Restricting File Uploads
Several dialogs in JasperReports Server prompt the user to upload a file to the server. For performance and security reasons, you may want to restrict file uploads by name and size.
The following setting is the global file upload limit for the entire server. Any single upload that exceeds this limit triggers an error and a stack trace message. It is intended to be an absolute maximum to prevent a worse out-of-memory error that affects the entire server.
Global File Size Upload Limit |
||
Configuration File |
||
…/WEB-INF/js.config.properties |
||
Property |
Value |
Description |
---|---|---|
|
|
Maximum size in bytes allowed for any file upload. The default value, -1, means that there is no limit to the file size, and a large enough file could cause an out-of-memory error in the JVM. Some file uploads such as importing through the UI are necessarily large and must be considered. Set this value larger than your largest expected import and smaller than your available memory. |
The following settings apply to most file upload dialogs in the UI, such as uploading a JRXML or a JAR file to create a JasperReport in the repository. These settings in the fileResourceValidator
bean restrict the file size and the filename pattern.
File Upload Restrictions |
||
Configuration File |
||
…/WEB-INF/flows/fileResourceBeans.xml |
||
Property |
Value |
Description |
---|---|---|
|
|
The maximum size in bytes allowed for a file uploaded through most UI dialogs. If an upload exceeds this limit, the server displays a helpful error message. The default value, -1, means that there is no limit to the file size, and an upload could reach the global limit if set, or an out-of-memory error. Usually, the files required in resources are smaller, and a limit of 10 MB is reasonable. |
fileNameRegexp
|
^.+$ <default> |
A regular expression that matches allowed file names. The default expression matches all filenames of one or more characters. A more restrictive expression such as [a-zA-Z0-9]{1,200}\.[a-zA-Z0-9]{1,10} would limit uploads to alpha-numeric names with an extension. |
fileName
|
<null/> <default> |
The name of a Java property key whose value is a custom message to display when the uploaded filename does not match
|
The following setting restricts the extension of the uploaded file for the sub flows, when adding files to a composite resource like reports, for example, Add Resource > JasperReport. The upload dialog searches for files with the given extensions only.
File Upload Extensions |
||
Configuration File |
||
<jasperserver-pro-war>/scripts/resource.locate.js |
||
Property |
Value |
|
---|---|---|
|
By default, the following extensions are allowed:
Add or remove extensions to change the file type restrictions. |
The following setting restricts the extension of the uploaded file for adding individual files to the repository (for example, Add Resource > File > JRXML). The upload dialog browses only for files with the extensions that are mapped to resource types.
File Upload Extensions |
||
Configuration File |
||
<jasperserver-pro-war>/scripts/resource.add.files.js |
||
Property |
Value |
|
---|---|---|
|
This property specifies the mapping of resource types to the file extensions. For example: Add or remove extensions to change the file type restrictions. |
Recommended Comments
There are no comments to display.