How to check the MIME Type before uploading? | Community
Skip to main content
Nandhini_Marimu
Nandhini_Marimu
Level 2
June 9, 2017

How to check the MIME Type before uploading?

  • June 9, 2017
  • 4 replies
  • 11898 views

Hi,

     I've a scenario for security check. When i'm submitting the file to dam, the content type for pdf, docx,doc is "application/pdf", "application/vnd.openxmlformats-officedocument.wordprocessingml.document","application/msword".

I've created a config file for this and whenever i upload a file i'll check for MIME_Type and then i upload.

Code:-

private String[] multiString;

private static final Logger LOG = LoggerFactory.getLogger(PODServlet.class);

@Property(value={"application/pdf", "application/vnd.openxmlformats-officedocument.wordprocessingml.document","application/msword"}, unbounded = PropertyUnbounded.ARRAY, label = "MIME TYPE", cardinality = 50, description = "Multi field config for MIME Type")

private static final String KEY_MULTI_FIELD_PODSERVLET = "PODServlet.MIMEType";

@Activate protected void activate(@SuppressWarnings("rawtypes") final Map context) { 

    this.multiString = PropertiesUtil.toStringArray(context.get(KEY_MULTI_FIELD_PODSERVLET));  

    LOG.info("multiString----------@Ativate----------------->"+multiString);

    

....................

resolver = resolverFactory.getAdministrativeResourceResolver(null);

  Session session = (Session) resolver.adaptTo(Session.class);

  AssetManager assetManager = (AssetManager) resolver.adaptTo(AssetManager.class);

  Asset asset = assetManager.getAssetForBinary(DamUtil.assetToBinaryPath(assetPath));

  String mimeType = this.mimeTypeService.getMimeType(fileName);

  for(int i=0;i<multiString.length;i++){

  if(StringUtils.equals(mimeType, multiString[i]))

  {

  asset = assetManager.createAsset(assetPath, file1, mimeType, true);

  Resource metadataRes = asset.adaptTo(Resource.class).getChild("jcr:content/metadata");

  ModifiableValueMap map = metadataRes.adaptTo(ModifiableValueMap.class);

  map.put("dc:podname", podname);

  map.put("dc:actualDeliveryDate", actualDeliveryDate);

  metadataRes.getResourceResolver().commit();

  }

  }

but when the check for security purpose , its stopping for .pdf and .docx, like it will upload the file but when tried to open it will throw an error message. but this is not happening for .doc file extension.

How can this be resolved ? Or is any other way to check for MIME_Type when third party user try to interrupt the content type and throw an error message ?

Regards,

Nandhini M

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

4 replies

smacdonald2008
smacdonald2008
Level 10
June 9, 2017

Doesn;t this line of code return the MIME type?

tring mimeType = this.mimeTypeService.getMimeType(fileName);

VeenaVikraman
Community Advisor
VeenaVikramanCommunity Advisor
Community Advisor
June 10, 2017

Hi Nandhini

           @Property(value={"application/pdf", "application/vnd.openxmlformats-officedocument.wordprocessingml.document","application/ms word"},

               Is there a space in ms word ? I assume it should be application/msword. Please check if this minor issue is causing problem?

Thanks

Veena

Nandhini_Marimu
Nandhini_MarimuAuthor
Level 2
June 12, 2017

Hi ,

No there is no space between ms word,

MC_Stuff
MC_Stuff
Level 10
June 11, 2017

Hi Nandhini,

You can find using api posted by others. Additionally some times asset might not have type set due to bug in cc app.   You need to have additional custom logic to guess based on file extension.

Thanks,

Jitendra_S_Toma
Jitendra_S_Toma
Level 10
June 12, 2017

Hi,

Not sure about the real problem and get confuse with multiple questions.

  • Are you trying to determine mine-type of uploaded assets?
  • Or Do you get error message while open uploaded dam assets?

let us know what is the real problem?

Regards,

Jitendra

Nandhini_Marimu
Nandhini_MarimuAuthor
Level 2
June 12, 2017

Hi,

I need to check the MIME_TYPE of the uploaded file. It should accept only 'pdf', 'docx' & 'doc'. From security purpose , through third party tools the CONTENT_TYPE(MIME_TYPE) is being changed and the request is forwarded, So the scenario will be like when i upload a file of type "application/pdf " and using thrid party tools I'm changing it to "image/png" so, in the sever side , this MIME_TYPE should not accept and reject it.

How can this be done in CQ

Thanks !

Terms & ConditionsAccessibility statement

Loading footer...