Adobe Experience Manager Sites & More

Nandhini_Marimu · 6/9/17

Hi,

I've a scenario for security check. When i'm submitting the file to dam, the content type for pdf, docx,doc is "application/pdf", "application/vnd.openxmlformats-officedocument.wordprocessingml.document","application/msword".

I've created a config file for this and whenever i upload a file i'll check for MIME_Type and then i upload.

Code:-

private String[] multiString;

private static final Logger LOG = LoggerFactory.getLogger(PODServlet.class);

@Property(value={"application/pdf", "application/vnd.openxmlformats-officedocument.wordprocessingml.document","application/msword"}, unbounded = PropertyUnbounded.ARRAY, label = "MIME TYPE", cardinality = 50, description = "Multi field config for MIME Type")

private static final String KEY_MULTI_FIELD_PODSERVLET = "PODServlet.MIMEType";

@Activate protected void activate(@SuppressWarnings("rawtypes") final Map context) {

this.multiString = PropertiesUtil.toStringArray(context.get(KEY_MULTI_FIELD_PODSERVLET));

LOG.info("multiString----------@Ativate----------------->"+multiString);

....................

resolver = resolverFactory.getAdministrativeResourceResolver(null);

Session session = (Session) resolver.adaptTo(Session.class);

AssetManager assetManager = (AssetManager) resolver.adaptTo(AssetManager.class);

Asset asset = assetManager.getAssetForBinary(DamUtil.assetToBinaryPath(assetPath));

String mimeType = this.mimeTypeService.getMimeType(fileName);

for(int i=0;i<multiString.length;i++){

if(StringUtils.equals(mimeType, multiString[i]))

{

asset = assetManager.createAsset(assetPath, file1, mimeType, true);

Resource metadataRes = asset.adaptTo(Resource.class).getChild("jcr:content/metadata");

ModifiableValueMap map = metadataRes.adaptTo(ModifiableValueMap.class);

map.put("dc:podname", podname);

map.put("dc:actualDeliveryDate", actualDeliveryDate);

metadataRes.getResourceResolver().commit();

}

but when the check for security purpose , its stopping for .pdf and .docx, like it will upload the file but when tried to open it will throw an error message. but this is not happening for .doc file extension.

How can this be resolved ? Or is any other way to check for MIME_Type when third party user try to interrupt the content type and throw an error message ?

Regards,

Nandhini M

smacdonald2008 · 6/9/17

Doesn;t this line of code return the MIME type?

tring mimeType = this.mimeTypeService.getMimeType(fileName);

VeenaVikraman · 6/9/17

Hi Nandhini

@Property(value={"application/pdf", "application/vnd.openxmlformats-officedocument.wordprocessingml.document","application/ms word"},

Is there a space in ms word ? I assume it should be application/msword. Please check if this minor issue is causing problem?

Thanks

Veena

Nandhini_Marimu · 6/12/17

Hi ,

No there is no space between ms word,

MC_Stuff · 6/11/17

Hi Nandhini,

You can find using api posted by others. Additionally some times asset might not have type set due to bug in cc app. You need to have additional custom logic to guess based on file extension.

Thanks,

Jitendra_S_Toma · 6/11/17

Hi,

Not sure about the real problem and get confuse with multiple questions.

Are you trying to determine mine-type of uploaded assets?
Or Do you get error message while open uploaded dam assets?

let us know what is the real problem?

Regards,

Jitendra

Nandhini_Marimu · 6/12/17

Hi,

I need to check the MIME_TYPE of the uploaded file. It should accept only 'pdf', 'docx' & 'doc'. From security purpose , through third party tools the CONTENT_TYPE(MIME_TYPE) is being changed and the request is forwarded, So the scenario will be like when i upload a file of type "application/pdf " and using thrid party tools I'm changing it to "image/png" so, in the sever side , this MIME_TYPE should not accept and reject it.

How can this be done in CQ

Thanks !

Adobe Experience Manager Sites & More

How to check the MIME Type before uploading?

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe