Accessing the content of the attachments

As is mentioned in Part 1, when the multipart message hits the proxy service, then (in conjunction with the Content-type) the attachment/body contains not the content itself but rather a reference to it. So, we have to to access the data itself for further processing. We call this the materialization of the content which might be performed through

  • a java callout or
  • a service callout to a simple Proxy-service

The next Fig. shows the java-code that gets the reference of the binary content as input, encodes it in base64 and returns the string back.

public static String encodeContentToBase64ByRef(byte[] content) {
return DatatypeConverter.printBase64Binary(content);
}

A simple Proxy service can also be used in order to materialize the contents of the reference to a binary content:

 inAtt2_bild1
inAtt2_bild2
inAtt2_bild3

However this fact needs a little bit more attention:

Case 1:

Let us suppose that the content of the attachment have a Content-Type= application/x-javascript and Content-Transfer-Encoding=base64 with the content, let“™s say

PHNjcmlwdD4NCnZhciB4ID0gNTsNCnZhciB5ID0gNjsNCnZhciB6ID0geCArIHk7DQpkb2N1b
WVudC5nZXRFbGVtZW50QnlJZCgiZGVtbyIpLmlubmVySFRNTCA9IHo7DQo8L3NjcmlwdD4=

Let us further assume that we want to save this content to a file. What we do have is a reference to the content held somewhere in the memory; but what in fact held there, is the base64-decoded content of the attachment, which means that if we get it by a service-callout, what we get back is an UTF-8 string. In this case the String contains the exactly the data behind „PHNjcmlwdD4NCnZh“¦“ and we can use them. In this case everything works fine.

Case 2

Now let us suppose that the content of the attachment have a Content-Type=image/jpg, Content-Transfer-Encoding=base64 and content, let“™s say:

w7/DmMO/w6AgEEpGSUY= etc.

Using the same mechanism as mentioned above, what we really get this time, is an UTF-8 string with no resemblance to the original data behind the base64 encoded data. In this case this method is no more reliable.

Conclusion

So the far more secure way for data materialization (using the term as described above) is a java-callout.

Alle Beiträge von Apostolos Varsamis

Schreibe einen Kommentar