error handling for exceeding max allowed file size (#957)

Author: rsoika

imixs-workflow-faces/src/main/java/org/imixs/workflow/faces/fileupload/AjaxFileUploadServlet.java

@@ -66,19 +66,41 @@ public class AjaxFileUploadServlet extends HttpServlet {
     @Override
     protected void doPost(HttpServletRequest httpRequest, HttpServletResponse response)
             throws ServletException, IOException {
+
         if (isPostFileUploadRequest(httpRequest)) {
-            logger.fine("......add files...");
+            logger.info("......file upload request received...");
             List<FileData> fileDataList = getFilesFromRequest(httpRequest);
-            // now update the workitem....
+
+            // null signals a FileTooLargeException from Undertow
+            if (fileDataList == null) {
+                // Read maxFileSize from context-param or fall back to @MultipartConfig
+                String configValue = getServletContext().getInitParameter("imixs.fileupload.maxFileSize");
+                MultipartConfig annotation = this.getClass().getAnnotation(MultipartConfig.class);
+                long maxFileSize = (configValue != null)
+                        ? Long.parseLong(configValue)
+                        : annotation.maxFileSize();
+
+                logger.warning("......upload aborted - file too large, maxFileSize=" + maxFileSize);
+                response.setStatus(HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE);
+                response.setContentType("application/json;charset=UTF-8");
+                PrintWriter out = response.getWriter();
+                out.write("{ \"error\": \"FILE_TOO_LARGE\", \"maxFileSize\": " + maxFileSize + " }");
+                out.close();
+                return;
+            }
+
+            logger.info("......processing " + fileDataList.size() + " file(s)...");
             if (fileUploadController != null) {
-                // check workitem... issue
                 if (fileUploadController.getWorkitem() != null) {
-                    logger.fine("......prüfe file data Liste...");
                     for (FileData filedata : fileDataList) {
-                        logger.fine("......add new fileData object..." + filedata.getName());
+                        logger.info("......adding fileData: " + filedata.getName());
                         fileUploadController.addFileUpload(filedata);
                     }
+                } else {
+                    logger.warning("......workitem is null - files cannot be stored");
                 }
+            } else {
+                logger.warning("......fileUploadController is null");
             }
             writeJsonMetadata(response, httpRequest.getRequestURI());
         }
@@ -186,50 +208,35 @@ private String getFilename(Part part) {
      */
     private List<FileData> getFilesFromRequest(HttpServletRequest httpRequest) {
         logger.finest("......Looping parts");
-
         List<FileData> fileDataList = new ArrayList<FileData>();
         try {
             for (Part p : httpRequest.getParts()) {
                 byte[] b = new byte[(int) p.getSize()];
                 p.getInputStream().read(b);
                 p.getInputStream().close();
-                // params.put(p.getName(), new String[] { new String(b) });
-
-                // test if part contains a file
                 String fileName = getFilename(p);
                 if (fileName != null) {
-
-                    /*
-                     * issue #106
-                     * 
-                     * https://developer.jboss.org/message/941661#941661
-                     * 
-                     * Here we test of the encoding and try to convert to utf-8.
-                     */
                     byte fileNameISOBytes[] = fileName.getBytes("iso-8859-1");
                     String fileNameUTF8 = new String(fileNameISOBytes, "UTF-8");
                     if (fileName.length() != fileNameUTF8.length()) {
-                        // convert to utf-8
                         logger.finest("......filename seems to be ISO-8859-1 encoded");
                         fileName = new String(fileName.getBytes("iso-8859-1"), "utf-8");
                     }
-
-                    // extract the file content...
-                    FileData fileData = null;
-                    logger.log(Level.FINEST, "......filename : {0}, contentType {1}",
-                            new Object[] { fileName, p.getContentType() });
-                    fileData = new FileData(fileName, b, p.getContentType(), null);
+                    FileData fileData = new FileData(fileName, b, p.getContentType(), null);
                     fileDataList.add(fileData);
-
+                    logger.info("......file added: " + fileName + " size: " + b.length + " bytes");
                 }
             }
-
+        } catch (IllegalStateException ex) {
+            // Undertow wraps FileTooLargeException in an IllegalStateException
+            logger.warning("......file upload rejected - file too large: " + ex.getMessage());
+            // Signal the error to the caller by returning null
+            return null;
         } catch (IOException ex) {
             logger.log(Level.SEVERE, null, ex);
         } catch (ServletException ex) {
             logger.log(Level.SEVERE, null, ex);
         }
-
         return fileDataList;
     }
 

