This post is in response to a query regarding using Symantec to automatically virus scan files uploaded to a WebMaker application.
You can find some details on how to configure file uploads within WebMaker applications in this existing forum thread.
This thread doesn't provide a project export however, and also considers areas that may not be required, eg saving files out temporarily for display.
To simplify things, I have attached a project export (for WebMaker 8+) for a simple file upload example. Like the other thread this deals with uploading and displaying images, but in this case the image data is base64 encoded into the XML, and then shown using a data URI. As a result, the image never needs to be saved out to the file system which makes it a simpler approach.
You should be able to simply import this project and then use Run Test to test the behaviour.
Once you have a working file upload process, the next step is to integrate your chosen anti virus library.
In the case of Symantec, from a quick search I think using the Symantec Scan Engine or Protection Engine would be best as they both seem to provide Java APIs.
The code you would need to alter is the processInput method of the FileUploadTestPlugin.java file used in these examples. (This can be found within the webapp/WEB-INF/src directory of the attached project when imported. In addition there is a simple ant build script for compiling any changes.)
Currently this retrieves the contents of the uploaded file and base64 encodes it for inclusion in the data. (See line 51.) You would need to communicate with the virus scanner before this point.
The contents of the file can be retrieved either as a byte array via the FileItem get() method (as in the current example) or via an InputStream by using getInputStream().
(See https://commons.apache.org/proper/commons-fileupload/apidocs/org/apache/commons/fileupload/FileItem.html for details.)
The exact approach you need will depend on the specific API requirements for the virus scan call.
Unfortunately I haven't used Symantec before so I don't have access to this information to be able to provide any more details.
Once the scan has completed, if the file was ok, you could continue with the existing code to add the contents to the XML message. If not, you will likely want to add an appropriate message to the data instead that can then be detected and displayed on screen.
I hope this provides some useful pointers to get started with this area.
Regards,
Gerard
You can find some details on how to configure file uploads within WebMaker applications in this existing forum thread.
This thread doesn't provide a project export however, and also considers areas that may not be required, eg saving files out temporarily for display.
To simplify things, I have attached a project export (for WebMaker 8+) for a simple file upload example. Like the other thread this deals with uploading and displaying images, but in this case the image data is base64 encoded into the XML, and then shown using a data URI. As a result, the image never needs to be saved out to the file system which makes it a simpler approach.
You should be able to simply import this project and then use Run Test to test the behaviour.
Once you have a working file upload process, the next step is to integrate your chosen anti virus library.
In the case of Symantec, from a quick search I think using the Symantec Scan Engine or Protection Engine would be best as they both seem to provide Java APIs.
The code you would need to alter is the processInput method of the FileUploadTestPlugin.java file used in these examples. (This can be found within the webapp/WEB-INF/src directory of the attached project when imported. In addition there is a simple ant build script for compiling any changes.)
Currently this retrieves the contents of the uploaded file and base64 encodes it for inclusion in the data. (See line 51.) You would need to communicate with the virus scanner before this point.
The contents of the file can be retrieved either as a byte array via the FileItem get() method (as in the current example) or via an InputStream by using getInputStream().
(See https://commons.apache.org/proper/commons-fileupload/apidocs/org/apache/commons/fileupload/FileItem.html for details.)
The exact approach you need will depend on the specific API requirements for the virus scan call.
Unfortunately I haven't used Symantec before so I don't have access to this information to be able to provide any more details.
Once the scan has completed, if the file was ok, you could continue with the existing code to add the contents to the XML message. If not, you will likely want to add an appropriate message to the data instead that can then be detected and displayed on screen.
I hope this provides some useful pointers to get started with this area.
Regards,
Gerard
Attachment
RE: Virus scanning uploaded files
If you import and open up this project you will see that it just has a single page within it called MainForm. From this page there is a single 'uploadImage' action that will cause the page to be redisplayed, after processing in two different controllers. In this example, these controllers do not have any processing in them, but this would likely need to be changed for a complete solution.
The MainForm page itself is split into two sections. The top section allows selecting the image file to upload, and the bottom section will display this image if present.
As mentioned in the linked forum post (http://www.hyfinity.com/node/105 a custom field needs to be used to insert the actual file upload control, and set the encoding type of the form accordingly. On this page you can see this content in the 'custom_control' field within the top 'form_content' group. The 'uploadBtn' then has a simple event to submit the form to the 'uploadImage' action when it is pressed.
