堆栈内存溢出
  简体   繁体   English

Java:从文件中检查内容类型和扩展名(mime)的最佳方法是什么?

[英]Java: Which is the best way to check a content-type and extension (mime) from a file?

 原文  2022-01-28 17:55:30       java/ mime-types/ content-type

问题描述

The most performant way to validate a file that I upload via an endpoint.验证我通过端点上传的文件的最高效方式。

It should scan the bytes and not just compare the file extension.它应该扫描字节,而不仅仅是比较文件扩展名。

I know this link that helps me, but I don't know if those is deprecated:我知道这个链接对我有帮助,但我不知道这些链接是否已被弃用:

https://www.rgagnon.com/javadetails/java-0487.html https://www.rgagnon.com/javadetails/java-0487.html

Thanks in advance!提前致谢!

1 个解决方案

解决方案1
 0  2022-01-28 19:34:13

There is not a 100% foolproof way to validate the content a file uploaded to an endpoint contains.没有一种 100% 万无一失的方法来验证上传到端点的文件所包含的内容。 This is because a file is at the end of the day is just bytes which may or may not hold information about the metadata of the file (eg. malicious user, corrupted file etc) The best you can do is an attempt to guess the type of the file.这是因为文件在一天结束时只是字节,它可能包含也可能不包含有关文件元数据的信息(例如,恶意用户、损坏的文件等)您能做的最好的事情就是尝试猜测类型的文件。

You can use Apache Tika detection library as a dependency on your project.您可以使用Apache Tika 检测库作为项目的依赖项。 There is detailed documentation on how to do that in the link.链接中有有关如何执行此操作的详细文档。

You can also utilise the Content-Type header from the HTTP request as an alternative way to detect the type of the file.您还可以利用 HTTP 请求中的Content-Type header 作为检测文件类型的替代方法。 At least this is what I would do, let any API consumers select the proper Content Type and perform an attempt to parse the file using the given Content Type (if supported that is).至少这是我要做的,让任何 API 消费者 select 正确的内容类型,并尝试使用给定的内容类型(如果支持的话)解析文件。 If an exception occurs then it's most likely that:如果发生异常,则很可能是:

  1. There is a bug in the parsing method you are using or您正在使用的解析方法中存在错误或
  2. The Content-Type didn't match the actual content of the file. Content-Type 与文件的实际内容不匹配。

Of course you can further limit what your endpoints accept by using content-specific annotations such as @Consumes(MediaType.APPLICATION_XML) but we are unable to provide any more help with the information provided.当然,您可以通过使用特定于内容的注释(例如@Consumes(MediaType.APPLICATION_XML)进一步限制端点接受的内容,但我们无法就所提供的信息提供更多帮助。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 有没有办法从Java中的文件扩展名生成Content-Type标头? - is there a way to generate a Content-Type header from a file extension in Java? Java:一种将 Mime(内容)类型与 CommonsMultipartFile 中的文件扩展名匹配的方法 - Java: A way to match Mime (content) type to file extension from CommonsMultipartFile 无法在Java Servlet中设置Content-Type / MIME-type - Cannot set Content-Type / MIME-type in java servlet 在Java 8中获取java.io.File MIME类型的最佳方法 - Best way to get java.io.File MIME Type in java 8 如何从Java中的MIME类型确定适当的文件扩展名 - How to determine appropriate file extension from MIME Type in Java Java中的分段文件上传检查MIME类型 - multipart file upload check mime type in java Jersey:根据文件扩展名或InputStream设置响应内容类型? - Jersey: Set response content-type based on file extension or InputStream? InvalidMimeTypeException:无效的 MIME 类型“{Content-Type}”:不包含“/” - InvalidMimeTypeException: Invalid mime type "{Content-Type}": does not contain '/' 是否可以使用文件的内容类型来确定Java中的文件类型? - Is it possible to use the content-type of a file to determine its filetype in Java? Jarsigner(MIME Con​​tent-Type不是application / timestamp-reply) - Jarsigner (MIME Content-Type is not application/timestamp-reply)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM