SlideShare una empresa de Scribd logo

Enhanced File Upload

Descargar como PPT, PDF
D
dmitry_krivaltsevich

Presentation for my workshop on topic \'Enhanced File Upload\'

1 de 26
Enhanced File Upload Dmitry Krivaltsevich
Agenda What we will talk about: • How to upload files to the server • Java security model. Escape from the sandbox • POST-requests. Chunked or fixed-length? • Multi threaded applet VS single threaded JS
HTML4. Form submit
HTML4. Form submit hidden iframe Implementation: form target
HTML4. Form submit Pros: • Native • Easy to implement Cons: • Multiple file selection: not supported • Directory traversal: not supported • Drag & Drop from FS: not supported
HTML5. JS (File API + AJAX) Google use it for Google docs
HTML5. JS (File API + AJAX)
HTML5. JS (File API + AJAX) Implementation: • <input type="file" multiple=""/> • File API Pros: • Multiple file selection • One input field for all files • Pre-processing files on client side Cons: • Firefox 3.6.*: several implementation issues • IE: not supported • Directory traversal: not supported
Flash uploader Facebook
Flash uploader Implementation: • Embedded flash-object Pros: • Multiple file selection • Various browsers: flash-plugin required Cons: • Directory traversal: not supported
Java applet ABC app Google docs
Java applet HTML template
Java applet HTML template HTTP-Only cookies
Java security model Local or remote code (usigned / signed) Security policy Classloader Sandbox JVM Valuable resources (files, etc)
Escape from the sandbox Signing • Create keystore • Create private key • Create signed/self-signed certificate • Sign applet
Escape from the sandbox Create key and certificate Sign JAR
Escape from the sandbox Signing in ant
Escape from the sandbox Signing in maven
Escape from the sandbox
HTTP-POST Request 2 1 1 3 4 1 1 Boundary 2 Fixed-Length 4 Filename and directory path 3 Field name
Transfer-Encoding: chunked Example Explanation
Drag & Drop
Applet – JavaScript interactions
Multi threaded applet VS single threaded JS JS JVM queue Thread #3 Thread #3 Thread #1 Thread #1 Thread #2 Thread #3 Thread #2 JS Thread #1 Thread #1
Upload applet Implementation: • Java-applet Pros: • Multiple file and directories selection • Directory traversal • Drag & drop directly from File System Cons: • Java & Java plugin required • Mac OS X: works only in Safari
Do you have any questions? Thanks!

Recomendados

Eureka Moment UKLUG
Eureka Moment UKLUGEureka Moment UKLUG
Eureka Moment UKLUGPaul Withers
 
Infinum Android Talks #09 - DBFlow ORM
Infinum Android Talks #09 - DBFlow ORMInfinum Android Talks #09 - DBFlow ORM
Infinum Android Talks #09 - DBFlow ORMInfinum
 
Anuj java 11th batch_7 am pst
Anuj java 11th batch_7 am pstAnuj java 11th batch_7 am pst
Anuj java 11th batch_7 am pstNarendrareddyAvulaLI
 
Social Connections 2015 CrossWorlds and Domino
Social Connections 2015 CrossWorlds and DominoSocial Connections 2015 CrossWorlds and Domino
Social Connections 2015 CrossWorlds and DominoPaul Withers
 
Kohana 3.1
Kohana 3.1Kohana 3.1
Kohana 3.1Kemal Delalić
 
Java
JavaJava
JavaQUAID-E-AWAM UNIVERSITY OF ENGINEERING, SCIENCE & TECHNOLOGY, NAWABSHAH, SINDH, PAKISTAN
 
Robotframework
RobotframeworkRobotframework
RobotframeworkElla Sun
 
JSF2
JSF2JSF2
JSF2Alex Tumanoff
 

Recomendados

Eureka Moment UKLUG
Eureka Moment UKLUGEureka Moment UKLUG
Eureka Moment UKLUGPaul Withers
 
Infinum Android Talks #09 - DBFlow ORM
Infinum Android Talks #09 - DBFlow ORMInfinum Android Talks #09 - DBFlow ORM
Infinum Android Talks #09 - DBFlow ORMInfinum
 
Anuj java 11th batch_7 am pst
Anuj java 11th batch_7 am pstAnuj java 11th batch_7 am pst
Anuj java 11th batch_7 am pstNarendrareddyAvulaLI
 
Social Connections 2015 CrossWorlds and Domino
Social Connections 2015 CrossWorlds and DominoSocial Connections 2015 CrossWorlds and Domino
Social Connections 2015 CrossWorlds and DominoPaul Withers
 
Kohana 3.1
Kohana 3.1Kohana 3.1
Kohana 3.1Kemal Delalić
 
Java
JavaJava
JavaQUAID-E-AWAM UNIVERSITY OF ENGINEERING, SCIENCE & TECHNOLOGY, NAWABSHAH, SINDH, PAKISTAN
 
Robotframework
RobotframeworkRobotframework
RobotframeworkElla Sun
 
JSF2
JSF2JSF2
JSF2Alex Tumanoff
 
Java intro
Java introJava intro
Java introSonam Sharma
 
RIBBUN SOFTWARE
RIBBUN SOFTWARERIBBUN SOFTWARE
RIBBUN SOFTWAREmosewoodward24
 
Java01
Java01Java01
Java01Remon Hanna
 
Eureka moment
Eureka momentEureka moment
Eureka momentPaul Withers
 
Growing an ecosystem on the JVM
Growing an ecosystem on the JVMGrowing an ecosystem on the JVM
Growing an ecosystem on the JVMIulian Dragos
 
java-corporate-training-institute-in-mumbai
java-corporate-training-institute-in-mumbaijava-corporate-training-institute-in-mumbai
java-corporate-training-institute-in-mumbaiUnmesh Baile
 
Hey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the ProblemHey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the ProblemColdFusionConference
 
Java introduction by lara technologies
Java introduction by lara technologiesJava introduction by lara technologies
Java introduction by lara technologiestechnologieslara
 
JAVA FEATURES
JAVA FEATURESJAVA FEATURES
JAVA FEATURESshalinikarunakaran1
 
Java
JavaJava
JavaMariappans13
 
Beyond the Basics 4 MongoDB Security and Authentication
Beyond the Basics 4 MongoDB Security and AuthenticationBeyond the Basics 4 MongoDB Security and Authentication
Beyond the Basics 4 MongoDB Security and AuthenticationMongoDB
 
Road Trip To Component
Road Trip To ComponentRoad Trip To Component
Road Trip To ComponentMarketa Adamova
 
Java Programming Important Topics
Java Programming Important Topics Java Programming Important Topics
Java Programming Important Topics SANJAYMANVATKAR1
 
Introduction to Dependency Injection
Introduction to Dependency InjectionIntroduction to Dependency Injection
Introduction to Dependency InjectionSolTech, Inc.
 
Maven
Maven Maven
Maven Khan625
 
Features of java
Features of javaFeatures of java
Features of javaWILLFREDJOSE W
 
What is the taste of the Selenide
What is the taste of the SelenideWhat is the taste of the Selenide
What is the taste of the SelenideRoman Marinsky
 
Automatic functional testing easier than you thought Bartosz Cisek
Automatic functional testing easier than you thought Bartosz CisekAutomatic functional testing easier than you thought Bartosz Cisek
Automatic functional testing easier than you thought Bartosz CisekIreland & UK Moodlemoot 2012
 
Uklug2012 yellow and blue stream
Uklug2012 yellow and blue streamUklug2012 yellow and blue stream
Uklug2012 yellow and blue streamFrank van der Linden
 
Infinum Android Talks #02 - ActiveAndroid
Infinum Android Talks #02 - ActiveAndroidInfinum Android Talks #02 - ActiveAndroid
Infinum Android Talks #02 - ActiveAndroidInfinum
 
What's New in Nuxeo Platform 7.3
What's New in Nuxeo Platform 7.3 What's New in Nuxeo Platform 7.3
What's New in Nuxeo Platform 7.3 Nuxeo
 
[Webinar] Nuxeo Platform 5.6 Overview
[Webinar] Nuxeo Platform 5.6 Overview[Webinar] Nuxeo Platform 5.6 Overview
[Webinar] Nuxeo Platform 5.6 OverviewNuxeo
 

Más contenido relacionado

La actualidad más candente

Growing an ecosystem on the JVM
Growing an ecosystem on the JVMGrowing an ecosystem on the JVM
Growing an ecosystem on the JVMIulian Dragos
 
java-corporate-training-institute-in-mumbai
java-corporate-training-institute-in-mumbaijava-corporate-training-institute-in-mumbai
java-corporate-training-institute-in-mumbaiUnmesh Baile
 
Hey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the ProblemHey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the ProblemColdFusionConference
 
Java introduction by lara technologies
Java introduction by lara technologiesJava introduction by lara technologies
Java introduction by lara technologiestechnologieslara
 
Beyond the Basics 4 MongoDB Security and Authentication
Beyond the Basics 4 MongoDB Security and AuthenticationBeyond the Basics 4 MongoDB Security and Authentication
Beyond the Basics 4 MongoDB Security and AuthenticationMongoDB
 
Java Programming Important Topics
Java Programming Important Topics Java Programming Important Topics
Java Programming Important Topics SANJAYMANVATKAR1
 
Introduction to Dependency Injection
Introduction to Dependency InjectionIntroduction to Dependency Injection
Introduction to Dependency InjectionSolTech, Inc.
 
