【spring mvc】文件上传、下载

文件上传，存储至本地目录中

- 一、代码
- - 1、工具类（敏感后缀过滤）
  - 2、文件上传，存储至本地
  - 3、文件下载
- 二、效果演示
- - 1、上传
  - - 1.1、postMan 请求
    - 1.2、上传效果
  - 2、下载
  - - 2.1、下载效果

一、代码

1、工具类（敏感后缀过滤）

java">
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.multipart.MultipartFile;import java.io.InputStream;
import java.util.HashMap;
import java.util.Iterator;/***  校验上传文件敏感后缀*/
public class FileTypeFilter {/**文件后缀*/private static String[] forbidType = {"jsp","php"};/**初始化文件头类型，不够的自行补充*/final static HashMap<String, String> FILE_TYPE_MAP = new HashMap<>();static {FILE_TYPE_MAP.put("3c25402070616765206c", "jsp");FILE_TYPE_MAP.put("3c3f7068700a0a2f2a2a0a202a205048", "php");/* fileTypeMap.put("ffd8ffe000104a464946", "jpg");fileTypeMap.put("89504e470d0a1a0a0000", "png");fileTypeMap.put("47494638396126026f01", "gif");fileTypeMap.put("49492a00227105008037", "tif");fileTypeMap.put("424d228c010000000000", "bmp");fileTypeMap.put("424d8240090000000000", "bmp");fileTypeMap.put("424d8e1b030000000000", "bmp");fileTypeMap.put("41433130313500000000", "dwg");fileTypeMap.put("3c21444f435459504520", "html");fileTypeMap.put("3c21646f637479706520", "htm");fileTypeMap.put("48544d4c207b0d0a0942", "css");fileTypeMap.put("696b2e71623d696b2e71", "js");fileTypeMap.put("7b5c727466315c616e73", "rtf");fileTypeMap.put("38425053000100000000", "psd");fileTypeMap.put("46726f6d3a203d3f6762", "eml");fileTypeMap.put("d0cf11e0a1b11ae10000", "doc");fileTypeMap.put("5374616E64617264204A", "mdb");fileTypeMap.put("252150532D41646F6265", "ps");fileTypeMap.put("255044462d312e350d0a", "pdf");fileTypeMap.put("2e524d46000000120001", "rmvb");fileTypeMap.put("464c5601050000000900", "flv");fileTypeMap.put("00000020667479706d70", "mp4");fileTypeMap.put("49443303000000002176", "mp3");fileTypeMap.put("000001ba210001000180", "mpg");fileTypeMap.put("3026b2758e66cf11a6d9", "wmv");fileTypeMap.put("52494646e27807005741", "wav");fileTypeMap.put("52494646d07d60074156", "avi");fileTypeMap.put("4d546864000000060001", "mid");fileTypeMap.put("504b0304140000000800", "zip");fileTypeMap.put("526172211a0700cf9073", "rar");fileTypeMap.put("235468697320636f6e66", "ini");fileTypeMap.put("504b03040a0000000000", "jar");fileTypeMap.put("4d5a9000030000000400", "exe");fileTypeMap.put("3c25402070616765206c", "jsp");fileTypeMap.put("4d616e69666573742d56", "mf");fileTypeMap.put("3c3f786d6c2076657273", "xml");fileTypeMap.put("494e5345525420494e54", "sql");fileTypeMap.put("7061636b616765207