Creating a custom security adapter class

Actuate Information Console reference : Using Actuate Information Console security : Creating an upload security adapter : Creating a custom security adapter class

Implement the upload security adapter interface to customize file verification. The upload security adapter requires access to the following libraries:

javax.servlet.http.HttpServletRequest

javax.servlet.ServletContext

com.actuate.iportal.security

To process a secure upload request from Information Console using an upload security adapter, the following methods are required:

getErrorMessage( )

isFileTypeAllowed( )

verifyFile( )

For example, to prevent any file type except plain text (.txt) from being uploaded, implement txt as the only valid file type for isFileTypeAllowed, as in the following class:

package com.actuate.iportal.security;

import javax.servlet.ServletContext;

import javax.servlet.http.HttpServletRequest;

public class SecureUpload implements IUploadSecurityAdapter {

public boolean isFileTypeAllowed( HttpServletRequest request, String fileType ){

if ( fileType == null ) return false;

if ( fileType.toLowerCase().trim().equals("txt")) return true;

else return false;

}

public boolean verifyFile(HttpServletRequest request, String fileName, String dstFolder){

return true;

}

public String getErrorMessage(HttpServletRequest request){

String message = "Only plain text (.txt) files are permitted.";

return message;

}

When the upload security adapter requires file validation, Information Console copies the file temporarily into the directory specified by TEMP_FOLDER_LOCATION parameter in web.xml.