4 Replies Latest reply: Jun 19, 2009 3:38 AM by Voon Siong Lum RSS

WebDynpro, File Upload and Anti-Virus

Voon Siong Lum
Currently Being Moderated

Hi,

 

I recently wrote a Web Dynpro application, which featured file uploads.  The developed application allows users to upload a file from their client PC and physically write the file on a predefined location.  In order to make sure that the uploaded files are safe, I had hoped to use AntiVirus scan to scan the uploaded file.

 

The breakdown of the logic is below:

 

1. user selects a file from their PC

2. user clicks on the upload button

3. the onActionFileUpload method is triggered where the FileUpload UI picks up the user selected file and store in the Web Dynpro application's context

4. I plan to call an AntiVirus scan (maybe through an API or something) to scan the in-context binary resource (byte[] representation of the uploaded file)

5. if the scan is successful (with the uploaded file free from virus or malwares), I proceed to FTP write to my predefined location

 

Questions:

 

1. I read that NetWeaver2004s has a virus scan adapter where you need to configure the profile and groups.  If I go for this configuration, does this mean I can skip step 4?

2. We are using McAfee as our AntiVirus.  Can we somehow configure the on-demand scan to pick up files uploaded in Web Dynpro's context?

3. By having a binary type in the View's context, if the uploaded file contains malware, is it possible for it to harm the server (even though we are not really running the file)?

 

Thank You.

    • Re: WebDynpro, File Upload and Anti-Virus
      Voon Siong Lum
      Currently Being Moderated

      Thank You.  Your document helped me understand that I do not need to implement any additional virus scanning code in my Web Dynpro application.  I can just integrate VSA and get the Portal to scan the uploaded files via the webdynpro_fileupload profile.  Once integrated, I just need to use the VSI calls to scan bytes.

      • Re: WebDynpro, File Upload and Anti-Virus
        Susmita Panigrahi
        Currently Being Moderated

        Hi Voono,

         

        We have similar kind of requirement where user will select the document from desktop and upload it a external place.

         

        could you please provide me any document link to implement this?

         

        Thanks

        Susmita

        • Re: WebDynpro, File Upload and Anti-Virus
          Voon Siong Lum
          Currently Being Moderated

          Hi,

           

          File Uploads for Web Dynpro is not hard to implement.  Use the file upload control from the Web Dynpro.  In your view, just make sure you grab the bytes from the control.  You can find details on how to use the control and related coding from SAP Help.

           

          For virus scan abilities, please see the doc link above.

           

          Hope this helps.

           

          Here is the sample coding I am using...

           

          // note: element = wdContext.currentContextElement();

          // you can get details on getFileResource from SAP Help

           

                        byte[] file = element.getFileResource();

                         

                        // scan file - antivirus

                                            

                        IWDApplicationInfo appInfo =

                        wdComponentAPI.getApplication().getApplicationInfo();

           

                    // write to physical location using SMB     

                        jcifs.Config.setProperty("jcifs.netbios.wins",           appInfo.findInApplicationProperties("jcifs.netbios.WINS").getValue());

                        jcifs.Config.setProperty("jcifs.smb.client.responseTImeout", "300000");

                    String path = "smb://" + appInfo.findInApplicationProperties("FileUploadTarget").getValue() + binaryType.getFileName();               

                    String domain = appInfo.findInApplicationProperties("SMBDomain").getValue();

                    String username = appInfo.findInApplicationProperties("SMBUserName").getValue();

                         String password = appInfo.findInApplicationProperties("SMBPassword").getValue();

                    NtlmPasswordAuthentication auth = new NtlmPasswordAuthentication(domain, username, password);               

                    SmbFile sFile = new SmbFile(path, auth);

                    sFile.setConnectTimeout(300000);

                    sFile.connect();

                    SmbFileOutputStream writer = new SmbFileOutputStream(sFile);

                    writer.write(file);

                    writer.close();

Actions