Jump to content
  • This documentation is an older version of JasperReports Server Security Guide. View the latest documentation.

    Several dialogs in JasperReports Server prompt the user to upload a file to the server. For performance and security reasons, you may want to restrict file uploads by name and size.

    The following setting is the global file upload limit for the entire server. Any single upload that exceeds this limit will trigger an error and a stack trace message. It's intended to be an absolute maximum to prevent a worse out-of-memory error that affects the entire server.

    Global File Size Upload Limit

    Configuration File

    …/WEB-INF/js.config.properties

    Property

    Value

    Description

    file.upload.max.size

    -1 <default>

    Maximum size in bytes allowed for any file upload. The default value, -1, means there is no limit to the file size, and a large enough file could cause an out-of-memory error in the JVM. Some file uploads such as importing through the UI are necessarily large and must be taken into account. Set this value larger than your largest expected import and smaller than your available memory.

    The following settings apply to most file upload dialogs in the UI, such as uploading a JRXML or a JAR file to create a JasperReport in the repository. These settings in the fileResourceValidator bean restrict the file size and the filename pattern.

    File Upload Restrictions

    Configuration File

    …/WEB-INF/flows/fileResourceBeans.xml

    Property

    Value

    Description

    maxFileSize

    -1 <default>

    Maximum size in bytes allowed for a file uploaded through most UI dialogs. If an upload exceed this limit, the server displays a helpful error message. The default value, -1, means there is no limit to the file size, and an upload could reach the global limit if set, or an out-of-memory error. Usually, files required in resources are smaller, and a limit of 10 MB is reasonable.

    fileNameRegexp ^.+$ <default> A regular expression that matches allowed file names. The default expression matches all filenames of one or more characters. A more restrictive expression such as [a-zA-Z0-9]{1,200}.[a-zA-Z0-9]{1,10} would limit uploads to alpha-numeric names with an extension.
    fileName
    ValidationMessageKey
    <null/> <default>

    The name of a Java property key whose value is a custom message to display when the uploaded filename does not match fileNameRegexp. For example, you could add the following line to WEB-INF/js.config.properties:

    my.filename.validation=The name of the uploaded filename must contain only alphanumeric characters and have a valid extension.

    The following setting restricts the extension of the uploaded file. The upload dialogs will browse only for files with the given extensions. Add or remove extensions to change the file type restrictions:

    File Upload Extensions

    Configuration File

    <jasperserver-pro-war>/scripts/resource.locate.js

    Property

    Value

    ALLOWED_FILE_
    RESOURCE_EXTENSIONS

    By default, the following extensions are allowed:

    "css", "ttf", "jpg", "jpeg", "gif", "bmp", "png", "jar", "jrxml", "properties", "jrtx", "xml", "agxml", "docx", "doc", "ppt", "pptx", "xls", "xlsx", "ods", "odt", "odp", "pdf", "rtf", "html"


    User Feedback

    Recommended Comments

    There are no comments to display.



    Guest
    This is now closed for further comments

×
×
  • Create New...