| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| <meta charset="UTF-8"/> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"/> |
| <meta name="Date-Revision-yyyymmdd" content="20140918"/> |
| <meta http-equiv="Content-Language" content="en"/> |
| <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> |
| |
| <title>Action File Upload</title> |
| |
| <link href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,400italic,600italic,700italic" rel="stylesheet" type="text/css"> |
| <link href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css" rel="stylesheet"> |
| <link href="/css/main.css" rel="stylesheet"> |
| <link href="/css/custom.css" rel="stylesheet"> |
| <link href="/css/syntax.css" rel="stylesheet"> |
| |
| <script src="//code.jquery.com/jquery-1.11.0.min.js"></script> |
| <script type="text/javascript" src="/bootstrap/js/bootstrap.js"></script> |
| <script type="text/javascript" src="/js/community.js"></script> |
| |
| <!-- Matomo --> |
| <script> |
| var _paq = window._paq = window._paq || []; |
| /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ |
| /* We explicitly disable cookie tracking to avoid privacy issues */ |
| _paq.push(['disableCookies']); |
| _paq.push(['trackPageView']); |
| _paq.push(['enableLinkTracking']); |
| (function() { |
| var u="//analytics.apache.org/"; |
| _paq.push(['setTrackerUrl', u+'matomo.php']); |
| _paq.push(['setSiteId', '41']); |
| var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; |
| g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); |
| })(); |
| </script> |
| <!-- End Matomo Code --> |
| </head> |
| <body> |
| |
| <a href="https://github.com/apache/struts" class="github-ribbon"> |
| <img decoding="async" loading="lazy" style="position: absolute; right: 0; border: 0;" width="149" height="149" src="https://github.blog/wp-content/uploads/2008/12/forkme_right_red_aa0000.png?resize=149%2C149" class="attachment-full size-full" alt="Fork me on GitHub" data-recalc-dims="1"> |
| </a> |
| |
| <header> |
| <nav> |
| <div role="navigation" class="navbar navbar-default navbar-fixed-top"> |
| <div class="container"> |
| <div class="navbar-header"> |
| <button type="button" data-toggle="collapse" data-target="#struts-menu" class="navbar-toggle"> |
| Menu |
| <span class="sr-only">Toggle navigation</span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| </button> |
| <a href="/index.html" class="navbar-brand logo"><img src="/img/struts-logo.svg"></a> |
| </div> |
| <div id="struts-menu" class="navbar-collapse collapse"> |
| <ul class="nav navbar-nav"> |
| <li class="dropdown"> |
| <a data-toggle="dropdown" href="#" class="dropdown-toggle"> |
| Home<b class="caret"></b> |
| </a> |
| <ul class="dropdown-menu"> |
| <li><a href="/index.html">Welcome</a></li> |
| <li><a href="/download.cgi">Download</a></li> |
| <li><a href="/releases.html">Releases</a></li> |
| <li><a href="/announce-2024.html">Announcements</a></li> |
| <li><a href="http://www.apache.org/licenses/">License</a></li> |
| <li><a href="https://www.apache.org/foundation/thanks.html">Thanks!</a></li> |
| <li><a href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li> |
| <li><a href="https://privacy.apache.org/policies/privacy-policy-public.html">Privacy Policy</a></li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a data-toggle="dropdown" href="#" class="dropdown-toggle"> |
| Support<b class="caret"></b> |
| </a> |
| <ul class="dropdown-menu"> |
| <li><a href="/mail.html">User Mailing List</a></li> |
| <li><a href="https://issues.apache.org/jira/browse/WW">Issue Tracker</a></li> |
| <li><a href="/security.html">Reporting Security Issues</a></li> |
| <li><a href="/commercial-support.html">Commercial Support</a></li> |
| <li class="divider"></li> |
| <li><a href="https://cwiki.apache.org/confluence/display/WW/Migration+Guide">Version Notes</a></li> |
| <li><a href="https://cwiki.apache.org/confluence/display/WW/Security+Bulletins">Security Bulletins</a></li> |
| <li class="divider"></li> |
| <li><a href="/maven/project-info.html">Maven Project Info</a></li> |
| <li><a href="/maven/struts2-core/dependencies.html">Struts Core Dependencies</a></li> |
| <li><a href="/maven/struts2-plugins/modules.html">Plugin Dependencies</a></li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a data-toggle="dropdown" href="#" class="dropdown-toggle"> |
| Documentation<b class="caret"></b> |
| </a> |
| <ul class="dropdown-menu"> |
| <li><a href="/birdseye.html">Birds Eye</a></li> |
| <li><a href="/primer.html">Key Technologies</a></li> |
| <li><a href="/kickstart.html">Kickstart FAQ</a></li> |
| <li><a href="https://cwiki.apache.org/confluence/display/WW/Home">Wiki</a></li> |
| <li class="divider"></li> |
| <li><a href="/getting-started/">Getting Started</a></li> |
| <li><a href="/security/">Security Guide</a></li> |
| <li><a href="/core-developers/">Core Developers Guide</a></li> |
| <li><a href="/tag-developers/">Tag Developers Guide</a></li> |
| <li><a href="/maven-archetypes/">Maven Archetypes</a></li> |
