public class UploadServlet extends HttpServlet { //default maximum allowable file size is 100k static final int MAX_SIZE = 102400; //instance variables to store root and success message String rootPath, successMessage; /** * init method is called when servlet is initialized. */ public void init(ServletConfig config) throws ServletException { super.init(config); //get path in which to save file rootPath = config.getInitParameter("RootPath"); if (rootPath == null) { rootPath = "/"; } /*Get message to show when upload is complete. Used only if a success redirect page is not supplied.*/ successMessage = config.getInitParameter("SuccessMessage"); if (successMessage == null) { successMessage = "File upload complete!"; } } /** * doPost reads the uploaded data from the request and writes * it to a file. */ public void doPost(HttpServletRequest request, HttpServletResponse response) { ServletOutputStream out=null; DataInputStream in=null; FileOutputStream fileOut=null; try { /*set content type of response and get handle to output stream in case we are unable to redirect client*/ response.setContentType("text/plain"); out = response.getOutputStream(); } catch (IOException e) { //print error message to standard out System.out.println("Error getting output stream."); System.out.println("Error description: " + e); return; } try { //get content type of client request String contentType = request.getContentType(); //make sure content type is multipart/form-data if(contentType != null && contentType.indexOf( "multipart/form-data") != -1) { //open input stream from client to capture upload file in = new DataInputStream(request.getInputStream()); //get length of content data int formDataLength = request.getContentLength(); //allocate a byte array to store content data byte dataBytes[] = new byte[formDataLength]; //read file into byte array int bytesRead = 0; int totalBytesRead = 0; int sizeCheck = 0; while (totalBytesRead < formDataLength) { //check for maximum file size violation sizeCheck = totalBytesRead + in.available(); if (sizeCheck > MAX_SIZE) { out.println("Sorry, file is too large to upload."); return; } bytesRead = in.read(dataBytes, totalBytesRead, formDataLength); totalBytesRead += bytesRead; } //create string from byte array for easy manipulation String file = new String(dataBytes); //since byte array is stored in string, release memory dataBytes = null; /*get boundary value (boundary is a unique string that separates content data)*/ int lastIndex = contentType.lastIndexOf("="); String boundary = contentType.substring(lastIndex+1, contentType.length()); //get Directory web variable from request String directory=""; if (file.indexOf("name="Directory"") > 0) { directory = file.substring( file.indexOf("name="Directory"")); //remove carriage return directory = directory.substring( directory.indexOf("n")+1); //remove carriage return directory = directory.substring( directory.indexOf("n")+1); //get Directory directory = directory.substring(0, directory.indexOf("n")-1); /*make sure user didn't select a directory higher in the directory tree*/ if (directory.indexOf("..") > 0) { out.println("Security Error: You can't upload " + "to a directory higher in the directory tree."); return; } } //get SuccessPage web variable from request String successPage=""; if (file.indexOf("name="SuccessPage"") > 0) { successPage = file.substring( file.indexOf("name="SuccessPage"")); //remove carriage return successPage = successPage.substring( successPage.indexOf("n")+1); //remove carriage return successPage = successPage.substring( successPage.indexOf("n")+1); //get success page successPage = successPage.substring(0, successPage.indexOf("n")-1); } //get OverWrite flag web variable from request String overWrite; if (file.indexOf("name="OverWrite"") > 0) { overWrite = file.substring( file.indexOf("name="OverWrite"")); //remove carriage return overWrite = overWrite.substring( overWrite.indexOf("n")+1); //remove carriage return overWrite = overWrite.substring( overWrite.indexOf("n")+1); //get overwrite flag overWrite = overWrite.substring(0, overWrite.indexOf("n")-1); } else { overWrite = "false"; } //get OverWritePage web variable from request String overWritePage=""; if (file.indexOf("name="OverWritePage"") > 0) { overWritePage = file.substring( file.indexOf("name="OverWritePage"")); //remove carriage return overWritePage = overWritePage.substring( overWritePage.indexOf("n")+1); //remove carriage return overWritePage = overWritePage.substring( overWritePage.indexOf("n")+1); //get overwrite page overWritePage = overWritePage.substring(0, overWritePage.indexOf("n")-1); } //get filename of upload file String saveFile = file.substring( file.indexOf("filename="")+10); saveFile = saveFile.substring(0, saveFile.indexOf("n")); saveFile = saveFile.substring( saveFile.lastIndexOf("")+1, saveFile.indexOf(""")); /*remove boundary markers and other multipart/form-data tags from beginning of upload file section*/ int pos; //position in upload file //find position of upload file section of request pos = file.indexOf("filename=""); //find position of content-disposition line pos = file.indexOf("n",pos)+1; //find position of content-type line pos = file.indexOf("n",pos)+1; //find position of blank line pos = file.indexOf("n",pos)+1; /*find the location of the next boundary marker (marking the end of the upload file data)*/ int boundaryLocation = file.indexOf(boundary,pos)-4; //upload file lies between pos and boundaryLocation file = file.substring(pos,boundaryLocation); //build the full path of the upload file String fileName = new String(rootPath + directory + saveFile); //create File object to check for existence of file File checkFile = new File(fileName); if (checkFile.exists()) { /*file exists, if OverWrite flag is off, give message and abort*/ if (!overWrite.toLowerCase().equals("true")) { if (overWritePage.equals("")) { /*OverWrite HTML page URL not received, respond with generic message*/ out.println("Sorry, file already exists."); } else { //redirect client to OverWrite HTML page response.sendRedirect(overWritePage); } return; } } /*create File object to check for existence of Directory*/ File fileDir = new File(rootPath + directory); if (!fileDir.exists()) { //Directory doesn't exist, create it fileDir.mkdirs(); } //instantiate file output stream fileOut = new FileOutputStream(fileName); //write the string to the file as a byte array fileOut.write(file.getBytes(),0,file.length()); if (successPage.equals("")) { /*success HTML page URL not received, respond with generic success message*/ out.println(successMessage); out.println("File written to: " + fileName); } else { //redirect client to success HTML page response.sendRedirect(successPage); } } else //request is not multipart/form-data { //send error message to client out.println("Request not multipart/form-data."); } } catch(Exception e) { try { //print error message to standard out System.out.println("Error in doPost: " + e); //send error message to client out.println("An unexpected error has occurred."); out.println("Error description: " + e); } catch (Exception f) {} } finally { try { fileOut.close(); //close file output stream } catch (Exception f) {} try { in.close(); //close input stream from client } catch (Exception f) {} try { out.close(); //close output stream to client } catch (Exception f) {} } } }