFlower decompiler) // package com.huawei.it.jalor5.upload.support.impl; import com.huawei.his.jalor.helper.StoreHelper; import com.huawei.it.env.support.EnvHolder; import com.huawei.it.jalor5.core.annotation.JalorOperation; import com.huawei.it.jalor5.core.annotation.SecurityPolicy; import com.huawei.it.jalor5.core.config.ApplicationConfigProperties; import com.huawei.it.jalor5.core.exception.ApplicationException; import com.huawei.it.jalor5.core.exception.ExceptionHandler; import com.huawei.it.jalor5.core.io.CheckResult; import com.huawei.it.jalor5.core.io.FileInfoVO; import com.huawei.it.jalor5.core.io.IFileContentHandler; import com.huawei.it.jalor5.core.ioc.Jalor; import com.huawei.it.jalor5.core.log.ILogger; import com.huawei.it.jalor5.core.log.JalorLoggerFactory; import com.huawei.it.jalor5.core.util.CollectionUtil; import com.huawei.it.jalor5.core.util.FileUtil; import com.huawei.it.jalor5.core.util.JsonUtil; import com.huawei.it.jalor5.core.util.PathUtil; import com.huawei.it.jalor5.core.util.StringUtil; import com.huawei.it.jalor5.core.util.XssStringUtil; import com.huawei.it.jalor5.htmlarea.HtmlAreaApplicationException; import com.huawei.it.jalor5.logs.LogVO; import com.huawei.it.jalor5.logs.service.ILogService; import com.huawei.it.jalor5.registry.RegistryVO; import com.huawei.it.jalor5.registry.service.IRegistryQueryService; import com.huawei.it.jalor5.upload.support.FolderSplitType; import com.huawei.it.jalor5.upload.support.IUploadFileConsumer; import com.huawei.it.jalor5.upload.support.IUploadSupportService; import com.huawei.it.jalor5.upload.support.UploadException; import com.huawei.it.jalor5.upload.support.UploadSettingVO; import com.huawei.it.jalor5.web.support.internal.impl.RequestUtil; import java.io.File; import java.io.IOException; import java.io.InputStream; import java.text.MessageFormat; import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Arrays; import java.util.Date; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Locale; import java.util.Map; import java.util.Set; import java.util.UUID; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import org.apache.commons.fileupload.FileCountLimitExceededException; import org.apache.commons.fileupload.FileItem; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.fileupload.RequestContext; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; import org.apache.commons.fileupload.servlet.ServletRequestContext; import org.apache.commons.io.FileUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @Component("/servlet/upload") public class UploadServlet extends HttpServlet { private static final String UPLOAD_ERROR = "huawei.jalor5.upload.support.00010001"; private static final Set<String> FILE_TYPE = new HashSet(Arrays.asList("der", "cer", "txt", "sql", "pfx", "jks", "crl", "pem")); private static final int FORM_BUFFER_SIZE = 2000; private static final long serialVersionUID = -460601782542501990L; private static int currentUploading = 0; private static int defaultMaxUploading = 10000; private static final ILogger LOGGER = JalorLoggerFactory.getLogger(UploadServlet.class); @Autowired( required = false ) private transient IUploadSupportService uploadSupportService; @Autowired( required = false ) private transient ILogService logService; @Autowired( required = false ) private transient IRegistryQueryService registryService; public UploadServlet() { } @JalorOperation( policy = SecurityPolicy.AllSystemUser ) public void service(ServletRequest request, ServletResponse response) throws ServletException, IOException { HttpServletRequest httpRequest = RequestUtil.getHttpServletRequest(request); LOGGER.debug("Upload Query String:{0}", new Object[]{httpRequest.getQueryString()}); String uploadType = request.getParameter("ulType"); Map<String, String> queryParams = RequestUtil.getRequestQueryParams(httpRequest); try { this.checkUploadingTimes(); Map<String, String> convertedMap = CollectionUtil.convert(request.getParameterMap()); convertedMap.put("taskType", queryParams.get("taskType")); Object obj = this.processUpload(httpRequest, uploadType, convertedMap); String json = JsonUtil.getJsonString(obj); LOGGER.debug("Object return:{0}", new Object[]{json}); String pattern = null; String uploadCleanXSS = "false"; if (null != this.registryService) { RegistryVO registryVO = this.registryService.findRegistryByPathNoAssertInternal("App.Security.XssFilterMatcher", false); if (null != registryVO) { pattern = registryVO.getValue(); } uploadCleanXSS = this.registryService.findValueByPath("App.Security.UploadCleanXSS", false, "false"); } response.setContentType("text/html"); if ("true".equalsIgnoreCase(uploadCleanXSS)) { response.getWriter().write(XssStringUtil.cleanXSS(json, pattern)); } else { response.getWriter().write(json); } } catch (UploadException ex) { LOGGER.error(ex); throw new ServletException(ex); } catch (ApplicationException ex) { LOGGER.error(ex); throw new ServletException(new UploadException("huawei.jalor5.upload.support.00010001", ex)); } catch (RuntimeException | FileUploadException ex) { LOGGER.error(ex); throw new ServletException(new UploadException("huawei.jalor5.upload.support.00010001", ex, ExceptionHandler.getFriendlyFault(ex).getMessage())); } finally { this.completeUploadingTimes(); } } private void completeUploadingTimes() { synchronized(UploadServlet.class) { if (currentUploading > 0) { --currentUploading; } } } private void checkUploadingTimes() { if (null != this.registryService) { int maxTimes = Integer.parseInt(this.registryService.findValueByPath("App.Security.MaxUploadingTimes", true, defaultMaxUploading)); synchronized(UploadServlet.class) { ++currentUploading; if (currentUploading > maxTimes) { throw new IllegalArgumentException("当前系统正在处理的上传次数超过最大上限,若需要加大上限,请修改数据字典App.Security.MaxUploadingTimes值"); } } } } private Object processUpload(HttpServletRequest request, String uploadType, Map<String, String> parameters) throws ApplicationException, FileUploadException { IUploadFileConsumer uls = this.uploadSupportService.findUploadConsumer(uploadType); if (!uls.validatePrivilege(parameters)) { throw new UploadException("huawei.jalor5.security.00010001"); } else { DiskFileItemFactory factory = new DiskFileItemFactory(); UploadSettingVO uploadSetting = uls.getUploadSetting(parameters); factory.setSizeThreshold(uploadSetting.getMaxMemory()); File file = new File(uploadSetting.getTempRepository()); PathUtil.makeDirs(file); factory.setRepository(file); ServletFileUpload upload = new ServletFileUpload(factory); upload.setSizeMax(uploadSetting.getMaxFileSize() + 2000L); if ("HtmlAreaImage".equals(uploadType)) { String value = this.registryService.findValueByPath("App.Security.HtmlArea", false, "1"); if ("1".equals(value)) { throw new HtmlAreaApplicationException("huawei.jalor5.Htmlarea.00020007"); } } RequestContext requestContext = new ServletRequestContext(request); long rLength = (long)requestContext.getContentLength(); long setLength = upload.getSizeMax(); LOGGER.debug("Upload image ok?:realLength={0},set={1}", new Object[]{rLength, setLength}); if (rLength > setLength) { throw new UploadException("huawei.jalor5.upload.support.00010004", new Object[]{rLength, setLength}); } else { List<FileItem> items = upload.parseRequest(request); this.validateFileCount(items, uploadSetting.getMaxFileCount()); return this.processFileItems(parameters, uploadSetting, uls, items); } } } private void validateFileCount(List<FileItem> items, int maxFileCount) throws FileCountLimitExceededException { if (!CollectionUtil.isNullOrEmpty(items) && maxFileCount != -1) { long fileCount = 0L; for(FileItem fileItem : items) { if (!fileItem.isFormField()) { ++fileCount; } if (fileCount > (long)maxFileCount) { throw new FileCountLimitExceededException("attachment", (long)maxFileCount); } } } } private Object processFileItems(Map<String, String> parameters, UploadSettingVO uploadSetting, IUploadFileConsumer consumer, List<FileItem> items) throws ApplicationException { Iterator<FileItem> iter = items.iterator(); List<FileInfoVO> files = new ArrayList(); while(iter.hasNext()) { FileItem item = (FileItem)iter.next(); if (!item.isFormField()) { if (item.getSize() == 0L) { throw new UploadException("huawei.jalor5.upload.support.00010003"); } this.validateExtention(uploadSetting, item); FileInfoVO fileInfo = new FileInfoVO(); String fileStorePath = MessageFormat.format("{0}/{1}", consumer.getUploadSetting(parameters).getRepository(), this.generatePathPart(uploadSetting)); PathUtil.makeDirs(fileStorePath); String fileStore = MessageFormat.format("{0}/{1}.jlr", fileStorePath, UUID.randomUUID().toString()); File uploadedFile = FileUtils.getFile(new String[]{fileStore}); Map<String, IFileContentHandler> downloadHandlersMap = Jalor.getContext().getBeansOfType(IFileContentHandler.class); if (downloadHandlersMap.size() > 0) { try { item.write(uploadedFile); fileInfo.setDisplayName(FileUtil.getFileName(item.getName())); fileInfo.setFileSize(item.getSize()); if (fileStore.contains("..")) { throw new IllegalArgumentException("fileStore path [" + fileStore + "] not support string [..]"); } fileInfo.setFilePath(fileStore); } catch (Exception ex) { LOGGER.error2("写文件异常,fileName:[{0}],exception:[{1}]", new Object[]{item.getName(), ex.getMessage()}); } } this.executeFileContentHandler(parameters, fileInfo, uploadedFile, downloadHandlersMap); fileStore = this.writeFile(item, uploadedFile); fileInfo.setDisplayName(FileUtil.getFileName(item.getName())); fileInfo.setFileSize(item.getSize()); fileInfo.setFilePath(fileStore); files.add(fileInfo); } } this.sendlogMessage((String)parameters.get("ulType"), files); return consumer.processFiles(parameters, files); } private void executeFileContentHandler(Map<String, String> parameters, FileInfoVO fileInfo, File uploadedFile, Map<String, IFileContentHandler> downloadHandlersMap) throws ApplicationException { for(Map.Entry<String, IFileContentHandler> entry : downloadHandlersMap.entrySet()) { Object result = ((IFileContentHandler)entry.getValue()).handler(parameters, fileInfo, "upload"); if (result != null && result instanceof CheckResult) { CheckResult reslut = (CheckResult)result; if (!reslut.isContinuation()) { if (uploadedFile.exists()) { uploadedFile.delete(); } throw new UploadException("huawei.jalor5.upload.support.00010006"); } } } } private void sendlogMessage(String type, List<FileInfoVO> files) throws ApplicationException { LogVO logVO = new LogVO(); logVO.buildAotoAttribute(); logVO.setClazz("UploadServlet"); logVO.setOperation("Upload"); logVO.setLogType(0); StringBuffer message = new StringBuffer(); for(FileInfoVO fileInfoVO : files) { message.append(", " + fileInfoVO.getDisplayName()); } String mess = null; if (message.length() > 1) { mess = message.substring(1, message.length()); } logVO.setStatus(1); logVO.setModule(type + " Upload"); logVO.setServerName(RequestUtil.getServerName()); logVO.setMessage("upload file name is " + mess); if (this.logService != null) { this.logService.asyncCreateLog(logVO); } else { try { LOGGER.info("logMessage: " + JsonUtil.objectToJson(logVO)); } catch (IOException ex) { LOGGER.info(ex); } } } private String writeFile(FileItem item, File uploadedFile) throws UploadException { try { if (!uploadedFile.exists()) { item.write(uploadedFile); } String region = ""; String bucketName = ""; try { PathUtil.canonicalPath(uploadedFile.getPath()); return StoreHelper.store(uploadedFile.getPath()); } catch (Exception ex) { LOGGER.error(ex); return uploadedFile.getPath(); } } catch (Exception ex) { throw new UploadException("huawei.jalor5.upload.support.00010001", ex); } } private void validateExtention(UploadSettingVO uploadSetting, FileItem item) throws UploadException { if (!this.isFileTypesAllowed(item.getName(), uploadSetting.getFileTypesAllowed())) { LOGGER.debug("File type {0} is not valid for {1}", new Object[]{FileUtil.getExtension(item.getName()), item.getName()}); throw new UploadException("huawei.jalor5.upload.support.00010002", StringUtil.join(uploadSetting.getFileTypesAllowed(), ",")); } else if (PathUtil.isInvalidPath(item.getName())) { throw new UploadException("huawei.jalor5.upload.support.00010002", "Path contains .."); } else if ("true".equals(ApplicationConfigProperties.getContextProperty("checkRealsFile")) && !this.checkRealFileType(uploadSetting, item)) { throw new UploadException("huawei.jalor5.upload.support.00010002", StringUtil.join(uploadSetting.getFileTypesAllowed(), ",")); } } private boolean isFileTypesAllowed(String fileName, List<String> fileTypesAllowed) { for(String fileType : fileTypesAllowed) { if (StringUtil.toLower(fileName).endsWith("." + StringUtil.toLower(fileType))) { return true; } } return false; } private String generatePathPart(UploadSettingVO uploadSetting) { if (uploadSetting.getFileSplitType().equals(FolderSplitType.ByDay)) { SimpleDateFormat dayFormat = new SimpleDateFormat("yyyy-MM-dd"); return dayFormat.format(new Date()); } else { return com.huawei.it.jalor5.core.request.impl.RequestContext.getCurrent().getUser().getUserAccount(); } } private boolean checkRealFileType(UploadSettingVO uploadSetting, FileItem item) { LOGGER.info("check file real_code."); InputStream inputStream = null; label183: { boolean ex; try { if (!this.fileTypeInWhitelist(item)) { inputStream = item.getInputStream(); byte[] byt = new byte[4]; inputStream.read(byt, 0, byt.length); String code = this.bytesToHexString(byt); LOGGER.info("The file real_code is :" + code); inputStream.close(); HashMap<String, String> mimeTypeMap = null; try { mimeTypeMap = (HashMap)Jalor.getContext().getBean("HashMap." + EnvHolder.getApplication(), HashMap.class); } catch (Exception var24) { LOGGER.info("can't find Hash.Bean, We will load from local! Now,loading from HashMap.default.."); mimeTypeMap = (HashMap)Jalor.getContext().getBean("HashMap.default", HashMap.class); } String realType = (String)mimeTypeMap.get(code); if (StringUtil.isNullOrEmpty(realType)) { LOGGER.error("The file real_code cannot be discovered. Please configure it."); boolean var29 = false; return var29; } List<String> allowFileType = uploadSetting.getFileTypesAllowed(); boolean checkFirstStep = StringUtil.isNullOrEmpty(realType) ? false : this.checkFileType(realType, allowFileType); if (!checkFirstStep) { break label183; } boolean var10 = true; return var10; } ex = true; } catch (Exception ex) { LOGGER.error("UploadServlet check file real Type ERROR,the message is :" + ex); break label183; } finally { if (inputStream != null) { try { inputStream.close(); } catch (IOException var23) { } } } return ex; } LOGGER.error("The file real_code error ,Please configure it."); return false; } private boolean fileTypeInWhitelist(FileItem item) { String endItem = StringUtil.toLower(item.getName().substring(item.getName().lastIndexOf(".") + 1)); String whitelist = ApplicationConfigProperties.getContextProperty("whiteListUlType"); if (!StringUtil.isNullOrEmpty(whitelist) && whitelist.indexOf(endItem) != -1) { return true; } else { return FILE_TYPE.contains(endItem); } } private boolean checkFileType(String type, List<String> allowType) { boolean result = false; if (!StringUtil.isNullOrEmpty(type) && allowType.size() >= 1) { for(String t : allowType) { if (type.toLowerCase(Locale.ROOT).contains(t.toLowerCase(Locale.ROOT))) { result = true; break; } } return result; } else { return result; } } private String bytesToHexString(byte[] src) { StringBuilder sbBuilder = new StringBuilder(); if (src != null && src.length > 0) { for(int i = 0; i < src.length; ++i) { String str = Integer.toHexString(src[i] & 255).toUpperCase(Locale.getDefault()); if (str.length() < 2) { sbBuilder.append(0); } sbBuilder.append(str); } return sbBuilder.toString(); } else { return null; } } }
08-24
if (PathUtil.isInvalidPath(...)) throw 异常; // 3. 文件头特征验证 if (!checkRealFileType(...)) throw 异常; } ``` - **扩展名校验**:严格匹配白名单(如`jpg, png, pdf`) - **路径安全**:禁止`..`等...
java路径操作工具类(PathUtils
Flying_Fish_roe的博客
10-01 850
路径获取:获取当前工作目录的路径。:获取用户主目录的路径路径拼接joinPaths:将多个路径拼接成一个完整路径路径检查exists:检查路径是否存在。isFile:判断路径是否是文件。:判断路径是否是目录。文件和目录操作createFile:创建文件。:创建目录。delete:删除文件或目录,支持递归删除目录及其内容。:列出目录中的所有文件和子目录。文件读写readFile:读取文件内容为字符串。writeFile:将内容写入文件,支持追加模式和覆盖模式。文件和目录复制移动。
java path util_Java操作文件Util
weixin_42494890的博客
02-16 343
1 packageio.guangsoft.utils;23 importjava.io.File;4 importjava.io.FileInputStream;5 importjava.io.FileOutputStream;6 importjava.io.IOException;7 importjava.nio.channels.FileChannel;8 importjava.util.A...
路径操作工具类-PathUtils
sun80264629的专栏
12-05 2630
  import java.util.ArrayList; import java.util.List; import org.apache.commons.lang.StringUtils; import com.uuzz.frame.base.exception.ProcessPathException; /** * * 类 名: PathUtils * ...
Java Utils工具类大全
热门推荐
rj597306518的博客
05-09 4万+
源码和jar见:https://github.com/evil0ps/utils #Java Utils --- 封装了一些常用Java操作方法,便于重复开发利用. 另外希望身为Java牛牛的你们一起测试和完善,欢迎入群263641914 一起封装和完成常用的Java代码。 节约撸码时间以方便有更多的时间去把妹子~ #开发环境 Win7x64 JDK1.7 IDEA14
java fileupload规则_Java FileUploadUtil工具类详解
weixin_39914868的博客
02-13 275
本文实例为大家分享了FileUploadUtil工具类的具体代码,供大家参考,具体内容如下package com.gootrip.util;import java.io.File;import java.util.*;import org.apache.commons.fileupload.*;import javax.servlet.http.HttpServletRequest;import ...
【class路径工具】ClassPathUtils
程序员咏哥的博客
05-05 397
这里使用的是:3.9 的版本,还是比较新的 <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-lang3</artifactId> <version>3.9</version> </dep...
PathUtils工具类生成图片路径+名称
qq_51133939的博客
09-29 476
生成图片路径+名称工具类
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值