| <li><a href="/plugins/">Plugins</a></li> |
| <li><a href="/maven/struts2-core/apidocs/index.html">Struts Core API</a></li> |
| <li><a href="/tag-developers/tag-reference.html">Tag reference</a></li> |
| <li><a href="https://cwiki.apache.org/confluence/display/WW/FAQs">FAQs</a></li> |
| <li><a href="http://cwiki.apache.org/S2PLUGINS/home.html">Plugin registry</a></li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a data-toggle="dropdown" href="#" class="dropdown-toggle"> |
| Contributing<b class="caret"></b> |
| </a> |
| <ul class="dropdown-menu"> |
| <li><a href="/youatstruts.html">You at Struts</a></li> |
| <li><a href="/helping.html">How to Help FAQ</a></li> |
| <li><a href="/dev-mail.html">Development Lists</a></li> |
| <li class="divider"></li> |
| <li><a href="/submitting-patches.html">Submitting patches</a></li> |
| <li><a href="/builds.html">Source Code and Builds</a></li> |
| <li><a href="/coding-standards.html">Coding standards</a></li> |
| <li><a href="/contributors/">Contributors Guide</a></li> |
| <li class="divider"></li> |
| <li><a href="/release-guidelines.html">Release Guidelines</a></li> |
| <li><a href="/bylaws.html">PMC Charter</a></li> |
| <li><a href="/volunteers.html">Volunteers</a></li> |
| <li><a href="https://gitbox.apache.org/repos/asf?p=struts.git">Source Repository</a></li> |
| <li><a href="/updating-website.html">Updating the website</a></li> |
| </ul> |
| </li> |
| <li class="apache"><a href="http://www.apache.org/"><img src="/img/apache.png"></a></li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| </nav> |
| </header> |
| |
| |
| <article class="container"> |
| <section class="col-md-12"> |
| <a class="edit-on-gh" href="https://github.com/apache/struts-site/edit/master/source/core-developers/action-file-upload.md" title="Edit this page on GitHub">Edit on GitHub</a> |
| |
| <a href="action-file-upload-interceptor" title="back to Action File Upload Interceptor"><< back to Action File Upload Interceptor</a> |
| |
| <h1 class="no_toc" id="action-file-upload">Action File Upload</h1> |
| |
| <ul id="markdown-toc"> |
| <li><a href="#dependencies" id="markdown-toc-dependencies">Dependencies</a></li> |
| <li><a href="#basic-usage" id="markdown-toc-basic-usage">Basic Usage</a> <ul> |
| <li><a href="#example-action-mapping" id="markdown-toc-example-action-mapping">Example action mapping:</a></li> |
| <li><a href="#example-jsp-form-tags" id="markdown-toc-example-jsp-form-tags">Example JSP form tags:</a></li> |
| </ul> |
| </li> |
| <li><a href="#uploading-multiple-files" id="markdown-toc-uploading-multiple-files">Uploading Multiple Files</a></li> |
| <li><a href="#advanced-configuration" id="markdown-toc-advanced-configuration">Advanced Configuration</a> <ul> |
| <li><a href="#files-number-limit" id="markdown-toc-files-number-limit">Files Number Limit</a></li> |
| <li><a href="#file-size-limits" id="markdown-toc-file-size-limits">File Size Limits</a></li> |
| <li><a href="#normal-field-size-limit" id="markdown-toc-normal-field-size-limit">Normal Field Size Limit</a></li> |
| <li><a href="#file-types" id="markdown-toc-file-types">File Types</a></li> |
| <li><a href="#error-messages" id="markdown-toc-error-messages">Error Messages</a></li> |
| <li><a href="#temporary-directories" id="markdown-toc-temporary-directories">Temporary Directories</a></li> |
| <li><a href="#alternate-libraries" id="markdown-toc-alternate-libraries">Alternate Libraries</a></li> |
| <li><a href="#request-validation" id="markdown-toc-request-validation">Request validation</a></li> |
| <li><a href="#disabling-file-upload-support" id="markdown-toc-disabling-file-upload-support">Disabling file upload support</a></li> |
| </ul> |
| </li> |
| </ul> |
| |
| <p>The Struts 2 framework provides built-in support for processing file uploads that conform to <a href="http://www.ietf.org/rfc/rfc1867.txt">RFC 1867</a>, |
| “Form-based File Upload in HTML”. When correctly configured the framework will pass uploaded file(s) into your Action |
| class. Support for individual and multiple file uploads are provided. When a file is uploaded it will typically be |
| stored in a temporary directory. Uploaded files should be processed or moved by your Action class to ensure the data is |
| not lost. Be aware that servers may have a security policy in place that prohibits you from writing to directories other |
| than the temporary directory and the directories that belong to your web application.</p> |
| |
| <h2 id="dependencies">Dependencies</h2> |
| |
| <p>The Struts 2 framework leverages the Commons FileUpload library as a based library to support file upload in the framework. |
| The library is included in a base Struts 2 distribution.</p> |
| |
| <h2 id="basic-usage">Basic Usage</h2> |
| |
| <p>The <code class="language-plaintext highlighter-rouge">org.apache.struts2.interceptor.ActionFileUploadInterceptor</code> interceptor is included as part of the <code class="language-plaintext highlighter-rouge">defaultStack</code> |
