开发者

How do you configure a MultipartResolver for a different maxUploadSize for a regular user vs. an admin?

I can define a MultipartResolver like this with a maxUploadSize of 10K (10000 bytes):

<bean id="multipartResolver"
    class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
    <property name="maxUploadSize" value="10000"/>
</bean

However, if the admin needs to upload some large files via the admin interface which exceed this limit, the app needs to be temporarily re-configured to allow this - and then re-configured again to make sure regular users don't exceed this limit.

While this is happening, of course, a regular user could potentially sneak a large file in without receiving a warning.

Is there a way to configure the res开发者_如何学Pythonolver to use a different maxUploadSize in these two situations?


The simplest method is to use differently-configured implementations of the bean for admins instead of for normal users. The most elegant way of doing that is to have a Spring 3.0 @Configuration bean that produces a session-scoped bean instance (I add a scoped proxy below as well, in case you're not using it in a session-scoped bean; otherwise you could just use a simpler annotation like this: @Scope(WebApplicationContext.SCOPE_SESSION)).

@Configuration
public class MultipartResolverBuilder {
    @Bean @Scope(value = WebApplicationContext.SCOPE_SESSION,
           proxyMode = ScopedProxyMode.TARGET_CLASS)
    public CommonsMultipartResolver getMultipartResolver() {
        CommonsMultipartResolver mr = new CommonsMultipartResolver();
        if (user_is_not_admin) {
            mr.setMaxUploadSize(10000);
        }
        return mr;
    }
}

You'll need to add the code to determine whether the user is an admin or not, of course, and you'll need to add in support for scanning for annotation-based configuration (if you've not already got it; <context:annotation-config/>/<context:component-scan .../> are pretty common things to have).


You might need to create two multipartResolver beans, one for normal users and one for admins. In your app you can pick which bean to use based on the user's role.


How about resolve this problem with business logic? Just set the maxUploadSize value enough to the admin, and check if the user is admin or not and the file's size.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