MultipartResolver.isMultipart(request)
来源:8-10 商品列表展示之后端开发
慕码人204465
2017-10-28
if (MultipartResolver.isMultipart(request)) {
thumbnail = handleImage(request, productImgList);
} else {
modelMap.put("success", false);
modelMap.put("errMsg", "上传图片为空");
return modelMap;这里的isMultipart(request)是无论里面有没有文件传入,它照样会返回true,在addproduct里面即使什么文件都不传它都会跑下面的thumbnail = handleImage(request, productImgList);,这样合理吗?我看后续跑到
public static final boolean isMultipartContent(RequestContext ctx) {
String contentType = ctx.getContentType();
if (contentType == null) {
return false;
}
if (contentType.toLowerCase(Locale.ENGLISH).startsWith(MULTIPART)) {
return true;
}
return false;
}里面还是返回true,按设计的理念应该是监测有没有包含文件,这里没文件还是返回true。
写回答
2回答
-
同学看问题非常细心,定位到代码里面即咱们的请求头里有 "multipart/"字样的话就会返回true,方法设计的初衷就是想block住没有文件的请求,但实验过程中发现我们的表单为了支持图片传送默认请求里带有这个字样,,所以后面handleImage方法里加了空值判断过滤掉没有携带文件的操作。而这个isMultipart()方法只能用来block 外来的没带有文件的请求了,(因为咱们几乎做到了前后端分离,外来的操作指的是第三方恶意通过api调用咱们的服务,有的会直接传文件)
同学观察问题真的很细致,非常不错,赞一个。写了个isMultipart并且没有block住不带有文件的请求,给同学带来理解上的错误,深感抱歉。之前用它是为了拦住那种正常的文件上传:)
212017-10-29 -
慕码人204465
提问者
2017-10-28
该方法
@SuppressWarnings({ "null", "unchecked" }) @RequestMapping(value = "/addproduct", method = RequestMethod.POST) @ResponseBody public Map<String, Object> addProductController( HttpServletRequest request) throws IOException { // 验证码校验 Map<String, Object> modelMap = new HashMap<String, Object>(); if (!CodeUtil.checkVerifyCode(request)) { modelMap.put("success", false); modelMap.put("errMsg", "验证码错误"); return modelMap; } // 接收前端参数的变量的初始化,包括商品,缩略图,详情图的初始化 String productStr = HttpServletRequestUtil.getString(request, "productStr"); ObjectMapper mapper = new ObjectMapper(); // 若请求存在文件流,则取出相关文件 ImageHolder thumbnail = null; List<ImageHolder> productImgList = new ArrayList<ImageHolder>(); CommonsMultipartResolver MultipartResolver = new CommonsMultipartResolver( request.getSession().getServletContext()); try { if (MultipartResolver.isMultipart(request)) { thumbnail = handleImage(request, productImgList); } else { modelMap.put("success", false); modelMap.put("errMsg", "上传图片为空"); return modelMap; } } catch (Exception e) { modelMap.put("success", false); modelMap.put("errMsg", e.toString()); return modelMap; } Product product = null; try { product = mapper.readValue(productStr, Product.class); } catch (Exception e) { modelMap.put("success", false); modelMap.put("errMsg", e.getMessage()); return modelMap; } if (product != null && thumbnail != null && productImgList.size() > 0) { try { // 从session中取出当前店铺的Id并赋值给product Shop currentShop = (Shop) request.getSession().getAttribute( "currentShop"); product.setShop(currentShop); // 执行添加操作 ProductExecution pe = productService.addProduct(product, thumbnail, productImgList); if (pe.getState() == ProductStateEnum.SUCCESS.getState()) { modelMap.put("success", true); return modelMap; } else { modelMap.put("success", false); modelMap.put("errMsg", pe.getStateInfo()); } } catch (RuntimeException e) { modelMap.put("success", false); modelMap.put("errMsg", e.toString()); return modelMap; } } return modelMap; } private ImageHolder handleImage(HttpServletRequest request, List<ImageHolder> productImgList) throws IOException { ImageHolder thumbnail = null; // 取出缩略图并构建ImageHolder对象 MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request; CommonsMultipartFile thumbnailFile = (CommonsMultipartFile) multipartRequest .getFile("thumbnail"); if(thumbnailFile != null){ thumbnail = new ImageHolder(thumbnailFile.getOriginalFilename(), thumbnailFile.getInputStream()); } for (int i = 0; i < IMAGEMAXCOUNT; i++) { CommonsMultipartFile productImgFile = (CommonsMultipartFile) multipartRequest .getFile("productImg" + i); if (productImgFile != null) { ImageHolder productImg = new ImageHolder( productImgFile.getOriginalFilename(), productImgFile.getInputStream()); productImgList.add(productImg); } else { break; } } return thumbnail; }00
相似问题