| and named <code class="language-plaintext highlighter-rouge">actionFileUpload</code>. As long as the required libraries are added to your project you will be able to take |
| advantage of the Struts 2 file upload capability. Configure an Action mapping for your Action class as you typically would.</p> |
| |
| <h3 id="example-action-mapping">Example action mapping:</h3> |
| |
| <div class="language-xml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nt"><action</span> <span class="na">name=</span><span class="s">"doUpload"</span> <span class="na">class=</span><span class="s">"com.example.UploadAction"</span><span class="nt">></span> |
| <span class="nt"><result</span> <span class="na">name=</span><span class="s">"success"</span><span class="nt">></span>good_result.jsp<span class="nt"></result></span> |
| <span class="nt"></action></span> |
| |
| </code></pre></div></div> |
| |
| <p>A form must be created with a form field of type file, <code class="language-plaintext highlighter-rouge"><INPUT type="file" name="upload"></code>. The form used to upload the |
| file must have its encoding type set to <code class="language-plaintext highlighter-rouge">multipart/form-data</code>, <code class="language-plaintext highlighter-rouge"><form action="doUpload" enctype="multipart/form-data" method="post"></code>. |
| The standard procedure for adding these elements is by using the Struts 2 tag libraries as shown in the following |
| example:</p> |
| |
| <h3 id="example-jsp-form-tags">Example JSP form tags:</h3> |
| |
| <div class="language-xml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nt"><s:form</span> <span class="na">action=</span><span class="s">"doUpload"</span> <span class="na">method=</span><span class="s">"post"</span> <span class="na">enctype=</span><span class="s">"multipart/form-data"</span><span class="nt">></span> |
| <span class="nt"><s:file</span> <span class="na">name=</span><span class="s">"upload"</span> <span class="na">label=</span><span class="s">"File"</span><span class="nt">/></span> |
| <span class="nt"><s:submit/></span> |
| <span class="nt"></s:form></span> |
| </code></pre></div></div> |
| |
| <p>The <strong>actionFileUpload</strong> interceptor will use a dedicated interface <code class="language-plaintext highlighter-rouge">org.apache.struts2.action.UploadedFilesAware</code> |
| to transfer information and content of uploaded file. Your action should implement the interface to receive the uploaded file:</p> |
| |
| <div class="language-java highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="kd">public</span> <span class="kd">class</span> <span class="nc">UploadAction</span> <span class="kd">extends</span> <span class="nc">ActionSupport</span> <span class="kd">implements</span> <span class="nc">UploadedFilesAware</span> <span class="o">{</span> |
| |
| <span class="kd">private</span> <span class="nc">UploadedFile</span> <span class="n">uploadedFile</span><span class="o">;</span> |
| <span class="kd">private</span> <span class="nc">String</span> <span class="n">contentType</span><span class="o">;</span> |
| <span class="kd">private</span> <span class="nc">String</span> <span class="n">fileName</span><span class="o">;</span> |
| <span class="kd">private</span> <span class="nc">String</span> <span class="n">originalName</span><span class="o">;</span> |
| |
| <span class="nd">@Override</span> |
| <span class="kd">public</span> <span class="kt">void</span> <span class="nf">withUploadedFiles</span><span class="o">(</span><span class="nc">List</span><span class="o"><</span><span class="nc">UploadedFile</span><span class="o">></span> <span class="n">uploadedFiles</span><span class="o">)</span> <span class="o">{</span> |
| <span class="k">if</span> <span class="o">(!</span><span class="n">uploadedFiles</span><span class="o">.</span><span class="na">isEmpty</span><span class="o">())</span> <span class="o">{</span> |
| <span class="k">this</span><span class="o">.</span><span class="na">uploadedFile</span> <span class="o">=</span> <span class="n">uploadedFiles</span><span class="o">.</span><span class="na">get</span><span class="o">(</span><span class="mi">0</span><span class="o">);</span> |
| <span class="k">this</span><span class="o">.</span><span class="na">fileName</span> <span class="o">=</span> <span class="n">uploadedFile</span><span class="o">.</span><span class="na">getName</span><span class="o">();</span> |
| <span class="k">this</span><span class="o">.</span><span class="na">contentType</span> <span class="o">=</span> <span class="n">uploadedFile</span><span class="o">.</span><span class="na">getContentType</span><span class="o">();</span> |
| <span class="k">this</span><span class="o">.</span><span class="na">originalName</span> <span class="o">=</span> <span class="n">uploadedFile</span><span class="o">.</span><span class="na">getOriginalName</span><span class="o">();</span> |
| <span class="o">}</span> |
| <span class="o">}</span> |
| |
