Recipe11.12.Limiting the Size of Uploaded Files

Recipe 11.12. Limiting the Size of Uploaded Files

Problem

You want to limit the size of a file to be uploaded to your application.

Solution

In the struts-config.xml file, set the maxFileSize attribute on the controller element to the maximum accepted size (in bytes) for an uploaded file. In this example, a single uploaded file must be smaller than 700 KB:

<controller maxFileSize="700K"/>

Discussion

Whether intended or not, users may attempt to upload excessively large files to your web application. In most cases, the user accidentally picked the wrong file; however, a malicious user could be attempting to bring down your application. You can restrict uploads to a maximum file size using the maxFileSize attribute on the controller element in your struts-config.xml file. The value for this attribute is expressed as an integer value optionally followed by a "K," "M," or "G," interpreted as kilobytes, megabytes or gigabytes, respectively. If you specify the integer valuewith no units indicated, the value will be interpreted as bytes.

If you attempt to upload a file larger than the acceptable maximum, the FormFile property of the ActionForm will be null. You can handle this condition in your Action that processes the upload, as shown in Example 11-25.

Example 11-25. Handling null FormFile property (partial)

public ActionForward execute(ActionMapping mapping,                              ActionForm form,                              HttpServletRequest request,                              HttpServletResponse response) throws Exception {     // Get the form file property from the form     UploadForm uploadForm = (UploadForm) form;             FormFile content = uploadForm.getContent( );     if (content == null) {         ActionMessage msg = new ActionMessage("error.maxFileSize.exceeded");         ActionMessages errors = new ActionMessages( );         errors.add(ActionMessages.GLOBAL_MESSAGE, msg);         saveErrors(request, errors);         return mapping.getInputForward( );      }      // continue processing upload ...

If you don't specify the maxFileSize attribute, the default maximum will be 250 MB (250M). If you want a size different size than this, you must specify it (as shown in the Solution).

The controller element supports a related attribute with the name of memFileSize. This attribute specifies the maximum amount of memory that will be used to hold an uploaded file. If a file is larger than this amount, it will be written to some external storage, typically the filesystem. The value for the attribute is specified using the same notation as the maxFileSize attribute. The default memory file size is 256 KB. Here, the maximum file size is set to 5 MB, and the maximum amount held in memory is set to 500 KB:

<controller maxFileSize="5M" memFileSize="500K"/>

The memFileSize property sets the size threshold which determines at what point an uploaded file will be written to disk or cached in memory. The default value for this setting is 10,240 bytes (10K). Some containers are configured to allow limited or no ability for writing to disk from within a web application. If your container has this restriction, you may need to adjust this setting to a value greater than the largest expected file size.

See Also

Recipe 7.10 shows you how to allow users to upload files to your application.

The Struts User's Guide discusses controller configuration. The relevant section can be found at http://struts.apache.org/userGuide/configuration.html#controller_config.

Beneath the covers, Struts use the Jakarta Commons FileUpload package. Complete documentation and source for this package can be found at http://jakarta.apache.org/commons/fileupload.