文件上传拦截器

1.在spring-servlet.xml中配置拦截器：由于本系统框架比较旧（spring2.4版本的，spring 3.0以上的才支持mvc标签）--项目中使用并通过了安全扫描

  
      
          
          
           
         
      

 

2.具体的拦截器实现类代码如下：

package com.sunrise.grid.common.actions;




import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;


import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


import org.apache.commons.fileupload.FileItemIterator;
import org.apache.commons.fileupload.FileItemStream;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.fileupload.util.Streams;
import org.slf4j.Logger;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
import org.springframework.web.multipart.commons.CommonsMultipartResolver;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;


import com.itextpdf.text.pdf.codec.Base64.InputStream;
import com.sunrise.bdc.commons.log.LoggingHelper;
public class FileShellInterceptor  extends  HandlerInterceptorAdapter{


Logger log = LoggingHelper.getLog("FileShellInterceptor.class");
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler)  throws Exception{
    boolean flag= true;
    log.info("进入了文件上传拦截器!!!");
    System.out.println("进入了文件上传拦截器=-=-=-=-=-=-=-=-=-=------------=--");
    // 判断是否为文件上传请求
    if (request instanceof MultipartHttpServletRequest) {
        MultipartHttpServletRequest multipartRequest =
                (MultipartHttpServletRequest) request;
        Map files= multipartRequest.getFileMap();  
            Iterator iterator = files.keySet().iterator(); 
        //对多部件请求资源进遍历
        while (iterator.hasNext()) {
            String formKey = (String) iterator.next();
            MultipartFile multipartFile =
                    multipartRequest.getFile(formKey);
            String filename=multipartFile.getOriginalFilename();
            //判断是否为限制文件类型
            if (! checkFile(filename)) {
            log.info("存在非法参数不能放行！请核对上传文件格式，重新刷新页面再次上传！");
                flag = false;
             
            }
        }
    }
 
    return flag;
}





    @Override
public void postHandle(HttpServletRequest request,
        HttpServletResponse response, Object handler,
        ModelAndView modelAndView) throws Exception {
    System.out.println("Post-handle");
}
    @Override
public void afterCompletion(HttpServletRequest request,
        HttpServletResponse response, Object handler, Exception ex)
        throws Exception {
    System.out.println("After completion handle");
}
/**
* 判断是否为允许的上传文件类型,true表示允许
*/
private boolean checkFile(String fileName) {
    //设置允许上传文件类型
    String suffixList = "jpg,gif,png,ico,bmp,jpeg,zip,zp,rar,doc,docx,excel,xls,xlxs";
    // 获取文件后缀
    String suffix = fileName.substring(fileName.lastIndexOf(".")
            + 1, fileName.length());
    if (suffixList.contains(suffix.trim().toLowerCase())) {
    System.out.println("无非法参数可以放行！！！");
    log.info("无非法参数可以放行！！！");
        return true; 
    }
    log.info("存在非法参数不能放行！请核对上传文件格式，重新刷新页面再次上传！");
    return false;
}


}