| <span class="kd">public</span> <span class="nc">String</span> <span class="nf">execute</span><span class="o">()</span> <span class="o">{</span> |
| <span class="c1">// do something with the file</span> |
| <span class="k">return</span> <span class="no">SUCCESS</span><span class="o">;</span> |
| <span class="o">}</span> |
| <span class="o">}</span> |
| </code></pre></div></div> |
| |
| <h2 id="uploading-multiple-files">Uploading Multiple Files</h2> |
| |
| <p>As mentioned in the previous section one technique for uploading multiple files would be to simply have multiple form |
| input elements of type file all with different names. This would require a number of setter methods that was equal to 3 |
| times the number of files being uploaded. Another option is to use Arrays or java.util.Lists. The following examples are |
| taken from the Showcase example application that is part sample applications you can download at <a href="http://struts.apache.org/download.cgi">download</a>. |
| For the Action mapping details see <code class="language-plaintext highlighter-rouge">struts-fileupload.xml</code> in the sample application download.</p> |
| |
| <p><code class="language-plaintext highlighter-rouge">multipleUploadUsingList.jsp</code> Notice all file input types have the same name.</p> |
| |
| <div class="language-html highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nt"><s:form</span> <span class="na">action=</span><span class="s">"multipleFileUploadUsingList"</span> <span class="na">method=</span><span class="s">"POST"</span> <span class="na">enctype=</span><span class="s">"multipart/form-data"</span><span class="nt">></span> |
| <span class="nt"><s:file</span> <span class="na">label=</span><span class="s">"File (1)"</span> <span class="na">name=</span><span class="s">"upload"</span><span class="nt">/></span> |
| <span class="nt"><s:file</span> <span class="na">label=</span><span class="s">"File (2)"</span> <span class="na">name=</span><span class="s">"upload"</span><span class="nt">/></span> |
| <span class="nt"><s:file</span> <span class="na">label=</span><span class="s">"FIle (3)"</span> <span class="na">name=</span><span class="s">"upload"</span><span class="nt">/></span> |
| <span class="nt"><s:submit</span> <span class="na">cssClass=</span><span class="s">"btn btn-primary"</span><span class="nt">/></span> |
| <span class="nt"></s:form></span> |
| </code></pre></div></div> |
| |
| <p>The <code class="language-plaintext highlighter-rouge">org.apache.struts2.action.UploadedFilesAware</code> interface already supports uploading multiple files:</p> |
| |
| <div class="language-java highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="kd">public</span> <span class="kd">class</span> <span class="nc">MultipleFileUploadUsingListAction</span> <span class="kd">extends</span> <span class="nc">ActionSupport</span> <span class="kd">implements</span> <span class="nc">UploadedFilesAware</span> <span class="o">{</span> |
| |
| <span class="kd">private</span> <span class="nc">List</span><span class="o"><</span><span class="nc">UploadedFile</span><span class="o">></span> <span class="n">uploads</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ArrayList</span><span class="o"><>();</span> |
| |
| <span class="kd">public</span> <span class="nc">List</span><span class="o"><</span><span class="nc">UploadedFile</span><span class="o">></span> <span class="nf">getUpload</span><span class="o">()</span> <span class="o">{</span> |
| <span class="k">return</span> <span class="k">this</span><span class="o">.</span><span class="na">uploads</span><span class="o">;</span> |
| <span class="o">}</span> |
| |
| <span class="nd">@Override</span> |
| <span class="kd">public</span> <span class="kt">void</span> <span class="nf">withUploadedFiles</span><span class="o">(</span><span class="nc">List</span><span class="o"><</span><span class="nc">UploadedFile</span><span class="o">></span> <span class="n">uploads</span><span class="o">)</span> <span class="o">{</span> |
| <span class="k">this</span><span class="o">.</span><span class="na">uploads</span> <span class="o">=</span> <span class="n">uploads</span><span class="o">;</span> |
| <span class="o">}</span> |
| |
| <span class="kd">private</span> <span class="nc">List</span><span class="o"><</span><span class="nc">String</span><span class="o">></span> <span class="nf">getUploadFileNames</span><span class="o">()</span> <span class="o">{</span> |
| <span class="k">return</span> <span class="k">this</span><span class="o">.</span><span class="na">uploads</span><span class="o">.</span><span class="na">stream</span><span class="o">()</span> |
| <span class="o">.</span><span class="na">map</span><span class="o">(</span><span class="nl">UploadedFile:</span><span class="o">:</span><span class="n">getOriginalName</span><span class="o">)</span> |
| <span class="o">.</span><span class="na">collect</span><span class="o">(</span><span class="nc">Collectors</span><span class="o">.</span><span class="na">toList</span><span class="o">());</span> |
