1

I have a spring boot service which need to validate multipart max file size in different rest routes for example all v1 routes for 5MB and v2 for 10MB

e.g: api/v1/route1 -> max file upload size is 5MB
     api/v2/route2 -> max file upload size is 10MB
     api/v2/route3 -> max file upload size is 2MB

Already below is set but then all request would be validate against it include v1 route

servlet:
        multipart:
            max-file-size: 10MB
            max-request-size: 10MB

I was thinking what is the best way to implement it.

  1. Is it keep the max 10MB limit as general value as above in application level and in each route do the validations using MultipartFile getSize() method

  2. Any other better way to do it in a interceptor or something by checking request path?

Harshana
  • 7,297
  • 25
  • 99
  • 173

1 Answers1

0

I'd say, it is based on how the entire project is build up. pros and cons are there in both options as per my opinion,

For me, Option 1 is simple and straight forward, will be handled by servlet itself (Although extra protection we have to do manually)

But, I will choose option 2 If this protection is not handled by UI as well. because there is 100% chance that api/v2/route3 will receive 10MB always.

If I'm picking Option 2, I need to write manually in interceptor to handle this, also I need to handle as and when I get new services to handle multipart, Also If you want to handle unlimited file size, this approach will useful to nail down that particular service.

If I'm picking Option 1, In this Option, we will be doing couple of check one by servlet another one will be done using file.size() Let say you have another requirement to handle 50MB in another service (larger file than 10MB), It means all of the services which is having multipart will allow upto 50MB to passthrough the controller. But Ideally, No one will pass 10MB file to api/v2/route3 always (which allowed only 2MB), because it can be protect with simple javascript code in UI.

If it is not protected in UI, It is always better to go with Option-2 because Option-2 will validate each and every service separately by interceptors

RenceAbi
  • 522
  • 2
  • 11
  • 26