on 10-27-2014 6:24 AM
Hello Experts
I have requirement where I am uploading scanned Documents into the application. However for security concerns, I have limit the allowed MIME types of the files.
for determining the MIME type of file, I am using following code:
mimeType = fileResource.getResourceType().getHtmlMime();
I am working on NW 7.4. However I have noticed that with this code, it returns the MIME type based on file extension only. Due to this, one can change the file extension of the file and bypass the security check.
Can you suggest any better way of determining the MIME type.
Regards,
Deepak
hi deeplak ,
use this code to determine
String mimeType = Magic.getMagicMatch(file, false).getMimeType();
for this you have to use the jmime magic libraries which is available in the below link .
http://sourceforge.net/projects/jmimemagic/
if you dont want to user external jar you can use standard java
FileinputStream fileinptstrm = null ;
fileinptstrm = new BufferedInputStream(new FileInputStream(fileName));
String mimeType = URLConnection.guessContentTypeFromStream(fileinptstrm);
Regards
Govardan Raj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Govardan Raj
thanks or reply. I want to avoid use of external API and hence checking Java API or ones provided by SAP.
However the suggested Class Method,
URLConnection.guessContentTypeFromStream(fileinptstrm)
doesn't return proper valu for the PDF/DOCX/XLSX. It always returns 'null'.
Regards,
Deepak
Hi Govardan
Following is code I am currently using:
mimeType = fileResource.getResourceType().getHtmlMime().toUpperCase();
String ALLOWEDMIMETYPE = "";
if(!ALLOWEDMIMETYPE.equalsIgnoreCase(mimeType))
{
msgManager.reportWarning("File Type not allowed.");
}
However in this case, MIMETYPE is determined from file extension and not from File Content. Due to this, once file Extension is changed, MIMETYPE get changed.
Regards,
Deepak
hi deepak ,
Please go through the below link you may find it usefull, describes various ways of accessing the mime type based on the file content .
http://www.rgagnon.com/javadetails/java-0487.html
if your jdk is 1.7 then you can use the below code
Path pth = Paths.get("file path ex c:/**?filename.ext");
Files.probeContentType(pth)
.
where path is the file path
Regards
Govardan Raj S
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.