| <span class="o">}</span> |
| |
| <span class="kd">private</span> <span class="nc">List</span><span class="o"><</span><span class="nc">String</span><span class="o">></span> <span class="nf">getUploadContentTypes</span><span class="o">()</span> <span class="o">{</span> |
| <span class="k">return</span> <span class="k">this</span><span class="o">.</span><span class="na">uploads</span><span class="o">.</span><span class="na">stream</span><span class="o">()</span> |
| <span class="o">.</span><span class="na">map</span><span class="o">(</span><span class="nl">UploadedFile:</span><span class="o">:</span><span class="n">getContentType</span><span class="o">)</span> |
| <span class="o">.</span><span class="na">collect</span><span class="o">(</span><span class="nc">Collectors</span><span class="o">.</span><span class="na">toList</span><span class="o">());</span> |
| <span class="o">}</span> |
| |
| <span class="kd">public</span> <span class="nc">String</span> <span class="nf">execute</span><span class="o">()</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> |
| <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"files:"</span><span class="o">);</span> |
| <span class="k">for</span> <span class="o">(</span><span class="nc">UploadedFile</span> <span class="n">u</span> <span class="o">:</span> <span class="n">uploads</span><span class="o">)</span> <span class="o">{</span> |
| <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"*** "</span> <span class="o">+</span> <span class="n">u</span> <span class="o">+</span> <span class="s">"\t"</span> <span class="o">+</span> <span class="n">u</span><span class="o">.</span><span class="na">length</span><span class="o">());</span> |
| <span class="o">}</span> |
| <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"filenames:"</span><span class="o">);</span> |
| <span class="k">for</span> <span class="o">(</span><span class="nc">String</span> <span class="n">n</span> <span class="o">:</span> <span class="n">getUploadFileNames</span><span class="o">())</span> <span class="o">{</span> |
| <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"*** "</span> <span class="o">+</span> <span class="n">n</span><span class="o">);</span> |
| <span class="o">}</span> |
| <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"content types:"</span><span class="o">);</span> |
| <span class="k">for</span> <span class="o">(</span><span class="nc">String</span> <span class="n">c</span> <span class="o">:</span> <span class="n">getUploadContentTypes</span><span class="o">())</span> <span class="o">{</span> |
| <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"*** "</span> <span class="o">+</span> <span class="n">c</span><span class="o">);</span> |
| <span class="o">}</span> |
| <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"\n\n"</span><span class="o">);</span> |
| <span class="k">return</span> <span class="no">SUCCESS</span><span class="o">;</span> |
| <span class="o">}</span> |
| <span class="o">}</span> |
| </code></pre></div></div> |
| |
| <h2 id="advanced-configuration">Advanced Configuration</h2> |
| |
| <p>The Struts 2 <code class="language-plaintext highlighter-rouge">default.properties</code> file defines several settings that affect the behavior of file uploading. You may find |
| it necessary to change these values. The names and default values are:</p> |
| |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>struts.multipart.parser=jakarta |
| struts.multipart.saveDir= # Filesystem location to save parsed request data |
| struts.multipart.maxSize=2097152 # Max combined size of files per request |
| struts.multipart.maxFiles=256 # Max number of files per request |
| struts.multipart.maxFileSize= # Max size per file per request |
| struts.multipart.maxStringLength=4096 # Max length of a string parameter (a normal field) in a multipart request (since Struts 6.1.2.1) |
| </code></pre></div></div> |
| |
| <p>You can also set the max options to unlimited by setting their value to <code class="language-plaintext highlighter-rouge">-1</code>, but please see the sections below for |
| further details on these options first.</p> |
| |
| <h3 id="files-number-limit">Files Number Limit</h3> |
| |
| <p>Since Struts 6.1.2 a new option was added, which uses Commons FileUpload feature to limit how many files can be |
| uploaded at once, in one request. This option requires to use Commons FileUpload ver. 1.5 at least and by default is set |
| to <strong>256</strong>. Please always set this to a finite value to prevent DoS attacks.</p> |
| |
| <p>To change this value define a constant in <code class="language-plaintext highlighter-rouge">struts.xml</code> as follows:</p> |
| |
| <div class="language-xml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nt"><struts></span> |
| <span class="nt"><constant</span> <span class="na">name=</span><span class="s">"struts.multipart.maxFiles"</span> <span class="na">value=</span><span class="s">"500"</span><span class="nt">/></span> |
