//文件上传路径 转码比较
目录遍历漏洞防御方法
1.对用户的输入进行验证,特别是路径替代字符如“../”和“~/”。
//使用file 时要注意
file的很多api 需要boolean的返回值来验证成功失败
//从request中获取multipartFile
MultipartHttpServletRequest multipartRequest = WebUtils.getNativeRequest(request, MultipartHttpServletRequest.class);
multipartFile = multipartRequest.getFile("xxxFile");
multipartRequest.getFile("file").getSize();
//multipartFile 转 file
multipartFile.transferTo(uploadFile);
//直接读出文件中的每一行 jdk自带
Files.lines(Paths.get("d:/aa/aa.java")).forEach(System.out::println);
//前台<img标签>访问url路径 ,以流的形式返回,可以在浏览器渲染成图片
@RequestMapping(value = "/res/{key}.{resType}")
请求路径通过尾缀区分
//File复制
1.-Java NIO包括transferFrom方法,根据文档应该比文件流复制的速度更快
private static void copyFileUsingFileChannels(File source, File dest) throws IOException {
FileChannel inputChannel = null;
FileChannel outputChannel = null;
try {
inputChannel = new FileInputStream(source).getChannel();
outputChannel = new FileOutputStream(dest).getChannel();
outputChannel.transferFrom(inputChannel, 0, inputChannel.size());
} finally {
inputChannel.close();
outputChannel.close();
}
}
2.使用Commons IO复制效率不低 - 最方便
private static void copyFileUsingApacheCommonsIO(File source, File dest)
throws IOException {
FileUtils.copyFile(source, dest);
}