How do you configure a MultipartResolver for a different maxUploadSize for a regular user vs. an admin?

Question

I can define a MultipartResolver like this with a maxUploadSize of 10K (10000 bytes):

<bean id="multipartResolver"
    class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
    <property name="maxUploadSize" value="10000"/>
</bean

However, if the admin needs to upload some large files via the admin interface which exceed this limit, the app needs to be temporarily re-configured to allow this - and then re-configured again to make sure regular users don't exceed this limit.

While this is happening, of course, a regular user could potentially sneak a large file in without receiving a warning.

Is there a way to configure the resolver to use a different maxUploadSize in these two situations?

Answer 1

The simplest method is to use differently-configured implementations of the bean for admins instead of for normal users. The most elegant way of doing that is to have a Spring 3.0 @Configuration bean that produces a session-scoped bean instance (I add a scoped proxy below as well, in case you're not using it in a session-scoped bean; otherwise you could just use a simpler annotation like this: @Scope(WebApplicationContext.SCOPE_SESSION)).

@Configuration
public class MultipartResolverBuilder {
    @Bean @Scope(value = WebApplicationContext.SCOPE_SESSION,
           proxyMode = ScopedProxyMode.TARGET_CLASS)
    public CommonsMultipartResolver getMultipartResolver() {
        CommonsMultipartResolver mr = new CommonsMultipartResolver();
        if (user_is_not_admin) {
            mr.setMaxUploadSize(10000);
        }
        return mr;
    }
}

You'll need to add the code to determine whether the user is an admin or not, of course, and you'll need to add in support for scanning for annotation-based configuration (if you've not already got it; <context:annotation-config/>/<context:component-scan .../> are pretty common things to have).