| <span class="nt"></struts></span> |
| </code></pre></div></div> |
| |
| <h3 id="file-size-limits">File Size Limits</h3> |
| |
| <p>There are multiple methods to enforce file size limits.</p> |
| |
| <p>There is <code class="language-plaintext highlighter-rouge">struts.multipart.maxSize</code> which is loaded from the Struts configuration. This setting exists for security |
| reasons to prohibit a malicious user from uploading extremely large files to fill up your server’s disk space. This |
| setting defaults to approximately 2MB and should be adjusted to the maximum size (2GB) that you expect to parse. If you |
| are uploading more than one file in a single request, the <code class="language-plaintext highlighter-rouge">struts.multipart.maxSize</code> applies to the combined total, not |
| the individual files.</p> |
| |
| <p>There is also <code class="language-plaintext highlighter-rouge">struts.multipart.maxFileSize</code> which is not enforced by default, but can be enabled to enforce a max size |
| on a per-file basis.</p> |
| |
| <p>The other setting, <code class="language-plaintext highlighter-rouge">maximumSize</code>, is an interceptor setting that is used to ensure a particular Action does not receive |
| a file that is too large. Note that the aforementioned settings are applied at the request parsing level and take |
| precedence over this interceptor setting.</p> |
| |
| <p>Notice the locations of these settings in the following example:</p> |
| |
| <div class="language-xml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nt"><struts></span> |
| <span class="nt"><constant</span> <span class="na">name=</span><span class="s">"struts.multipart.maxSize"</span> <span class="na">value=</span><span class="s">"1000000"</span><span class="nt">/></span> |
| <span class="nt"><constant</span> <span class="na">name=</span><span class="s">"struts.multipart.maxFileSize"</span> <span class="na">value=</span><span class="s">"750000"</span><span class="nt">/></span> |
| |
| <span class="nt"><action</span> <span class="na">name=</span><span class="s">"doUpload"</span> <span class="na">class=</span><span class="s">"com.example.UploadAction"</span><span class="nt">></span> |
| <span class="nt"><interceptor-ref</span> <span class="na">name=</span><span class="s">"basicStack"</span><span class="nt">/></span> |
| <span class="nt"><interceptor-ref</span> <span class="na">name=</span><span class="s">"fileUpload"</span><span class="nt">></span> |
| <span class="nt"><param</span> <span class="na">name=</span><span class="s">"maximumSize"</span><span class="nt">></span>500000<span class="nt"></param></span> |
| <span class="nt"></interceptor-ref></span> |
| <span class="nt"><interceptor-ref</span> <span class="na">name=</span><span class="s">"validation"</span><span class="nt">/></span> |
| <span class="nt"><interceptor-ref</span> <span class="na">name=</span><span class="s">"workflow"</span><span class="nt">/></span> |
| |
| <span class="nt"><result</span> <span class="na">name=</span><span class="s">"success"</span><span class="nt">></span>good_result.jsp<span class="nt"></result></span> |
| <span class="nt"></action></span> |
| <span class="nt"></struts></span> |
| </code></pre></div></div> |
| |
| <h3 id="normal-field-size-limit">Normal Field Size Limit</h3> |
| |
| <p>Since Struts 6.1.2.1 a new option has been introduced to limit the size of a normal string field in the multipart request. |
| The default limit is set to 4096 bytes:</p> |
| |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>struts.multipart.maxStringLength=4096 |
| </code></pre></div></div> |
| |
| <p>This options prevents attacks, which consists of multiple large objects in the multipart request. Such attack can exhaust |
| the available memory and finally produce <code class="language-plaintext highlighter-rouge">OutOfMemoryException</code>. If the limit is too low you can increase it by defining |
| the following constant in <code class="language-plaintext highlighter-rouge">struts.xml</code>:</p> |
| |
| <div class="language-xml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nt"><struts></span> |
| <span class="nt"><constant</span> <span class="na">name=</span><span class="s">"struts.multipart.maxStringLength"</span> <span class="na">value=</span><span class="s">"10000"</span><span class="nt">/></span> |
| |
| <span class="nt"><action</span> <span class="na">name=</span><span class="s">"doUpload"</span> <span class="na">class=</span><span class="s">"com.example.UploadAction"</span><span class="nt">></span> |
| ... |
| <span class="nt"></action></span> |
| <span class="nt"></struts></span> |
| </code></pre></div></div> |
| |
| <h3 id="file-types">File Types</h3> |
| |
| <p>There are two ways to limit the uploaded file type, decoratively and programmatically. To decoratively limit the file |
| type a comma separated list of allowedTypes can be specified as a fileUpload interceptor param as shown in the following |
| example:</p> |
| |
| <div class="language-xml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nt"><action</span> <span class="na">name=</span><span class="s">"doUpload"</span> <span class="na">class=</span><span class="s">"com.example.UploadAction"</span><span class="nt">></span> |
| <span class="nt"><interceptor-ref</span> <span class="na">name=</span><span class="s">"basicStack"</span><span class="nt">/></span> |
| <span class="nt"><interceptor-ref</span> <span class="na">name=</span><span class="s">"fileUpload"</span><span class="nt">></span> |
| <span class="nt"><param</span> <span class="na">name=</span><span class="s">"allowedTypes"</span><span class="nt">></span>image/jpeg,image/gif<span class="nt"></param></span> |
| <span class="nt"></interceptor-ref></span> |
| <span class="nt"><interceptor-ref</span> <span class="na">name=</span><span class="s">"validation"</span><span class="nt">/></span> |
| <span class="nt"><interceptor-ref</span> <span class="na">name=</span><span class="s">"workflow"</span><span class="nt">/></span> |
| |
| <span class="nt"><result</span> <span class="na">name=</span><span class="s">"success"</span><span class="nt">></span>good_result.jsp<span class="nt"></result></span> |
| <span class="nt"></action></span> |
| </code></pre></div></div> |
| |
| <p>When the uploaded file type does not match one of the MIME types specified a field error will be created as described in |
| the next section entitled Error Messages. Programmatically limiting the file type means using the information passed in |
| to your Action class via the <code class="language-plaintext highlighter-rouge">setXContentType(String contentType)</code> method. The benefit to this type of approach would be |
| that it’s more flexible and no interceptor configuration would be needed if file sizes are keep under 2 megs.</p> |
| |
| <h3 id="error-messages">Error Messages</h3> |
| |
| <p>If an error occurs several field errors will be added assuming that the action |
| implements <code class="language-plaintext highlighter-rouge">com.opensymphony.xwork2.ValidationAware</code> |
| or extends <code class="language-plaintext highlighter-rouge">com.opensymphony.xwork2.ActionSupport</code>. These error messages are based on several i18n values stored in |
| struts-messages.properties, a default i18n file processed for all i18n requests. You can override the text of these |
| messages by providing text for the following keys:</p> |
| |
| <table> |
| <thead> |
| <tr> |
| <th>Error Key</th> |
| <th>Description</th> |
| </tr> |
| </thead> |
| <tbody> |
| <tr> |
| <td><code class="language-plaintext highlighter-rouge">struts.messages.error.uploading</code></td> |
| <td>A general error that occurs when the file could not be uploaded</td> |
| </tr> |
| <tr> |
| <td><code class="language-plaintext highlighter-rouge">struts.messages.error.file.too.large</code></td> |
| <td>Occurs when the uploaded file is too large as specified by maximumSize.</td> |
| </tr> |
| <tr> |
| <td><code class="language-plaintext highlighter-rouge">struts.messages.error.content.type.not.allowed</code></td> |
| <td>Occurs when the uploaded file does not match the expected content types specified</td> |
| </tr> |
| <tr> |
| <td><code class="language-plaintext highlighter-rouge">struts.messages.error.file.extension.not.allowed</code></td> |
| <td>Occurs when uploaded file has disallowed extension</td> |
| </tr> |
| <tr> |
| <td><code class="language-plaintext highlighter-rouge">struts.messages.upload.error.SizeLimitExceededException</code></td> |
| <td>Occurs when the upload request (as a whole) exceed configured <strong>struts.multipart.maxSize</strong></td> |
| </tr> |
| <tr> |
| <td><code class="language-plaintext highlighter-rouge">struts.messages.upload.error.FileSizeLimitExceededException</code></td> |
| <td>Occurs when a file within the upload request exceeds configured <strong>struts.multipart.maxFileSize</strong></td> |
| </tr> |
| <tr> |
| <td><code class="language-plaintext highlighter-rouge">struts.messages.upload.error.FileCountLimitExceededException</code></td> |
| <td>Occurs when the number of files in the upload request exceeds configured <strong>struts.multipart.maxFiles</strong></td> |
| </tr> |
| <tr> |
| <td><code class="language-plaintext highlighter-rouge">struts.messages.upload.error.<Exception class SimpleName></code></td> |
| <td>Occurs when any other exception took place during file upload process</td> |
| </tr> |
| </tbody> |
| </table> |
| |
| <h3 id="temporary-directories">Temporary Directories</h3> |
| |
| <p>All uploaded files are saved to a temporary directory by the framework before being passed in to an Action. Depending on |
| the allowed file sizes it may be necessary to have the framework store these temporary files in an alternate location. |
| To do this change <code class="language-plaintext highlighter-rouge">struts.multipart.saveDir</code> |
| to the directory where the uploaded files will be placed. If this property is not set it defaults |
