• JDK 17
• Maven 3.8

• simple greetings resource for bootstrapping testing
• demonstrates BDD-style testing

• practice emitting metrics about errors on incoming multi-part file uploads

• fix "java.net.SocketException: Broken pipe (Write failed)" (http/multipartfileuploads.http#multiple files exceeding max request size)
• test / visualize metrics with Prometheus
• refactor UploadSizeExceptionAdvice#recordMetrics()

1. Start the Application

2. Note down the generated security password from the log messaging starting with Using generated security password

3. Run the following command to create a IntelliJ HTTP client configuration

   cp -n src/test/http/http-client.env.json http-client.private.env.json`

4. Insert the generated security password of step 2. to the JSON property at path dev.password

5. Open the file multipartfileuploads.http, select the dev environment in field Run with.

6. Run the examples

Hot reloading the application (Cmd+F9) during development is possible, as Spring Boot Devtools are available in the classpath. Steps 2. + 4. need to be re-run in this case.

1. Generate payload samples (generates 512KB, 1MB, 1.1MB files):

   dd if=/dev/urandom bs=524288 count=1 of=src/test/resources/multipartfileuploads/file512kb
   dd if=/dev/urandom bs=1048576 count=1 of=src/test/resources/multipartfileuploads/file1mb
   dd if=/dev/urandom bs=1153433 count=1 of=src/test/resources/multipartfileuploads/filegt1mb

2. Run the use-case test:

   mvn -Dtest="*.multipartfileuploads.**" test

• How to use RestTemplate for multipart file uploads
• How to use ClassPathResource in Spring JUnit tests
• Data units conversion
• Behavior-Driven Development mit JUnit 5 (german)
• Spring Security Auto Configuration
• How to disable CSRF for Spring Security
• Multipart form requests with IntelliJ HTTP client

The Spring documentation is very detailed about CSRF protection in conjunction with Multipart file uploads.

It also includes a section about When to use CSRF protection which may help to make a decision about enabling or disabling it.

For the purpose of the multipartfileuploads use case, the CSRF protection was disabled.

When configuring the total request size for multipart requests, it may not be obvious that the request becomes too large even if multiple files are uploaded whose total size is equal to that setting.

A multipart file upload consists of additional data (like --boundary-- markers; HTTP headers for each part e.g. Content-Type: application/octet-stream) which raises the request content length, too.

Using commons-fileupload:commons-fileupload may provide "maximum portability across Servlet containers".

Note that both options – servlet built-in and commons-fileupload resolvers – make use of temporary files, which may not be feasible in a microservice architecture.

# replace "1153433" with desired size and adjust file name in `of` argument accordingly
dd if=/dev/urandom bs=1153433 count=1 of=filegt1mb