servelt远程文件下载
2015-10-29 16:39
260 查看
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URLEncoder;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* 下载文件的Servlet
*
*/
public class DownloadEntry extends HttpServlet {
/**
* 下载文件的方法
*/
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
request.setCharacterEncoding("UTF-8");
String fileName = request.getParameter("fileName");
String dir = request.getParameter("dir");
/**
* 以下代码为了防止用户输入../等路径去访问系统的其他文件
* 如http://yanmentang.com:80/download?
dir=contract&fileName=/../..//../..//../..//../..//../..//etc/passwd
*/
if (fileName.indexOf("../") != -1 || fileName.indexOf("/..") != -1
|| fileName.indexOf("..\\") != -1 || fileName.indexOf("\\..") != -1) {
return;
}
if (dir.indexOf("../") != -1 || dir.indexOf("/..") != -1
|| dir.indexOf("..\\") != -1 || dir.indexOf("\\..") != -1) {
return;
}
if (!dir.equals("shopOrderExport") && !dir.equals("contract")) {
return;
}
String downloadDir = AppKeys.UPLOAD_FILE_PATH
+ File.separator + dir + File.separator;
response.setContentType("APPLICATION/OCTET-STREAM");
String downDateStr = DateTimeUtil.getCurrentDate().replaceAll("-", "").replaceAll(" ", "");
response.setHeader("Content-Disposition", "attachment; filename=\""
+ URLEncoder.encode(fileName.substring(0, fileName.indexOf(".")) + downDateStr + fileName.substring(fileName.indexOf(".")), "UTF-8") + "\"");
FileInputStream fileInputStream = null;
try {
// 打开指定文件的流信息
fileInputStream = new java.io.FileInputStream(downloadDir
+ fileName);
// 写出流信息
int i;
while ((i = fileInputStream.read()) != -1) {
response.getOutputStream().write(i);
}
} catch (Exception e) {
AppLogger.getInstance().errorLog("error happened when download file: " + fileName, e);
} finally {
try {
if (fileInputStream != null) {
fileInputStream.close();
}
} catch (Exception e) {
}
response.getOutputStream().close();
}
}
}
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URLEncoder;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* 下载文件的Servlet
*
*/
public class DownloadEntry extends HttpServlet {
/**
* 下载文件的方法
*/
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
request.setCharacterEncoding("UTF-8");
String fileName = request.getParameter("fileName");
String dir = request.getParameter("dir");
/**
* 以下代码为了防止用户输入../等路径去访问系统的其他文件
* 如http://yanmentang.com:80/download?
dir=contract&fileName=/../..//../..//../..//../..//../..//etc/passwd
*/
if (fileName.indexOf("../") != -1 || fileName.indexOf("/..") != -1
|| fileName.indexOf("..\\") != -1 || fileName.indexOf("\\..") != -1) {
return;
}
if (dir.indexOf("../") != -1 || dir.indexOf("/..") != -1
|| dir.indexOf("..\\") != -1 || dir.indexOf("\\..") != -1) {
return;
}
if (!dir.equals("shopOrderExport") && !dir.equals("contract")) {
return;
}
String downloadDir = AppKeys.UPLOAD_FILE_PATH
+ File.separator + dir + File.separator;
response.setContentType("APPLICATION/OCTET-STREAM");
String downDateStr = DateTimeUtil.getCurrentDate().replaceAll("-", "").replaceAll(" ", "");
response.setHeader("Content-Disposition", "attachment; filename=\""
+ URLEncoder.encode(fileName.substring(0, fileName.indexOf(".")) + downDateStr + fileName.substring(fileName.indexOf(".")), "UTF-8") + "\"");
FileInputStream fileInputStream = null;
try {
// 打开指定文件的流信息
fileInputStream = new java.io.FileInputStream(downloadDir
+ fileName);
// 写出流信息
int i;
while ((i = fileInputStream.read()) != -1) {
response.getOutputStream().write(i);
}
} catch (Exception e) {
AppLogger.getInstance().errorLog("error happened when download file: " + fileName, e);
} finally {
try {
if (fileInputStream != null) {
fileInputStream.close();
}
} catch (Exception e) {
}
response.getOutputStream().close();
}
}
}
相关文章推荐
- 转载和积累系列 - 八大排序算法
- Android中实现两次点击返回键退出本程序
- RabbitMq中的交换机
- 标签+线程休眠 = 打地鼠
- Java读取Excel数据
- 生产环境 centos6 源码编辑安装lnmp
- JAVA内部类
- unix学习
- 地名地址编码工具
- 学习windows驱动(PNP和电源模型)
- jdk之多线程Future框架解析
- oracle中rollback的使用
- python GUI 和命令行界面的区别
- Android中实现进入App之后检查网络状态
- 集合:HashMap与HashTable、TreeMap,ArrayList和Vector的区别
- js获取浏览器尺寸
- linux实现c多进程
- 捕获Home按键
- 梦游上海朱家角
- 数据分析项目流程