package egovframework.com.cmm.util; import java.io.File; import java.io.InputStream; import java.util.ArrayList; import java.util.Iterator; import java.util.List; import javax.servlet.http.HttpServletRequest; import org.springframework.web.multipart.MultipartFile; import org.springframework.web.multipart.MultipartHttpServletRequest; /** * @Class Name : EgovFileUploadUtil.java * @Description : Spring 기반 File Upload 유틸리티 * @Modification Information * * 수정일 수정자 수정내용 * ---------- -------- --------------------------- * 2009.08.26 한성곤 최초 생성 * 2018.08.17 신용호 uploadFilesExt(확장자 기록) 추가 * * @author 공통컴포넌트 개발팀 한성곤 * @since 2009.08.26 * @version 1.0 * @see */ public class EgovFileUploadUtil extends EgovFormBasedFileUtil { /** * 파일을 Upload 처리한다. * * @param request * @param where * @param maxFileSize * @return * @throws Exception */ public static List uploadFiles(HttpServletRequest request, String where, long maxFileSize) throws Exception { List list = new ArrayList(); MultipartHttpServletRequest mptRequest = (MultipartHttpServletRequest) request; Iterator fileIter = mptRequest.getFileNames(); while (fileIter.hasNext()) { MultipartFile mFile = mptRequest.getFile((String) fileIter.next()); EgovFormBasedFileVo vo = new EgovFormBasedFileVo(); String tmp = mFile.getOriginalFilename(); if (tmp.lastIndexOf("\\") >= 0) { tmp = tmp.substring(tmp.lastIndexOf("\\") + 1); } vo.setFileName(tmp); vo.setContentType(mFile.getContentType()); vo.setServerSubPath(getTodayString()); vo.setPhysicalName(getPhysicalFileName()); vo.setSize(mFile.getSize()); if (tmp.lastIndexOf(".") >= 0) { vo.setPhysicalName(vo.getPhysicalName()); // 2012.11 KISA 보안조치 } if (mFile.getSize() > 0) { InputStream is = null; try { is = mFile.getInputStream(); saveFile(is, new File(EgovWebUtil.filePathBlackList(where + SEPERATOR + vo.getServerSubPath() + SEPERATOR + vo.getPhysicalName()))); } finally { if (is != null) { is.close(); } } list.add(vo); } } return list; } /** * 파일을 Upload(확장명 저장 및 확장자 제한) 처리한다. * * @param request * @param where * @param maxFileSize * @return * @throws Exception */ public static List uploadFilesExt(HttpServletRequest request, String where, long maxFileSize, String extensionWhiteList) throws Exception { List list = new ArrayList(); MultipartHttpServletRequest mptRequest = (MultipartHttpServletRequest) request; Iterator fileIter = mptRequest.getFileNames(); while (fileIter.hasNext()) { List mFiles = mptRequest.getFiles((String) fileIter.next()); for(MultipartFile mFile : mFiles) { EgovFormBasedFileVo vo = new EgovFormBasedFileVo(); String uploadName = mFile.getName(); String tmp = mFile.getOriginalFilename(); if("".equals(tmp) || tmp == null) continue; //파일 이름이 없으면 패스 if (tmp.lastIndexOf("\\") >= 0) { tmp = tmp.substring(tmp.lastIndexOf("\\") + 1); } String ext = ""; if ( tmp.lastIndexOf(".") > 0 ) ext = getFileExtension(tmp).toLowerCase(); else throw new SecurityException("Unacceptable file extension."); // 허용되지 않는 확장자 처리 if ( extensionWhiteList.indexOf(ext) < 0 ) throw new SecurityException("Unacceptable file extension."); // 허용되지 않는 확장자 처리 vo.setFileUploadName(uploadName); vo.setFileName(tmp); vo.setContentType(mFile.getContentType()); vo.setServerSubPath(getTodayString()); vo.setPhysicalName(getPhysicalFileName()+"_"+tmp); //기존 파일명 저장 방식으로 인하여 원본 파일명 추가 vo.setSize(mFile.getSize()); if (tmp.lastIndexOf(".") >= 0) { vo.setPhysicalName(vo.getPhysicalName()); // 2012.11 KISA 보안조치 } if (mFile.getSize() > 0) { InputStream is = null; try { is = mFile.getInputStream(); saveFile(is, new File(EgovWebUtil.filePathBlackList(where + SEPERATOR + vo.getPhysicalName()))); } finally { if (is != null) { is.close(); } } list.add(vo); } } } return list; } /** * 파일 확장자를 추출한다. * * @param fileNamePath * @return */ public static String getFileExtension(String fileNamePath) { String ext = fileNamePath.substring(fileNamePath.lastIndexOf(".") + 1,fileNamePath.length()); return (ext == null) ? "" : ext; } }