imixs-workflow-faces/src/main/resources/META-INF/resources/imixs/css/imixs.css

@@ -83,4 +83,13 @@
 }
 .imixsfileupload .remove-link:hover {
 	text-decoration: none;
+}
+
+.imixsfileupload-error {
+    color: #c0392b;
+    font-weight: bold;
+    padding: 8px;
+    border: 1px solid #e74c3c;
+    border-radius: 4px;
+    background-color: #fdecea;
 }

imixs-workflow-faces/src/main/resources/META-INF/resources/imixs/imixs-faces.js

@@ -371,18 +371,34 @@ imixsFileUploadRefresh = function () {
 					// no headers needed
 				})
 				.then(response => {
+					if (response.status === 413) {
+						// Clear the file input to prevent re-sending on next form submit
+						const dataTransfer = new DataTransfer();
+						fileInput.files = dataTransfer.files;
+						currentFileUploadsMap.set(container, []);
+						return response.json().then(data => {
+							const limitText = data.maxFileSize 
+								? fileSizeToString(data.maxFileSize) 
+								: 'the maximum allowed size';
+							fileTableContainer.innerHTML =
+								'<p class="imixsfileupload-error">Upload failed: File exceeds ' + limitText + '.</p>';
+							throw new Error('FileTooLarge');
+						});
+					}
 					if (!response.ok) {
-						throw new Error('Upload failed');
+						fileTableContainer.innerHTML =
+							'<p class="imixsfileupload-error">Upload failed: Server error (' + response.status + ').</p>';
+						throw new Error('Upload failed with status: ' + response.status);
 					}
-					
-					return response.json(); 
+					return response.json();
 				})
 				.then(data => {
 					if (refreshFileUploadAjaxTable) {
 						refreshFileUploadAjaxTable();
 					}
 				})
 				.catch(error => {
+					// Log to console - UI message is already set above
 					console.error('Upload error: ', error);
 				});
 			} else {

src/site/markdown/webtools/fileupload.md

@@ -69,3 +69,46 @@ Optional you can also use a fileUpload widget with Ajax support. This allows the
 	workitem="#{documentController.document}"
 	context_url="#{facesContext.externalContext.requestContextPath}/api/" />
 ```
+
+## File Size Configuration
+
+The Ajax file upload widget uses the `AjaxFileUploadServlet` to handle file uploads.
+By default, the maximum file size is limited to **10 MB** per file and **50 MB** per request.
+
+A developer can override these defaults by adding the following configuration to the `web.xml`:
+
+```xml
+<!-- Override the default file size limits for the AjaxFileUploadServlet -->
+<servlet>
+    <servlet-name>AjaxFileUploadServlet</servlet-name>
+    <servlet-class>org.imixs.workflow.faces.fileupload.AjaxFileUploadServlet</servlet-class>
+    <multipart-config>
+        <max-file-size>20971520</max-file-size>        <!-- 20 MB -->
+        <max-request-size>52428800</max-request-size>  <!-- 50 MB -->
+        <file-size-threshold>1048576</file-size-threshold>
+    </multipart-config>
+</servlet>
+<servlet-mapping>
+    <servlet-name>AjaxFileUploadServlet</servlet-name>
+    <url-pattern>/fileupload/*</url-pattern>
+</servlet-mapping>
+
+<!-- Provide the max file size for user-friendly error messages -->
+<context-param>
+    <param-name>imixs.fileupload.maxFileSize</param-name>
+    <param-value>20971520</param-value>
+</context-param>
+```
+
+**Note:** The `context-param` `imixs.fileupload.maxFileSize` must match the `max-file-size`
+value in the `multipart-config`. It is used to display a meaningful error message to the
+user when an upload exceeds the allowed file size.
+
+The two size parameters have different meanings:
+
+- `max-file-size` - defines the maximum size of a **single file** within one upload request
+- `max-request-size` - defines the maximum size of the **entire HTTP request**, i.e. the sum
+  of all files uploaded at once plus form fields
+
+Example: With a `max-file-size` of 20 MB and a `max-request-size` of 50 MB, a user could
+upload two files of 20 MB each simultaneously, but not three files of 20 MB each.