What is the taste of the Selenide
What is the taste of the SelenideWhat is the taste of the Selenide
What is the taste of the SelenideRoman Marinsky
 
Automatic functional testing easier than you thought Bartosz Cisek
Automatic functional testing easier than you thought Bartosz CisekAutomatic functional testing easier than you thought Bartosz Cisek
Automatic functional testing easier than you thought Bartosz CisekIreland & UK Moodlemoot 2012
 
Infinum Android Talks #02 - ActiveAndroid
Infinum Android Talks #02 - ActiveAndroidInfinum Android Talks #02 - ActiveAndroid
Infinum Android Talks #02 - ActiveAndroidInfinum
 

La actualidad más candente (20)

Java intro
Java introJava intro
Java intro
 
RIBBUN SOFTWARE
RIBBUN SOFTWARERIBBUN SOFTWARE
RIBBUN SOFTWARE
 
Java01
Java01Java01
Java01
 
Eureka moment
Eureka momentEureka moment
Eureka moment
 
Growing an ecosystem on the JVM
Growing an ecosystem on the JVMGrowing an ecosystem on the JVM
Growing an ecosystem on the JVM
 
java-corporate-training-institute-in-mumbai
java-corporate-training-institute-in-mumbaijava-corporate-training-institute-in-mumbai
java-corporate-training-institute-in-mumbai
 
Hey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the ProblemHey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the Problem
 
Java introduction by lara technologies
Java introduction by lara technologiesJava introduction by lara technologies
Java introduction by lara technologies
 
JAVA FEATURES
JAVA FEATURESJAVA FEATURES
JAVA FEATURES
 
Java
JavaJava
Java
 
Beyond the Basics 4 MongoDB Security and Authentication
Beyond the Basics 4 MongoDB Security and AuthenticationBeyond the Basics 4 MongoDB Security and Authentication
Beyond the Basics 4 MongoDB Security and Authentication
 
Road Trip To Component
Road Trip To ComponentRoad Trip To Component
Road Trip To Component
 
Java Programming Important Topics
Java Programming Important Topics Java Programming Important Topics
Java Programming Important Topics
 
Introduction to Dependency Injection
Introduction to Dependency InjectionIntroduction to Dependency Injection
Introduction to Dependency Injection
 
Maven
Maven Maven
Maven
 
Features of java
Features of javaFeatures of java
Features of java
 
What is the taste of the Selenide
What is the taste of the SelenideWhat is the taste of the Selenide
What is the taste of the Selenide
 
Automatic functional testing easier than you thought Bartosz Cisek
Automatic functional testing easier than you thought Bartosz CisekAutomatic functional testing easier than you thought Bartosz Cisek
Automatic functional testing easier than you thought Bartosz Cisek
 
Uklug2012 yellow and blue stream
Uklug2012 yellow and blue streamUklug2012 yellow and blue stream
Uklug2012 yellow and blue stream
 
Infinum Android Talks #02 - ActiveAndroid
Infinum Android Talks #02 - ActiveAndroidInfinum Android Talks #02 - ActiveAndroid
Infinum Android Talks #02 - ActiveAndroid
 

Destacado

What's New in Nuxeo Platform 7.3
What's New in Nuxeo Platform 7.3 What's New in Nuxeo Platform 7.3
What's New in Nuxeo Platform 7.3 Nuxeo
 
[Webinar] Nuxeo Platform 5.6 Overview
[Webinar] Nuxeo Platform 5.6 Overview[Webinar] Nuxeo Platform 5.6 Overview
[Webinar] Nuxeo Platform 5.6 OverviewNuxeo
 
[Nuxeo World 2013] Roadmap 2014 - Technical Part
[Nuxeo World 2013] Roadmap 2014 - Technical Part [Nuxeo World 2013] Roadmap 2014 - Technical Part
[Nuxeo World 2013] Roadmap 2014 - Technical Part Nuxeo
 
Scaling the Content Repository with Elasticsearch
Scaling the Content Repository with ElasticsearchScaling the Content Repository with Elasticsearch
Scaling the Content Repository with ElasticsearchNuxeo
 