765", "java");fileTypeMap.put("406563686f206f66660d", "bat");fileTypeMap.put("1f8b0800000000000000", "gz");fileTypeMap.put("6c6f67346a2e726f6f74", "properties");fileTypeMap.put("cafebabe0000002e0041", "class");fileTypeMap.put("49545346030000006000", "chm");fileTypeMap.put("04000000010000001300", "mxp");fileTypeMap.put("504b0304140006000800", "docx");fileTypeMap.put("6431303a637265617465", "torrent");fileTypeMap.put("6D6F6F76", "mov");fileTypeMap.put("FF575043", "wpd");fileTypeMap.put("CFAD12FEC5FD746F", "dbx");fileTypeMap.put("2142444E", "pst");fileTypeMap.put("AC9EBD8F", "qdf");fileTypeMap.put("E3828596", "pwl");fileTypeMap.put("2E7261FD", "ram");*/}/*** @param fileName* @return String* @description 通过文件后缀名获取文件类型*/private static String getFileTypeBySuffix(String fileName) {return fileName.substring(fileName.lastIndexOf(".") + 1, fileName.length());}/*** 文件类型过滤** @param file*/public static void fileTypeFilter(MultipartFile file) throws Exception {String suffix = getFileType(file);for (String type : forbidType) {if (type.contains(suffix)) {throw new Exception("上传失败，非法文件类型：" + suffix);}}}/*** 通过读取文件头部获得文件类型** @param file* @return 文件类型* @throws Exception*/private static String getFileType(MultipartFile file) throws Exception {String fileExtendName = null;InputStream is;try {//is = new FileInputStream(file);is = file.getInputStream();byte[] b = new byte[10];is.read(b, 0, b.length);String fileTypeHex = String.valueOf(bytesToHexString(b));Iterator<String> keyIter = FILE_TYPE_MAP.keySet().iterator();while (keyIter.hasNext()) {String key = keyIter.next();// 验证前5个字符比较if (key.toLowerCase().startsWith(fileTypeHex.toLowerCase().substring(0, 5))|| fileTypeHex.toLowerCase().substring(0, 5).startsWith(key.toLowerCase())) {fileExtendName = FILE_TYPE_MAP.get(key);break;}}// 如果不是上述类型，则判断扩展名if (StringUtils.isBlank(fileExtendName)) {String fileName = file.getOriginalFilename();return getFileTypeBySuffix(fileName);}is.close();return fileExtendName;} catch (Exception exception) {throw new Exception(exception.getMessage(), exception);}}/*** 获得文件头部字符串** @param src* @return*/private static String bytesToHexString(byte[] src) {StringBuilder stringBuilder = new StringBuilder();if (src == null || src.length <= 0) {return null;}for (int i = 0; i < src.length; i++) {int v = src[i] & 0xFF;String hv = Integer.toHexString(v);if (hv.length() < 2) {stringBuilder.append(0);}stringBuilder.append(hv);}return stringBuilder.toString();}
}

