Is there a way to validate on the client side browser whether the size of a file being uploaded from a JSP page is over a set size limit without forcing the user to upload the entire file only to find out it was too large?
I would like to stay away from any proprietary controls or techniques like Flash or ActiveX if possible.
Thanks!
This isn't a perfect solution, but if you check the Content-Length HTTP header with request.getHeader("Content-Length") then you can choose to not transfer the entire file.
By way of explanation, an extremely large file will not be transferred all at once. You'd have to actually open a stream representing that chunk of POST data and read from it for the entire thing to be transfered.
On the other hand, if you're worried about denial-of-service attacks, then you can't really trust the Content-Length header, because it can easily be forged. In this case, you should set a limit and stream a transfer of this file, stopping as soon as you've exceeded that limit.
Suggest you reconsider the Flash decision and take a look at the YUI Uploader, here:
http://developer.yahoo.com/yui/uploader/
Among other things, the fileSelect event will tell you the size of the selected file in bytes immediately after it is selected but before it's uploaded, so you'll be able to restrict accordingly.
With JSP or PHP you won't be able to restrict the file size because your page won't get the request until the upload has already happened. At that point you can decide not to save the file but that might be too late.
There are some Java solutions out there, e.g. MyUploader or Hermes. Some even support multiple file uploads and resuming partial uploads, and some also give you the source code. You can also write your own, but it will need to be a signed applet in order to function because it needs to access the local filesystem. If you're using Apache as your webserver you'll need enough RAM in your machine to fit the whole file size in memory of all files being uploaded at a given time.