8

I am writing a Spring controller that handles the HTTP PUT request from client, and generates S3 pre-signed url and issues a HTTP 307 status (Temp redirect) code. So basically I am authenticating the client and if it succeeds then I am asking him to write to a s3 folder. The client is able to write to signed url location.

Now my concern is the client will have to do upload two times. Once to my application server and then to s3, so the operation will take double the time.

Is my understanding correct?Does the client actually does 2 write in this case? Or is the client smart enough and just pushes the part of payload first and if it succeeds then pushes entire payload?

I read about HTTP 100 status code, but looks like the app server/tomcat already issues it and is not in my control.

Here is my spring controller

@RequestMapping("/upload")
public ResponseEntity<Void> execute(HttpServletRequest request) throws IOException, ServletException {

  HttpHeaders headers = new HttpHeaders();
  String redirectUrl = getRedirectUrl(requestURI, request.getMethod());
  headers.setLocation(new URI(redirectUrl));

  ResponseEntity<Void> redirectEntity = new ResponseEntity<Void>(null,headers,HttpStatus.TEMPORARY_REDIRECT);
  return redirectEntity;
}

How can i prevent clint from uploading the entire payload to my app server?

Preview
  • 35,317
  • 10
  • 92
  • 112
user93796
  • 18,749
  • 31
  • 94
  • 150

2 Answers2

3

So my understanding correct?

Answer is YES. Server will send the response of PUT request after reading the full request including body. when you client will repeat the request, in response 307 (Temporary Redirect), it will be like a new http request.

Also an important point on using 307 response code from spec(see below) should be considered for this approach.

If the 307 status code is received in response to a request other
than GET or HEAD, the user agent MUST NOT automatically redirect the
request unless it can be confirmed by the user, since this might
change the conditions under which the request was issued.

On point

How can i prevent client from uploading the entire payload to my app server? You may do upload to s3 in background from your controller and return the redirect response (301?) point to an URL which will return the status of upload request.

Community
  • 1
  • 1
skadya
  • 4,330
  • 19
  • 27
  • The whole point of redirecting to s3 was avoid traffic going through my app server. I found out that some of the clients crash/break if server doesnot read the full httprequest content. – user93796 May 08 '17 at 19:32
2

This just isn’t how HTTP works, HTTP has no mechanism to halt a file upload other than closing the connection, but if you close the connection you cant return the redirect information.
If you want the client to upload directly to S3, you will need to do it in two steps.
Have the client request the URL for the file transfer, then have them initiate the transfer with the desired URL.

Magnus
  • 7,952
  • 2
  • 26
  • 52