Package org.apache.commons.fileupload2.core

Class DiskFileItemFactory

java.lang.Object
org.apache.commons.fileupload2.core.DiskFileItemFactory
All Implemented Interfaces:
FileItemFactory<DiskFileItem>
public final class DiskFileItemFactory extends Object implements FileItemFactory<DiskFileItem>
The default FileItemFactory implementation.

This implementation creates FileItem instances which keep their content either in memory, for smaller items, or in a temporary file on disk, for larger items. The size threshold, above which content will be stored on disk, is configurable, as is the directory in which temporary files will be created.

If not otherwise configured, the default configuration values are as follows:

  • Size threshold is 10 KB.
  • Repository is the system default temporary directory, as returned by System.getProperty("java.io.tmpdir").

NOTE: Files are created in the system default temporary directory with predictable names. This means that a local attacker with write access to that directory can perform a TOUTOC attack to replace any uploaded file with a file of the attackers choice. The implications of this will depend on how the uploaded file is used but could be significant. When using this implementation in an environment with local, untrusted users, AbstractOriginSupplier.setPath(Path) MUST be used to configure a repository location that is not publicly writable. In a Servlet container the location identified by the ServletContext attribute javax.servlet.context.tempdir may be used.

Temporary files, which are created for file items, should be deleted later on. The best way to do this is using a FileCleaningTracker, which you can set on the DiskFileItemFactory. However, if you do use such a tracker, then you must consider the following: Temporary files are automatically deleted as soon as they are no longer needed. (More precisely, when the corresponding instance of File is garbage collected.) This is done by the so-called reaper thread, which is started and stopped automatically by the FileCleaningTracker when there are files to be tracked. It might make sense to terminate that thread, for example, if your web application ends. See the section on "Resource cleanup" in the users guide of Commons FileUpload.

See Also:

  • Field Details

    • DEFAULT_THRESHOLD

      public static final int DEFAULT_THRESHOLD
      The default threshold in bytes above which uploads will be stored on disk.
      See Also:

    • repository

      private final Path repository
      The directory in which uploaded files will be stored, if stored on disk.

    • threshold

      private final int threshold
      The threshold above which uploads will be stored on disk.

    • fileCleaningTracker

      private final org.apache.commons.io.FileCleaningTracker fileCleaningTracker
      The instance of FileCleaningTracker, which is responsible for deleting temporary files.

      May be null, if tracking files is not required.

    • charsetDefault

      private final Charset charsetDefault
      Default content Charset to be used when no explicit Charset parameter is provided by the sender.

  • Constructor Details

    • DiskFileItemFactory

      private DiskFileItemFactory(Path repository, int threshold, Charset charsetDefault, org.apache.commons.io.FileCleaningTracker fileCleaningTracker)
      Constructs a preconfigured instance of this class.
      Parameters:
      repository - The data repository, which is the directory in which files will be created, should the item size exceed the threshold.
      threshold - The threshold, in bytes, below which items will be retained in memory and above which they will be stored as a file.
      charsetDefault - Sets the default charset for use when no explicit charset parameter is provided by the sender.
      fileCleaningTracker - Callback to track files created, or null (default) to disable tracking.

  • Method Details

    • builder

      public static DiskFileItemFactory.Builder builder()
      Constructs a new DiskFileItemFactory.Builder.
      Returns:
      a new DiskFileItemFactory.Builder.

    • fileItemBuilder

      public DiskFileItem.Builder fileItemBuilder()
      Description copied from interface: FileItemFactory
      Creates a new AbstractFileItemBuilder.
      Specified by:
      fileItemBuilder in interface FileItemFactory<DiskFileItem>
      Returns:
      a new AbstractFileItemBuilder.

    • getCharsetDefault

      public Charset getCharsetDefault()
      Gets the default charset for use when no explicit charset parameter is provided by the sender.
      Returns:
      the default charset

    • getFileCleaningTracker

      public org.apache.commons.io.FileCleaningTracker getFileCleaningTracker()
      Gets the tracker, which is responsible for deleting temporary files.
      Returns:
      An instance of FileCleaningTracker, or null (default), if temporary files aren't tracked.

    • getRepository

      public Path getRepository()
      Gets the directory used to temporarily store files that are larger than the configured size threshold.
      Returns:
      The directory in which temporary files will be located.

    • getThreshold

      public int getThreshold()
      Gets the size threshold beyond which files are written directly to disk. The default value is 10240 bytes.
      Returns:
      The size threshold in bytes.