Hi,
I've a scenario for security check. When i'm submitting the file to dam, the content type for pdf, docx,doc is "application/pdf", "application/vnd.openxmlformats-officedocument.wordprocessingml.document","application/msword".
I've created a config file for this and whenever i upload a file i'll check for MIME_Type and then i upload.
Code:-
private String[] multiString;
private static final Logger LOG = LoggerFactory.getLogger(PODServlet.class);
@Property(value={"application/pdf", "application/vnd.openxmlformats-officedocument.wordprocessingml.document","application/msword"}, unbounded = PropertyUnbounded.ARRAY, label = "MIME TYPE", cardinality = 50, description = "Multi field config for MIME Type")
private static final String KEY_MULTI_FIELD_PODSERVLET = "PODServlet.MIMEType";
@Activate protected void activate(@SuppressWarnings("rawtypes") final Map context) {
this.multiString = PropertiesUtil.toStringArray(context.get(KEY_MULTI_FIELD_PODSERVLET));
LOG.info("multiString----------@Ativate----------------->"+multiString);
....................
resolver = resolverFactory.getAdministrativeResourceResolver(null);
Session session = (Session) resolver.adaptTo(Session.class);
AssetManager assetManager = (AssetManager) resolver.adaptTo(AssetManager.class);
Asset asset = assetManager.getAssetForBinary(DamUtil.assetToBinaryPath(assetPath));
String mimeType = this.mimeTypeService.getMimeType(fileName);
for(int i=0;i<multiString.length;i++){
if(StringUtils.equals(mimeType, multiString[i]))
{
asset = assetManager.createAsset(assetPath, file1, mimeType, true);
Resource metadataRes = asset.adaptTo(Resource.class).getChild("jcr:content/metadata");
ModifiableValueMap map = metadataRes.adaptTo(ModifiableValueMap.class);
map.put("dc:podname", podname);
map.put("dc:actualDeliveryDate", actualDeliveryDate);
metadataRes.getResourceResolver().commit();
}
}
but when the check for security purpose , its stopping for .pdf and .docx, like it will upload the file but when tried to open it will throw an error message. but this is not happening for .doc file extension.
How can this be resolved ? Or is any other way to check for MIME_Type when third party user try to interrupt the content type and throw an error message ?
Regards,
Nandhini M
Views
Replies
Total Likes
Doesn;t this line of code return the MIME type?
tring mimeType = this.mimeTypeService.getMimeType(fileName);
Views
Replies
Total Likes
Hi Nandhini
@Property(value={"application/pdf", "application/vnd.openxmlformats-officedocument.wordprocessingml.document","application/ms word"},
Is there a space in ms word ? I assume it should be application/msword. Please check if this minor issue is causing problem?
Thanks
Veena
Views
Replies
Total Likes
Hi ,
No there is no space between ms word,
Views
Replies
Total Likes
Hi Nandhini,
You can find using api posted by others. Additionally some times asset might not have type set due to bug in cc app. You need to have additional custom logic to guess based on file extension.
Thanks,
Views
Replies
Total Likes
Hi,
Not sure about the real problem and get confuse with multiple questions.
let us know what is the real problem?
Regards,
Jitendra
Views
Replies
Total Likes
Hi,
I need to check the MIME_TYPE of the uploaded file. It should accept only 'pdf', 'docx' & 'doc'. From security purpose , through third party tools the CONTENT_TYPE(MIME_TYPE) is being changed and the request is forwarded, So the scenario will be like when i upload a file of type "application/pdf " and using thrid party tools I'm changing it to "image/png" so, in the sever side , this MIME_TYPE should not accept and reject it.
How can this be done in CQ
Thanks !
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies
Views
Like
Replies