001/*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.commons.fileupload.disk;
018
019import java.io.File;
020
021import org.apache.commons.fileupload.FileItem;
022import org.apache.commons.fileupload.FileItemFactory;
023import org.apache.commons.io.FileCleaningTracker;
024
025/**
026 * <p>The default {@link org.apache.commons.fileupload.FileItemFactory}
027 * implementation. This implementation creates
028 * {@link org.apache.commons.fileupload.FileItem} instances which keep their
029 * content either in memory, for smaller items, or in a temporary file on disk,
030 * for larger items. The size threshold, above which content will be stored on
031 * disk, is configurable, as is the directory in which temporary files will be
032 * created.</p>
033 *
034 * <p>If not otherwise configured, the default configuration values are as
035 * follows:</p>
036 * <ul>
037 *   <li>Size threshold is 10KB.</li>
038 *   <li>Repository is the system default temp directory, as returned by
039 *       <code>System.getProperty("java.io.tmpdir")</code>.</li>
040 * </ul>
041 * <p>
042 * <b>NOTE</b>: Files are created in the system default temp directory with
043 * predictable names. This means that a local attacker with write access to that
044 * directory can perform a TOUTOC attack to replace any uploaded file with a
045 * file of the attackers choice. The implications of this will depend on how the
046 * uploaded file is used but could be significant. When using this
047 * implementation in an environment with local, untrusted users,
048 * {@link #setRepository(File)} MUST be used to configure a repository location
049 * that is not publicly writable. In a Servlet container the location identified
050 * by the ServletContext attribute <code>javax.servlet.context.tempdir</code>
051 * may be used.
052 * </p>
053 *
054 * <p>Temporary files, which are created for file items, should be
055 * deleted later on. The best way to do this is using a
056 * {@link FileCleaningTracker}, which you can set on the
057 * {@link DiskFileItemFactory}. However, if you do use such a tracker,
058 * then you must consider the following: Temporary files are automatically
059 * deleted as soon as they are no longer needed. (More precisely, when the
060 * corresponding instance of {@link java.io.File} is garbage collected.)
061 * This is done by the so-called reaper thread, which is started and stopped
062 * automatically by the {@link FileCleaningTracker} when there are files to be
063 * tracked.
064 * It might make sense to terminate that thread, for example, if
065 * your web application ends. See the section on "Resource cleanup"
066 * in the users guide of commons-fileupload.</p>
067 *
068 * @since FileUpload 1.1
069 */
070public class DiskFileItemFactory implements FileItemFactory {
071
072    // ----------------------------------------------------- Manifest constants
073
074    /**
075     * The default threshold above which uploads will be stored on disk.
076     */
077    public static final int DEFAULT_SIZE_THRESHOLD = 10240;
078
079    // ----------------------------------------------------- Instance Variables
080
081    /**
082     * The directory in which uploaded files will be stored, if stored on disk.
083     */
084    private File repository;
085
086    /**
087     * The threshold above which uploads will be stored on disk.
088     */
089    private int sizeThreshold = DEFAULT_SIZE_THRESHOLD;
090
091    /**
092     * <p>The instance of {@link FileCleaningTracker}, which is responsible
093     * for deleting temporary files.</p>
094     * <p>May be null, if tracking files is not required.</p>
095     */
096    private FileCleaningTracker fileCleaningTracker;
097
098    // ----------------------------------------------------------- Constructors
099
100    /**
101     * Constructs an unconfigured instance of this class. The resulting factory
102     * may be configured by calling the appropriate setter methods.
103     */
104    public DiskFileItemFactory() {
105        this(DEFAULT_SIZE_THRESHOLD, null);
106    }
107
108    /**
109     * Constructs a preconfigured instance of this class.
110     *
111     * @param sizeThreshold The threshold, in bytes, below which items will be
112     *                      retained in memory and above which they will be
113     *                      stored as a file.
114     * @param repository    The data repository, which is the directory in
115     *                      which files will be created, should the item size
116     *                      exceed the threshold.
117     */
118    public DiskFileItemFactory(int sizeThreshold, File repository) {
119        this.sizeThreshold = sizeThreshold;
120        this.repository = repository;
121    }
122
123    // ------------------------------------------------------------- Properties
124
125    /**
126     * Returns the directory used to temporarily store files that are larger
127     * than the configured size threshold.
128     *
129     * @return The directory in which temporary files will be located.
130     *
131     * @see #setRepository(java.io.File)
132     *
133     */
134    public File getRepository() {
135        return repository;
136    }
137
138    /**
139     * Sets the directory used to temporarily store files that are larger
140     * than the configured size threshold.
141     *
142     * @param repository The directory in which temporary files will be located.
143     *
144     * @see #getRepository()
145     *
146     */
147    public void setRepository(File repository) {
148        this.repository = repository;
149    }
150
151    /**
152     * Returns the size threshold beyond which files are written directly to
153     * disk. The default value is 10240 bytes.
154     *
155     * @return The size threshold, in bytes.
156     *
157     * @see #setSizeThreshold(int)
158     */
159    public int getSizeThreshold() {
160        return sizeThreshold;
161    }
162
163    /**
164     * Sets the size threshold beyond which files are written directly to disk.
165     *
166     * @param sizeThreshold The size threshold, in bytes.
167     *
168     * @see #getSizeThreshold()
169     *
170     */
171    public void setSizeThreshold(int sizeThreshold) {
172        this.sizeThreshold = sizeThreshold;
173    }
174
175    // --------------------------------------------------------- Public Methods
176
177    /**
178     * Create a new {@link org.apache.commons.fileupload.disk.DiskFileItem}
179     * instance from the supplied parameters and the local factory
180     * configuration.
181     *
182     * @param fieldName   The name of the form field.
183     * @param contentType The content type of the form field.
184     * @param isFormField <code>true</code> if this is a plain form field;
185     *                    <code>false</code> otherwise.
186     * @param fileName    The name of the uploaded file, if any, as supplied
187     *                    by the browser or other client.
188     *
189     * @return The newly created file item.
190     */
191    public FileItem createItem(String fieldName, String contentType,
192            boolean isFormField, String fileName) {
193        DiskFileItem result = new DiskFileItem(fieldName, contentType,
194                isFormField, fileName, sizeThreshold, repository);
195        FileCleaningTracker tracker = getFileCleaningTracker();
196        if (tracker != null) {
197            tracker.track(result.getTempFile(), result);
198        }
199        return result;
200    }
201
202    /**
203     * Returns the tracker, which is responsible for deleting temporary
204     * files.
205     *
206     * @return An instance of {@link FileCleaningTracker}, or null
207     *   (default), if temporary files aren't tracked.
208     */
209    public FileCleaningTracker getFileCleaningTracker() {
210        return fileCleaningTracker;
211    }
212
213    /**
214     * Sets the tracker, which is responsible for deleting temporary
215     * files.
216     *
217     * @param pTracker An instance of {@link FileCleaningTracker},
218     *   which will from now on track the created files, or null
219     *   (default), to disable tracking.
220     */
221    public void setFileCleaningTracker(FileCleaningTracker pTracker) {
222        fileCleaningTracker = pTracker;
223    }
224
225}