가이드로 제공되는 아래 코드 중 파일 업로드 부분은 샘플 코드로서 보안 관련 처리가 미흡합니다. 파일 업로드 부분은 프로젝트 내부에서 사용하시는 부분을 그대로 사용하시고 아래 코드를 참고하셔서 연동 부분을 처리해주세요. |
package com.synap.synapeditor;
import javax.servlet.annotation.WebServlet;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import com.google.gson.Gson;
import com.google.gson.JsonObject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;
@WebServlet( name = "UploadServlet", urlPatterns = {"/uploadFile"} )
public class UploadServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
private static final String UPLOAD_DIRECTORY = "upload";
private static final String DEFAULT_FILENAME = "default.file";
private static final int MEMORY_THRESHOLD = 1024 * 1024 * 3;
private static final int MAX_FILE_SIZE = 1024 * 1024 * 40;
private static final int MAX_REQUEST_SIZE = 1024 * 1024 * 50;
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
if (ServletFileUpload.isMultipartContent(request)) {
DiskFileItemFactory factory = new DiskFileItemFactory();
factory.setSizeThreshold(MEMORY_THRESHOLD);
factory.setRepository(new File(System.getProperty("java.io.tmpdir")));
ServletFileUpload upload = new ServletFileUpload(factory);
upload.setFileSizeMax(MAX_FILE_SIZE);
upload.setSizeMax(MAX_REQUEST_SIZE);
String uploadPath = getServletContext().getRealPath("") + File.separator + UPLOAD_DIRECTORY;
File uploadDir = new File(uploadPath);
if (!uploadDir.exists()) {
uploadDir.mkdir();
}
String fileName = "";
try {
List<FileItem> formItems = upload.parseRequest(request);
if (formItems != null && formItems.size() > 0) {
for (FileItem item : formItems) {
if (!item.isFormField()) {
fileName = new File(item.getName()).getName();
String filePath = uploadPath + File.separator + fileName;
File storeFile = new File(filePath);
item.write(storeFile);
request.setAttribute("message", "File " + fileName + " has uploaded successfully!");
}
}
}
} catch (Exception ex) {
request.setAttribute("message", "There was an error: " + ex.getMessage());
}
Gson gson = new Gson();
JsonObject obj = new JsonObject();
obj.addProperty("uploadPath", "/synapeditor/upload/" + fileName);
String json = gson.toJson(obj);
PrintWriter out = response.getWriter();
response.setContentType("application/json");
response.setCharacterEncoding("UTF-8");
out.print(json);
out.flush();
}
}
} |
가이드로 제공되는 아래 코드 중 파일 업로드 부분은 샘플 코드로서 보안 관련 처리가 미흡합니다. 파일 업로드 부분은 프로젝트 내부에서 사용하시는 부분을 그대로 사용하시고 아래 코드를 참고하셔서 연동 부분을 처리해주세요. |
package com.synap.synapeditor;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;
import java.util.UUID;
import java.util.zip.InflaterInputStream;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
public class ImportServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
private static final String UPLOAD_DIRECTORY = "import";
private static final int MEMORY_THRESHOLD = 1024 * 1024 * 3;
private static final int MAX_FILE_SIZE = 1024 * 1024 * 40;
private static final int MAX_REQUEST_SIZE = 1024 * 1024 * 50;
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
if (ServletFileUpload.isMultipartContent(request)) {
DiskFileItemFactory factory = new DiskFileItemFactory();
factory.setSizeThreshold(MEMORY_THRESHOLD);
factory.setRepository(new File(System.getProperty("java.io.tmpdir")));
ServletFileUpload upload = new ServletFileUpload(factory);
upload.setHeaderEncoding("UTF-8");
upload.setFileSizeMax(MAX_FILE_SIZE);
upload.setSizeMax(MAX_REQUEST_SIZE);