2、文件上传，存储至本地

java">import lombok.extern.slf4j.Slf4j;
import org.apache.tomcat.util.buf.HexUtils;import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.FileCopyUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;import javax.servlet.http.HttpServletRequest;
import java.io.*;
import java.security.MessageDigest;
import java.text.SimpleDateFormat;
import java.util.Date;@Slf4j
@RestController
@RequestMapping("/file")
public class FileUploadController {private static String FILE_NAME_REGEX = "[^A-Za-z\\.\\(\\)\\-（）\\_0-9\\u4e00-\\u9fa5]";/*** 文件上传统一方法*/@Transactional@PostMapping(value = "/upload")public String upload(HttpServletRequest request) {MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;// 获取上传文件对象MultipartFile file = multipartRequest.getFile("file");if (file == null) {throw new NullPointerException("请选择文件上传！");}// todo 文件名称：从流里面取String fileName = file.getOriginalFilename();try {// 过滤上传文件类型FileTypeFilter.fileTypeFilter(file);// todo 计算哈希值，校验是否重复上传：大文件请关闭MessageDigest md5 = MessageDigest.getInstance("MD5");byte[] digest = md5.digest(file.getBytes());String fileMd5 = HexUtils.toHexString(digest);if (fileMd5.equals("xxxxxxxx")) {// ......}// 获取文件后缀int begin = fileName.lastIndexOf(".");String fileSuffix = fileName.substring(begin + 1);log.info("文件名称：{}", fileName);log.info("文件大小：{}", file.getBytes().length);log.info("文件类型：{}", file.getContentType());log.info("文件md5 算法：{}", fileMd5);log.info("文件后缀：{}", fileSuffix);// todo 文件存储 主路径String filePath = "/opt/test";// todo 进行存储File upFile = uploadLocal(file, filePath);if (upFile == null) {return "上传存储失败";}String savePath = upFile.getPath().replace("\\", "/");log.info("【存储】文件目录：{}", upFile.getName());log.info("【存储】文件路径：{}", savePath);return "成功";} catch (Exception e) {return "失败";}}/*** 本地文件上传** @param mf      文件* @param bizPath 自定义路径* @return 文件流*/private File uploadLocal(MultipartFile mf, String bizPath) {String toDay = new SimpleDateFormat("yyyy-MM-dd").format(new Date());try {String ctxPath = "";String fileName;String fileDir = ctxPath + File.separator + bizPath + File.separator + toDay;File file = new File(fileDir);if (!file.exists()) {// 创建文件根目录file.mkdirs();}log.info("上传目录：{}", file.getPath());// 获取文件名String orgName = mf.getOriginalFilename();if (!StringUtils.hasText(orgName)) {throw new NullPointerException("请选择文件上传！");}orgName = getFileName(orgName);if (orgName.contains(".")) {fileName = orgName.substring(0, orgName.lastIndexOf(".")) + "_" + System.currentTimeMillis() + orgName.substring(orgName.lastIndexOf("."));} else {fileName = orgName + "_" + System.currentTimeMillis();}String savePath = file.getPath() + File.separator + fileName;File saveFile = new File(savePath);FileCopyUtils.copy(mf.getBytes(), saveFile);return saveFile;} catch (IOException e) {log.error(e.getMessage(), e);}return null;}/*** 判断文件名是否带盘符，重新处理** @param fileName* @return*/public static String getFileName(String fileName) {//判断是否带有盘符信息int unixSep = fileName.lastIndexOf('/');// Check for Windows-style pathint winSep = fileName.lastIndexOf('\\');// Cut off at latest possible pointint pos = (winSep > unixSep ? winSep : unixSep);if (pos != -1) {// Any sort of path separator found...fileName = fileName.substring(pos + 1);}//替换上传文件名字的特殊字符fileName = fileName.replace("=", "").replace(",", "").replace("&", "").replace("#", "").replace("“", "").replace("”", "");//替换上传文件名字中的空格fileName = fileName.replaceAll("\\s", "");fileName = fileName.replaceAll(FILE_NAME_REGEX, "");return fileName;}}

3、文件下载

import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;import javax.servlet.http.HttpServletResponse;
import java.io.*;
import java.net.URLEncoder;@Slf4j
@RestController
@RequestMapping("/file")
public class FileDownloadController {@GetMapping(value = "/download")public void download(String loadType, HttpServletResponse response) {// 文件路径String filePath = "/opt/test/xxxx-xx-xx";// 文件名称String fileName = "1 - 副本.JPG";// 文件类型String contentType = "image/png";// 文件大小Integer fileSize = 17408;fileLoad(response, filePath, fileName, contentType, fileSize, loadType);}public void fileLoad(HttpServletResponse response, String filePath, String fileName, String contentType, Integer fileSize, String loadType) {File file = new File(filePath);if (!file.exists()) {response.setStatus(404);throw new RuntimeException("文件[" + fileName + "]不存在..");}InputStream inputStream = null;OutputStream outputStream = null;// 其余处理略try {inputStream = new BufferedInputStream(new FileInputStream(filePath));log.info("下载文件,{}，大小：{}.kb", fileName, fileSize / 1024);// 设置强制下载不打开response.setContentType(contentType);String dis = "1".equals(loadType) ? "attachment" : "inline";response.addHeader("Content-Disposition", dis + ";fileName=" + URLEncoder.encode(fileName, "UTF-8"));response.addHeader("content-length", String.valueOf(fileSize));outputStream = response.getOutputStream();byte[] buf = new byte[1024];int len;while ((len = inputStream.read(buf)) > 0) {outputStream.write(buf, 0, len);}response.flushBuffer();} catch (IOException e) {log.error("读取文件失败" + e.getMessage());response.setStatus(404);e.printStackTrace();} finally {if (inputStream != null) {try {inputStream.close();} catch (IOException e) {log.error(e.getMessage(), e);}}if (outputStream != null) {try {outputStream.close();} catch (IOException e) {log.error(e.getMessage(), e);}}}}}