第十五章 文件上传

目录

一、文件上传注意点

二、JavaWeb上传文件的核心

 三、常规的JavaWeb上传实现

四、运行效果

---

一、文件上传注意点

1. 为保证服务器安全，上传文件应该放在外界无法直接访问的目录下，比如放于WEB-INF目录下。

2. 为防止文件覆盖的现象发生，要为上传文件产生一个唯一的文件名。

3. 要限制上传文件的最大值

4. 可以限制上传文件的类型，在收到上传文件名时，判断后缀名是否合法。

二、JavaWeb上传文件的核心

JavaWeb文件上传的核心是使用Servlet API中的javax.servlet.http.Part接口，它代表了一个HTML表单中的文件字段或其他类型的数据字段，以下是简单的代码示例：

@WebServlet("/upload")
@MultipartConfig(maxFileSize = 16177215) // 设置最大文件大小
public class UploadServlet extends HttpServlet {protected void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {Part filePart = request.getPart("file"); // 获取上传的文件String fileName = Paths.get(filePart.getSubmittedFileName()).getFileName().toString(); // 获取文件名// 保存文件逻辑（这里需要自己实现）// 例如，保存到服务器的某个目录filePart.write(Paths.get("uploadDir", fileName).toString());// 响应response.getWriter().println("File " + fileName + " uploaded successfully");}
}

<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>org.example</groupId><artifactId>UploadFile</artifactId><version>1.0-SNAPSHOT</version><packaging>war</packaging><name>UploadFile Maven Webapp</name><!-- FIXME change it to the project's website --><url>http://www.example.com</url><properties><project.build.sourceEncoding>UTF-8</project.build.sourceEncoding><maven.compiler.source>8</maven.compiler.source><maven.compiler.target>8</maven.compiler.target></properties><dependencies><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>4.13.1</version><scope>test</scope></dependency><!-- Apache Commons FileUpload --><dependency><groupId>commons-fileupload</groupId><artifactId>commons-fileupload</artifactId><version>1.4</version></dependency><!-- Apache Commons IO --><dependency><groupId>commons-io</groupId><artifactId>commons-io</artifactId><version>2.13.0</version></dependency></dependencies><build><finalName>UploadFile</finalName><pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) --><plugins><plugin><artifactId>maven-clean-plugin</artifactId><version>3.4.0</version></plugin><!-- see http://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_war_packaging --><plugin><artifactId>maven-resources-plugin</artifactId><version>3.3.1</version></plugin><plugin><artifactId>maven-compiler-plugin</artifactId><version>3.13.0</version></plugin><plugin><artifactId>maven-surefire-plugin</artifactId><version>3.3.0</version></plugin><plugin><artifactId>maven-war-plugin</artifactId><version>3.4.0</version></plugin><plugin><artifactId>maven-install-plugin</artifactId><version>3.1.2</version></plugin><plugin><artifactId>maven-deploy-plugin</artifactId><version>3.1.2</version></plugin></plugins></pluginManagement></build>
</project>

 三、常规的JavaWeb上传实现

我们通常会采用开源的Apache Commons FileUpload来实现文件上传，其中有几个比较重要的类。ServletFileUpload类负责处理上传的文件数据，使用其parseRequest(HttpServletRequest)方法将表单中每个输入项（比如表单中每一个HTML标签提交的数据）封装成一个FileItem对象，然后以List列表的形式返回，在使用ServletFileUpload对象解析请求时需要DiskFileItemFactory对象。所以，我们需要在进行解析工作前构造好DiskFileItemFactory对象，通过ServletFileUpload对象的构造方法或setFileItemFactory方法设置ServletFileUpload对象的fileItemFactory属性。大致的原理图如下：

<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>org.example</groupId><artifactId>UploadFile</artifactId><version>1.0-SNAPSHOT</version><packaging>war</packaging><name>UploadFile Maven Webapp</name><!-- FIXME change it to the project's website --><url>http://www.example.com</url><properties><project.build.sourceEncoding>UTF-8</project.build.sourceEncoding><maven.compiler.source>8</maven.compiler.source><maven.compiler.target>8</maven.compiler.target></properties><dependencies><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>4.13.1</version><scope>test</scope></dependency><!-- Apache Commons FileUpload --><dependency><groupId>commons-fileupload</groupId><artifactId>commons-fileupload</artifactId><version>1.4</version></dependency><!-- Apache Commons IO --><dependency><groupId>commons-io</groupId><artifactId>commons-io</artifactId><version>2.13.0</version></dependency><dependency><groupId>javax.servlet</groupId><artifactId>servlet-api</artifactId><version>2.5</version></dependency><dependency><groupId>javax.servlet.jsp</groupId><artifactId>jsp-api</artifactId><version>2.1</version></dependency></dependencies><build><finalName>UploadFile</finalName><pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) --><plugins><plugin><artifactId>maven-clean-plugin</artifactId><version>3.4.0</version></plugin><!-- see http://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_war_packaging --><plugin><artifactId>maven-resources-plugin</artifactId><version>3.3.1</version></plugin><plugin><artifactId>maven-compiler-plugin</artifactId><version>3.13.0</version></plugin><plugin><artifactId>maven-surefire-plugin</artifactId><version>3.3.0</version></plugin><plugin><artifactId>maven-war-plugin</artifactId><version>3.4.0</version></plugin><plugin><artifactId>maven-install-plugin</artifactId><version>3.1.2</version></plugin><plugin><artifactId>maven-deploy-plugin</artifactId><version>3.1.2</version></plugin></plugins></pluginManagement></build>
</project>

package servlet;import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.ProgressListener;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import java.util.UUID;public class UploadServlet extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {super.doGet(req, resp);}@Overrideprotected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {request.setCharacterEncoding("utf-8");response.setCharacterEncoding("utf-8");// 判断上传的文件是普通表单还是带文件的表单if (!ServletFileUpload.isMultipartContent(request)) {return; // 普通表单直接返回}// 创建上传文件的路径，建议在WEB-INF路径下，比较安全，用户无法直接访问上传的文件String filePath = getServletContext().getRealPath("/WEB-INF/uploads");// 创建固定的文件上传目录File uploadFile = new File(filePath);if (!uploadFile.exists()) {uploadFile.mkdir();}// 缓存 临时文件// 假如文件超过预期大小，就把它放到一个临时文件中，设定指定时间后自动删除，或者提醒用户转存为永久String tmpPath = this.getServletContext().getRealPath("/WEB-INF/tmp");File tmpFile = new File(tmpPath);if (!tmpFile.exists()) {tmpFile.mkdir();}// 处理文件的上传，一般都需要通过流来获取，我们可以使用request.getInputStream()，原生的文件上传流来获取。// 项目中为了代码健壮性和便捷性，使用开源封装好的工具来实现。common-fileupload（它依赖与commons-io组件）// 1. 创建DiskFileItemFactory，处理文件上传路径或者大小限制DiskFileItemFactory factory = new DiskFileItemFactory(); //factory.setSizeThreshold(1024 * 1024); // 设置缓冲区大小为1Mfactory.setRepository(tmpFile); // 临时保存文件的目录// 2. 获取ServletFileUploadServletFileUpload upload = new ServletFileUpload(factory);// 监听上传文件进度：upload.setProgressListener(new ProgressListener() {// l：已经读取到的文件大小// l1：文件大小@Overridepublic void update(long l, long l1, int i) {System.out.println("总大小：" + l1 + "已上传：" + l);}});// 处理乱码问题upload.setHeaderEncoding("UTF-8");// 设置单个文件最大值upload.setFileSizeMax(1024 * 1024 * 10);// 设置总共能够上传文件的大小 10MBupload.setSizeMax(1024 * 1024 * 10);// 3. 处理上传的文件// 把前端请求解析，封装成一个FileItem对象，需要从ServletFileUpload对象中获取List<FileItem> fileItems = null;try {fileItems = upload.parseRequest(request);} catch (FileUploadException e) {e.printStackTrace();}// fileItem 每一个表单对象for (FileItem fileItem: fileItems) {// 判断上传的文件是普通表单还是带文件的表单if (fileItem.isFormField()) {// getFiledName指的是前端表单控件的nameString name = fileItem.getFieldName();String value = fileItem.getString("UTF-8");// 处理乱码System.out.println(name + ":" + value);} else {String uploadFileName = fileItem.getName();if (uploadFileName.trim().equals("") || uploadFileName == null) {continue;}// 获取文件名String fileName = uploadFileName.substring(uploadFileName.lastIndexOf("/") + 1);// 获取文件后缀String fileExtName = uploadFileName.substring(uploadFileName.lastIndexOf(".") + 1);// 如果文件后缀名不是我们需要的，就不上传，该逻辑此处不做处理// 通过UUID生成一个唯一的路径String uuid = UUID.randomUUID().toString();// 文件真实存在的唯一路径String realPath = filePath + "/" + uuid;File realPathFile = new File(realPath);// 给每个文件创建一个文件夹if (!realPathFile.exists()) {realPathFile.mkdir();}// 完整文件名 文件夹+文件名 /xx/xx/xx.jpgString completeFileName = realPath + "/" + fileName;// 获得文件上传流InputStream inputStream = fileItem.getInputStream();// 创建文件输出流FileOutputStream fos = new FileOutputStream(completeFileName);// 创建一个缓冲区byte[] buffer = new byte[1024 * 1024];int len = 0;// 判断文件是否读取完毕while ((len = inputStream.read(buffer)) > 0) {fos.write(buffer, 0, len);}fos.close();inputStream.close();// 输出文件流到上传文件路径下也可以这样写// fileItem.write(completeFileName);fileItem.delete(); //上传成功，删除临时文件request.setAttribute("msg", "文件上传成功");request.getRequestDispatcher("info.jsp").forward(request, response);}}}
}

<?xml version="1.0" encoding="UTF-8"?>
<web-appversion="4.0"xmlns="http://xmlns.jcp.org/xml/ns/javaee"xmlns:javaee="http://xmlns.jcp.org/xml/ns/javaee"xmlns:xml="http://www.w3.org/XML/1998/namespace"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"><display-name>Archetype Created Web Application</display-name><servlet><servlet-name>uploadServlet</servlet-name><servlet-class>servlet.UploadServlet</servlet-class></servlet><servlet-mapping><servlet-name>uploadServlet</servlet-name><url-pattern>/upload.do</url-pattern></servlet-mapping>
</web-app>

<!DOCTYPE html>
<%@page contentType="text/html; charset=UTF-8" language="java" %>
<html>
<body>
<form action="${pageContext.servletContext.contextPath}/upload.do" method="post" enctype="multipart/form-data">选择文件：<input type="file" name="file"><input type="submit" value="上传">
</form>
</body>
</html>

<!DOCTYPE html>
<%@page contentType="text/html; charset=UTF-8" language="java" %>
<html>
<body>
${msg}
</body>
</html>

四、运行效果