String uploadPath = getServletContext().getRealPath("") + File.separator + UPLOAD_DIRECTORY;
File storeFile = null;
try {
List<FileItem> formItems = upload.parseRequest(request);
if (formItems != null && formItems.size() > 0) {
for (FileItem item : formItems) {
if (!item.isFormField()) {
String fileName = new File(item.getName()).getName();
String filePath = uploadPath + File.separator + fileName;
storeFile = new File(filePath);
item.write(storeFile);
request.setAttribute("message", "File " + fileName + " has uploaded successfully!");
}
}
}
} catch (Exception ex) {
request.setAttribute("message", "There was an error: " + ex.getMessage());
}
// 월별로 파일 변환
Calendar cal = Calendar.getInstance();
String yearMonth = String.format("%04d%02d", cal.get(Calendar.YEAR), cal.get(Calendar.MONTH)+1);
// 파일별로 변환결과를 저장할 경로 생성
String uuid = UUID.randomUUID().toString();
// 경로 생성
File outputPath = new File(uploadPath + File.separator + yearMonth + File.separator + uuid);
if(!outputPath.exists()) {
outputPath.mkdirs();
}
// 변환 실행
executeConverter(storeFile.getAbsolutePath(), outputPath.getAbsolutePath());
// 변환 후 원본 삭제
if(storeFile.exists()) {
storeFile.delete();
}
// 변환된 pb파일을 읽어서 serialzie
// v2.3.0 부터 파일명이 document.word.pb에서 document.pb로 변경됨
Integer[] serializedData = serializePbData(outputPath + "/document.pb");
// pb파일 삭제
File pbFile = new File(outputPath + "/document.pb");
if(pbFile.exists()) {
pbFile.delete();
}
// return data를 map으로 구성
Map map = new HashMap();
map.put("serializedData", serializedData);
map.put("importPath", "/se_jdk15/import/" + yearMonth + "/" + uuid);
// json 형태로 return (google gson lib 사용)
Gson gson = new GsonBuilder().create();
PrintWriter out = response.getWriter();
out.print(gson.toJson(map));
out.flush();
}
}
protected static int executeConverter(String inputFilePath, String outputPath) {
String SEDOC_CONVERT_DIR = "C:\\workspace\\seimporter\\sedocConverter\\sedocConverter.exe";
String FONT_DIR = "C:\\workspace\\seimporter\\fonts";
String TEMP_DIR = "C:\\workspace\\seimporter\\tmp";
File tempDir = new File(TEMP_DIR);
if(!tempDir.exists()) {
tempDir.mkdirs();
}
File fontDir = new File(FONT_DIR);
if(!fontDir.exists()) {
fontDir.mkdirs();
}
// 변환 명령 구성
String[] cmd = {SEDOC_CONVERT_DIR, "-f", FONT_DIR, inputFilePath, outputPath, TEMP_DIR};
try {
Timer t = new Timer();
Process proc = Runtime.getRuntime().exec(cmd);
TimerTask killer = new TimeoutProcessKiller(proc);
t.schedule(killer, 20000); // 20초 (변환이 20초 안에 완료되지 않으면 프로세스 종료)
int exitValue = proc.waitFor();
killer.cancel();
return exitValue;
} catch (Exception e) {
e.printStackTrace();
return -1;
}
}
protected static Integer[] serializePbData(String pbFilePath) throws IOException {
List<Integer> serializedData = new ArrayList<Integer>();
FileInputStream fis = new FileInputStream(pbFilePath);
Integer[] data = null;
fis.skip(16);
InflaterInputStream ifis = new InflaterInputStream(fis);
byte[] buffer = new byte[1024];
int len = -1;
while ((len = ifis.read(buffer)) != -1) {
for (int i = 0; i < len; i++) {
serializedData.add(buffer[i] & 0xFF);
}
}
data = serializedData.toArray(new Integer[serializedData.size()]);
ifis.close();
fis.close();
return data;
}
private static class TimeoutProcessKiller extends TimerTask {
private Process p;
public TimeoutProcessKiller(Process p) {
this.p = p;
}
@Override
public void run() {
p.destroy();
}
}
} |