How to delete .tmp file in fileupload struts2

Question

I have used file-upload (common fileuplod) in strtus-2.3.15.3 . There is one Form in my .jsp with multiple field with many diff type(t

Answer 1

You don't need Commons libraries for this, nor a Servlet.

You are using Struts2, so don't reinvent the wheel and use Actions and Interceptors.

You can find the code to upload multiple files with Struts2 in this exhaustive answer , and a little improvement by creating a custom object in this other answer.

I feel the need to link this nice answer from BalusC too, when talking about fileUpload through Servlet.

---

Let's come to your specific question: you are using a MonitoredDiskFileItemFactory, (you didn't specified which of the many implementations growing on the web, but it is likely that it is ->) a Subclass of the standard org.apache.commons.fileupload.disk.DiskFileItemFactory.

In the JavaDoc it is well explained that:

This implementation creates FileItem instances which keep their content either in memory, for smaller items, or in a temporary file on disk, for larger items. The size threshold, above which content will be stored on disk, is configurable, as is the directory in which temporary files will be created.

If not otherwise configured, the default configuration values are as follows:

• Size threshold is 10KB.
• Repository is the system default temp directory, as returned by System.getProperty("java.io.tmpdir").

NOTE: Files are created in the system default temp directory with predictable names. This means that a local attacker with write access to that directory can perform a TOUTOC attack to replace any uploaded file with a file of the attackers choice. The implications of this will depend on how the uploaded file is used but could be significant. When using this implementation in an environment with local, untrusted users, setRepository(File) MUST be used to configure a repository location that is not publicly writable. In a Servlet container the location identified by the ServletContext attribute javax.servlet.context.tempdir may be used.

Temporary files, which are created for file items, should be deleted later on. The best way to do this is using a FileCleaningTracker, which you can set on the DiskFileItemFactory. However, if you do use such a tracker, then you must consider the following: Temporary files are automatically deleted as soon as they are no longer needed. (More precisely, when the corresponding instance of File is garbage collected.) This is done by the so-called reaper thread, which is started automatically when the class FileCleaner is loaded. It might make sense to terminate that thread, for example, if your web application ends. See the section on "Resource cleanup" in the users guide of commons-fileupload.

From Commons FileUpload Documantation

Resource cleanup

This section applies only, if you are using the DiskFileItem. In other words, it applies, if your uploaded files are written to temporary files before processing them.

Such temporary files are deleted automatically, if they are no longer used (more precisely, if the corresponding instance of java.io.File is garbage collected. This is done silently by the org.apache.commons.io.FileCleaner class, which starts a reaper thread.

This reaper thread should be stopped, if it is no longer needed. In a servlet environment, this is done by using a special servlet context listener, called FileCleanerCleanup. To do so, add a section like the following to your web.xml:

  ...
  
    
      org.apache.commons.fileupload.servlet.FileCleanerCleanup
    
  
  ...

Creating a DiskFileItemFactory

The FileCleanerCleanup provides an instance of org.apache.commons.io.FileCleaningTracker. This instance must be used when creating a org.apache.commons.fileupload.disk.DiskFileItemFactory. This should be done by calling a method like the following:

public static DiskFileItemFactory newDiskFileItemFactory(ServletContext context
                                                           , File repository) {
    FileCleaningTracker fileCleaningTracker
          = FileCleanerCleanup.getFileCleaningTracker(context);
    DiskFileItemFactory factory
          = new DiskFileItemFactory(DiskFileItemFactory.DEFAULT_SIZE_THRESHOLD,
                                      repository);
    factory.setFileCleaningTracker(fileCleaningTracker);
    return factory;
}

Disabling cleanup of temporary files

To disable tracking of temporary files, you may set the FileCleaningTracker to null. Consequently, created files will no longer be tracked. In particular, they will no longer be deleted automatically.

Then you can:

1. set an higher threeshold, to keep everything in memory instead that using temporary files, or
2. follow Apache guidelines to properly wipe temporary files when they're not needed anymore.