| to <code class="language-plaintext highlighter-rouge">javax.servlet.context.tempdir</code>. Keep in mind that on some operating systems, like Solaris, <code class="language-plaintext highlighter-rouge">/tmp</code> is memory based |
| and files stored in that directory would consume an amount of RAM approximately equal to the size of the uploaded file.</p> |
| |
| <h3 id="alternate-libraries">Alternate Libraries</h3> |
| |
| <p>The <code class="language-plaintext highlighter-rouge">struts.multipart.parser</code> used by the fileUpload interceptor to handle HTTP POST requests, encoded using the |
| MIME-type <code class="language-plaintext highlighter-rouge">multipart/form-data</code>, can be changed out. Currently there are two choices, jakarta and pell. The jakarta |
| parser is a standard part of the Struts 2 framework needing only its required libraries added to a project. The pell |
| parser uses Jason Pell’s multipart parser instead of the Commons-FileUpload library. The pell parser is a Struts 2 |
| plugin, for more details see: <a href="../plugins/pell/">Pell multipart plugin</a>. There was a third alternative, cos, but it was |
| removed due to licensing incompatibilities.</p> |
| |
| <p>As from Struts version 2.3.18 a new implementation of <code class="language-plaintext highlighter-rouge">MultiPartRequest</code> was added - <code class="language-plaintext highlighter-rouge">JakartaStreamMultiPartRequest</code>. It |
| can be used to handle large files, see <a href="https://issues.apache.org/jira/browse/WW-3025">WW-3025</a> for more details, but |
| you can simple set</p> |
| |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code><constant name="struts.multipart.parser" value="jakarta-stream" /> |
| </code></pre></div></div> |
| |
| <p>in struts.xml to start using it.</p> |
| |
| <h3 id="request-validation">Request validation</h3> |
| |
| <p>The <code class="language-plaintext highlighter-rouge">struts.multipart.validationRegex</code> is used to define a RegEx to be used to validate if the incoming request is a |
| multipart request. The request must use the <code class="language-plaintext highlighter-rouge">POST</code> method and match the RegEx, by default the RegEx is defined as |
| follow:</p> |
| |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>^multipart/form-data(?:\\s*;\\s*boundary=[0-9a-zA-Z'()+_,\\-./:=?]{1,70})?(?:\\s*;\\s*charset=[a-zA-Z\\-0-9]{3,14})? |
| </code></pre></div></div> |
| |
| <p>Please read <a href="https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html">RFC1341</a> the <strong>Multipart section</strong> for more details, existing Struts <code class="language-plaintext highlighter-rouge">Multipart</code> parsers support |
| only <code class="language-plaintext highlighter-rouge">multipart/form-data</code> content type. This option is available since Struts 2.3.11.</p> |
| |
| <h3 id="disabling-file-upload-support">Disabling file upload support</h3> |
| |
| <p>You can alternatively disable the whole file upload mechanism defining a constant in <code class="language-plaintext highlighter-rouge">struts.xml</code>:</p> |
| |
| <div class="language-xml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nt"><constant</span> <span class="na">name=</span><span class="s">"struts.multipart.enabled"</span> <span class="na">value=</span><span class="s">"false"</span><span class="nt">/></span> |
| </code></pre></div></div> |
| |
| <p>With this constant in place, Struts will ignore a <code class="language-plaintext highlighter-rouge">Content-Type</code> header and will treat each request as an ordinary http |
| request. This option is available since Struts 2.3.11.</p> |
| |
| </section> |
| </article> |
| |
| |
| <footer class="container"> |
| <div class="col-md-12"> |
| Copyright © 2000-2022 <a href="https://www.apache.org/">The Apache Software Foundation</a>. |
| Apache Struts, Struts, Apache, the Apache feather logo, and the Apache Struts project logos are |
| trademarks of The Apache Software Foundation. All Rights Reserved. |
| </div> |
| <div class="col-md-12">Logo and website design donated by <a href="https://softwaremill.com/">SoftwareMill</a>.</div> |
| </footer> |
| |
| <script>!function (d, s, id) { |
| var js, fjs = d.getElementsByTagName(s)[0]; |
| if (!d.getElementById(id)) { |
| js = d.createElement(s); |
| js.id = id; |
| js.src = "//platform.twitter.com/widgets.js"; |
| fjs.parentNode.insertBefore(js, fjs); |
| } |
| }(document, "script", "twitter-wjs");</script> |
| <script src="https://apis.google.com/js/platform.js" async="async" defer="defer"></script> |
| |
| <div id="fb-root"></div> |
| |
| <script>(function (d, s, id) { |
| var js, fjs = d.getElementsByTagName(s)[0]; |
| if (d.getElementById(id)) return; |
| js = d.createElement(s); |
| js.id = id; |
| js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1"; |
| fjs.parentNode.insertBefore(js, fjs); |
| }(document, 'script', 'facebook-jssdk'));</script> |
| |
| |
| </body> |
| </html> |