With these changes, when this form is submitted, the browser will make a multi part request to the server to handle the file upload. This requires an additional ServletFilter to be configured on the server so that this type of request can be handled. You can see this Filter definition in the web.xml file which can be found in the ..../users/user1/<wokspace>/mvc/<project>/webapp/WEB-INF directory. This maps the filter to the main Servlet so that every request to the application will be processed by the filter to check if it contains uploaded files.
The work to actually process the file contents is done in the custom XGate Plugin. This is enabled by adding an entry to the xgate.xml configuration file, which you can find in the ..../users/user1/<wokspace>/mvc/<project>/webapp/doc directory. Once enabled, each XGate plugin will be called on every request to the server. The processInput method will be called before the request has been passed to the main platform (ie before the Controller is called) and the processOutput method will be called after the response has been determined, but before it is sent back to the browser. (Please see the documentation for more details)
For this particular example, the plugin code is within the FileUploadTestPlugin.java file under .../WEB-INF/src, and you can see from this that the first thing this does is to check if the incoming request contains a file upload (line 37). If so, this loops through each file in the request (line 43 - although there will only ever be one in this simple example), and converts the file contents to a base64 encoded string (line 51).
The code then creates new elements in the XML message that will be passed on to the controller to contain the encoded file string (line 52), it's content type (line 60), and the filename (line 65)
As mentioned above, you would need to add the required custom virus scanning etc code before the file contents are encoded and inserted into the message.
When you run the application, you can use the Debugger tab in the studio to see how this data ends up in the XML message. If you set the Platform logging level to 'Debug' you will get some additional log entries after every XGate plugin is processed.
The final part of this example project is redisplaying the uploaded images. The image contents are now present in the data as a base64 encoded string, so can be redisplayed using an image control with an appropriate custom data URI. On the MainForm page it is the 'image' field that does this. You can see how the URI is constructed from the file type and contents values by looking at the Bindings tab for this field.
I hope these extra details are useful.
Please let me know if anyone has any questions on this.
Regards,
Gerard
RE: Virus scanning uploaded files
where is the uploadImage action is defined and what does it do
i have followed rest of the steps, just this part is grey area
regards
noor syed
RE: Virus scanning uploaded files
The actions are the lines shown on the Application Map diagram, and indicate the flow of the application between pages and controllers.
In this particular project, you should be able to see that the 'uploadImage' action goes from the MainForm page to the SaveForm controller. From here the 'redisplayData' action will be followed to the PrepareForm controller, and finally the 'displayForm' action will be followed to cause the MainForm page to be redisplayed.
The uploadBtn control on the MainForm has an event defined for it to submit the form to the uploadImage action. What this means is that when the button is clicked the form data will be submitted to the server, and the action tells us that the data will be sent to the SaveForm controller.
The name of the action that has been triggered will also be present in the control section of the XML data. This means that it can be used in Rule conditions to make decisions in more complicated scenarios where multiple actions can go the same controller.
The XGate plugin processing that we've talked about above will take place after the request has reached the server, but before the controller has been called.
When a plugin is enabled, this is for all actions not just a specific one, but if required the action name could be checked in the Java code to restrict processing to a particular action.
I hope this helps.
Regards,
Gerard
RE: Virus scanning uploaded files
I have set the action in the xml as in the project (calling_saveNewForm_action.xml), here my action name is saveNewForm
<?xml version="1.0" encoding="UTF-8"?> <eForm xmlns="http://www.hyfinity.com/mvc" xmlns:mvc="http://www.hyfinity.com/mvc" xmlns:fm="http://www.hyfinity.com/formmaker" xmlns:xfact="http://www.hyfinity.com/xfactory" xmlns:xg="http://www.hyfinity.com/xgate" > <Control> <action>saveNewForm</action> <Page /> <Controller /> </Control> </eForm>but still I'm not clear how the custom puglin in xgate.xml is being invoked
<custom_plugins> <custom_plugin name="test file upload" priority="10" runtime_instance="com.test.FileUploadTestPlugin" /> </custom_plugins>[/align]
RE: Virus scanning uploaded files
You should not need to set the action name in the XML documents. This should be defaulted correctly for you, but regardless of what is in the XML document, at runtime the action element under Control will always contain the correct name of the action that was invoked.
Adding that entry to the xgate.xml file is all that you should need to do to get the plugin invoked.
As I mentioned, the plugins apply to all actions, so there aren't any action specific settings to make. Every plugin listed will be called for every incoming request.
Are you not seeing the plugin code executed? If you set the platform log level to debug what logs are you seeing? There should be an initial entry saying 1 plugin has been initialised, and then additional entries showing the data after the plugin has been executed. If you are not seeing these, are there any errors being logged?
Regards,
Gerard