Nuxeo Platform 7.4: What's New
Nuxeo Platform 7.4: What's NewNuxeo Platform 7.4: What's New
Nuxeo Platform 7.4: What's NewNuxeo
 
Enforce Your Application Security
Enforce Your Application SecurityEnforce Your Application Security
Enforce Your Application SecurityNuxeo
 
What's New in Nuxeo Platform 7.4 - Breakfast Presentation in Paris
What's New in Nuxeo Platform 7.4 - Breakfast Presentation in ParisWhat's New in Nuxeo Platform 7.4 - Breakfast Presentation in Paris
What's New in Nuxeo Platform 7.4 - Breakfast Presentation in ParisNuxeo
 
Nuxeo Platform LTS 2016 - Roadmap
Nuxeo Platform LTS 2016 - RoadmapNuxeo Platform LTS 2016 - Roadmap
Nuxeo Platform LTS 2016 - RoadmapNuxeo
 

Destacado (8)

What's New in Nuxeo Platform 7.3
What's New in Nuxeo Platform 7.3 What's New in Nuxeo Platform 7.3
What's New in Nuxeo Platform 7.3
 
[Webinar] Nuxeo Platform 5.6 Overview
[Webinar] Nuxeo Platform 5.6 Overview[Webinar] Nuxeo Platform 5.6 Overview
[Webinar] Nuxeo Platform 5.6 Overview
 
[Nuxeo World 2013] Roadmap 2014 - Technical Part
[Nuxeo World 2013] Roadmap 2014 - Technical Part [Nuxeo World 2013] Roadmap 2014 - Technical Part
[Nuxeo World 2013] Roadmap 2014 - Technical Part
 
Scaling the Content Repository with Elasticsearch
Scaling the Content Repository with ElasticsearchScaling the Content Repository with Elasticsearch
Scaling the Content Repository with Elasticsearch
 
Nuxeo Platform 7.4: What's New
Nuxeo Platform 7.4: What's NewNuxeo Platform 7.4: What's New
Nuxeo Platform 7.4: What's New
 
Enforce Your Application Security
Enforce Your Application SecurityEnforce Your Application Security
Enforce Your Application Security
 
What's New in Nuxeo Platform 7.4 - Breakfast Presentation in Paris
What's New in Nuxeo Platform 7.4 - Breakfast Presentation in ParisWhat's New in Nuxeo Platform 7.4 - Breakfast Presentation in Paris
What's New in Nuxeo Platform 7.4 - Breakfast Presentation in Paris
 
Nuxeo Platform LTS 2016 - Roadmap
Nuxeo Platform LTS 2016 - RoadmapNuxeo Platform LTS 2016 - Roadmap
Nuxeo Platform LTS 2016 - Roadmap
 

Similar a Enhanced File Upload

Jakarta EE Test Strategies (2022)
Jakarta EE Test Strategies (2022)Jakarta EE Test Strategies (2022)
Jakarta EE Test Strategies (2022)Ryan Cuprak
 
1 java programming- introduction
1 java programming- introduction1 java programming- introduction
1 java programming- introductionjyoti_lakhani
 
1java Introduction
1java Introduction1java Introduction
1java IntroductionAdil Jafri
 
How Class Data Sharing Can Speed up Your Jakarta EE Application Startup
How Class Data Sharing Can Speed up Your Jakarta EE Application StartupHow Class Data Sharing Can Speed up Your Jakarta EE Application Startup
How Class Data Sharing Can Speed up Your Jakarta EE Application StartupRudy De Busscher
 
A tour of Java and the JVM
A tour of Java and the JVMA tour of Java and the JVM
A tour of Java and the JVMAlex Birch
 
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesHacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesMikhail Egorov
 
Доклад Михаила Егорова на PHDays
Доклад Михаила Егорова на PHDaysДоклад Михаила Егорова на PHDays
Доклад Михаила Егорова на PHDaysru_Parallels
 
Developer’s intro to the alfresco platform
Developer’s intro to the alfresco platformDeveloper’s intro to the alfresco platform
Developer’s intro to the alfresco platformAlfresco Software
 
Enterprise OSGi at eBay
Enterprise OSGi at eBayEnterprise OSGi at eBay
Enterprise OSGi at eBayTony Ng
 
Java online training from hyderabad
Java online training from hyderabadJava online training from hyderabad
Java online training from hyderabadrevanthonline
 
NodeJS - Server Side JS
NodeJS - Server Side JS NodeJS - Server Side JS
NodeJS - Server Side JS Ganesh Kondal
 
