[英]Java: Which is the best way to check a content-type and extension (mime) from a file?
The most performant way to validate a file that I upload via an endpoint.验证我通过端点上传的文件的最高效方式。
It should scan the bytes and not just compare the file extension.它应该扫描字节,而不仅仅是比较文件扩展名。
I know this link that helps me, but I don't know if those is deprecated:我知道这个链接对我有帮助,但我不知道这些链接是否已被弃用:
https://www.rgagnon.com/javadetails/java-0487.html https://www.rgagnon.com/javadetails/java-0487.html
Thanks in advance!提前致谢!
There is not a 100% foolproof way to validate the content a file uploaded to an endpoint contains.没有一种 100% 万无一失的方法来验证上传到端点的文件所包含的内容。 This is because a file is at the end of the day is just bytes which may or may not hold information about the metadata of the file (eg. malicious user, corrupted file etc) The best you can do is an attempt to guess the type of the file.这是因为文件在一天结束时只是字节,它可能包含也可能不包含有关文件元数据的信息(例如,恶意用户、损坏的文件等)您能做的最好的事情就是尝试猜测类型的文件。
You can use Apache Tika detection library as a dependency on your project.您可以使用Apache Tika 检测库作为项目的依赖项。 There is detailed documentation on how to do that in the link.链接中有有关如何执行此操作的详细文档。
You can also utilise the Content-Type
header from the HTTP request as an alternative way to detect the type of the file.您还可以利用 HTTP 请求中的Content-Type
header 作为检测文件类型的替代方法。 At least this is what I would do, let any API consumers select the proper Content Type and perform an attempt to parse the file using the given Content Type (if supported that is).至少这是我要做的,让任何 API 消费者 select 正确的内容类型,并尝试使用给定的内容类型(如果支持的话)解析文件。 If an exception occurs then it's most likely that:如果发生异常,则很可能是:
Of course you can further limit what your endpoints accept by using content-specific annotations such as @Consumes(MediaType.APPLICATION_XML)
but we are unable to provide any more help with the information provided.当然,您可以通过使用特定于内容的注释(例如@Consumes(MediaType.APPLICATION_XML)
进一步限制端点接受的内容,但我们无法就所提供的信息提供更多帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.