cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MIME type of File

Former Member

on ‎10-27-2014 6:24 AM

0 Kudos

Hello Experts

I have requirement where I am uploading scanned Documents into the application. However for security concerns, I have limit the allowed MIME types of the files.

for determining the MIME type of file, I am using following code:

mimeType = fileResource.getResourceType().getHtmlMime();

I am working on NW 7.4. However I have noticed that with this code, it returns the MIME type based on file extension only. Due to this, one can change the file extension of the file and bypass the security check.

Can you suggest any better way of determining the MIME type.

Regards,

Deepak

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

govardan_raj
Contributor
‎10-27-2014 7:05 AM
0 Kudos

hi deeplak ,

use this code to determine

String mimeType = Magic.getMagicMatch(file, false).getMimeType();

for this  you have to use the jmime magic libraries which is available in the below link .

http://sourceforge.net/projects/jmimemagic/

if you dont want to user external jar you can use standard java

FileinputStream  fileinptstrm = null ;

fileinptstrm = new BufferedInputStream(new FileInputStream(fileName));
  String mimeType = URLConnection.guessContentTypeFromStream(fileinptstrm);

Regards

Govardan Raj

Show replies
Show replies
Former Member
‎10-27-2014 8:53 AM
0 Kudos

Hi Govardan Raj

thanks or reply. I want to avoid use of external API and hence checking Java API or ones provided by SAP.

However the suggested Class Method,

URLConnection.guessContentTypeFromStream(fileinptstrm)


doesn't return proper valu for the PDF/DOCX/XLSX. It always returns 'null'.

Regards,

Deepak

govardan_raj
Contributor
‎10-27-2014 9:37 AM
0 Kudos

hi deepak ,

since you are using 7.4 the jdk is of higher version , and can u post the code that you are using currently ?


Regards

Govardan

Former Member
‎10-27-2014 9:59 AM
0 Kudos

Hi Govardan

Following is code I am currently using:

mimeType = fileResource.getResourceType().getHtmlMime().toUpperCase();

String ALLOWEDMIMETYPE = "";

if(!ALLOWEDMIMETYPE.equalsIgnoreCase(mimeType))

{

    msgManager.reportWarning("File Type not allowed.");

}

However in this case, MIMETYPE is determined from file extension and not from File Content. Due to this, once file Extension is changed, MIMETYPE get changed.

Regards,

Deepak

govardan_raj
Contributor
‎10-27-2014 10:15 AM
0 Kudos

hi deepak ,

Please go through the below link you may find it usefull, describes various ways of accessing the mime type based on the file content .

http://www.rgagnon.com/javadetails/java-0487.html

if your jdk is 1.7 then you can use the below code

Path pth = Paths.get("file path ex c:/**?filename.ext");

Files.probeContentType(pth).

where path is the file path


Regards

Govardan Raj S

Ask a Question