Byte code manipulation and instrumentalization in Java
Byte code manipulation and instrumentalization in JavaByte code manipulation and instrumentalization in Java
Byte code manipulation and instrumentalization in JavaAlex Moskvin
 
Exploring Java Heap Dumps (Oracle Code One 2018)
Exploring Java Heap Dumps (Oracle Code One 2018)Exploring Java Heap Dumps (Oracle Code One 2018)
Exploring Java Heap Dumps (Oracle Code One 2018)Ryan Cuprak
 
Serialization and performance by Sergey Morenets
Serialization and performance by Sergey MorenetsSerialization and performance by Sergey Morenets
Serialization and performance by Sergey MorenetsAlex Tumanoff
 
The Mobile Web - HTML5 on mobile devices
The Mobile Web - HTML5 on mobile devicesThe Mobile Web - HTML5 on mobile devices
The Mobile Web - HTML5 on mobile devicesWesley Hales
 

Similar a Enhanced File Upload (20)

Jakarta EE Test Strategies (2022)
Jakarta EE Test Strategies (2022)Jakarta EE Test Strategies (2022)
Jakarta EE Test Strategies (2022)
 
1 java programming- introduction
1 java programming- introduction1 java programming- introduction
1 java programming- introduction
 
1java Introduction
1java Introduction1java Introduction
1java Introduction
 
oop unit1.pptx
oop unit1.pptxoop unit1.pptx
oop unit1.pptx
 
CS8392 OOP
CS8392 OOPCS8392 OOP
CS8392 OOP
 
01 java intro
01 java intro01 java intro
01 java intro
 
How Class Data Sharing Can Speed up Your Jakarta EE Application Startup
How Class Data Sharing Can Speed up Your Jakarta EE Application StartupHow Class Data Sharing Can Speed up Your Jakarta EE Application Startup
How Class Data Sharing Can Speed up Your Jakarta EE Application Startup
 
A tour of Java and the JVM
A tour of Java and the JVMA tour of Java and the JVM
A tour of Java and the JVM
 
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesHacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
 
Доклад Михаила Егорова на PHDays
Доклад Михаила Егорова на PHDaysДоклад Михаила Егорова на PHDays
Доклад Михаила Егорова на PHDays
 
JAVA PROGRAM CONSTRUCTS OR LANGUAGE BASICS.pptx
JAVA PROGRAM CONSTRUCTS OR LANGUAGE BASICS.pptxJAVA PROGRAM CONSTRUCTS OR LANGUAGE BASICS.pptx
JAVA PROGRAM CONSTRUCTS OR LANGUAGE BASICS.pptx
 
Developer’s intro to the alfresco platform
Developer’s intro to the alfresco platformDeveloper’s intro to the alfresco platform
Developer’s intro to the alfresco platform
 
Enterprise OSGi at eBay
Enterprise OSGi at eBayEnterprise OSGi at eBay
Enterprise OSGi at eBay
 
Java online training from hyderabad
Java online training from hyderabadJava online training from hyderabad
Java online training from hyderabad
 
NodeJS - Server Side JS
NodeJS - Server Side JS NodeJS - Server Side JS
NodeJS - Server Side JS
 
Byte code manipulation and instrumentalization in Java
Byte code manipulation and instrumentalization in JavaByte code manipulation and instrumentalization in Java
Byte code manipulation and instrumentalization in Java
 
Exploring Java Heap Dumps (Oracle Code One 2018)
Exploring Java Heap Dumps (Oracle Code One 2018)Exploring Java Heap Dumps (Oracle Code One 2018)
Exploring Java Heap Dumps (Oracle Code One 2018)
 
Serialization and performance by Sergey Morenets
Serialization and performance by Sergey MorenetsSerialization and performance by Sergey Morenets
Serialization and performance by Sergey Morenets
 
Java programming and security
Java programming and securityJava programming and security
Java programming and security
 
The Mobile Web - HTML5 on mobile devices
The Mobile Web - HTML5 on mobile devicesThe Mobile Web - HTML5 on mobile devices
The Mobile Web - HTML5 on mobile devices
 

Enhanced File Upload

Notas del editor

  1. показать html-заготовку
  2. гугл добавил загрузку фолдеров -- узнать как они грузят фолдеры (если можно). во всяком случае, для других клиентов они добавили загрузку фолдеров через апплет http://googledocs.blogspot.com/2011/04/simpler-file-upload-in-google-docs.html
  3. не все браузеры хорошо поддерживают (например, 3.6.*) http://stackoverflow.com/questions/4263118/html5-drag-drop-uploads