private String getReferer() {
    String referer = request.getHeader("Referer");
    if (referer == null) {
      throw new IllegalStateException("The Referer header was not specified");
    }

    String path = request.getContextPath();
    return referer.substring(referer.indexOf(path) + path.length());
  }
  protected void processFile(FileItem item, String name, MutableRequest request) {
    try {
      String fileName = FilenameUtils.getName(item.getName());
      UploadedFile upload =
          new DefaultUploadedFile(
              item.getInputStream(), fileName, item.getContentType(), item.getSize());
      request.setParameter(name, name);
      request.setAttribute(name, upload);

      logger.debug("Uploaded file: {} with {}", name, upload);
    } catch (IOException e) {
      throw new InvalidParameterException("Can't parse uploaded file " + item.getName(), e);
    }
  }
  public void upload(
      @Observes ControllerFound event,
      MutableRequest request,
      MultipartConfig config,
      Validator validator) {

    if (!ServletFileUpload.isMultipartContent(request)) {
      return;
    }

    logger.info("Request contains multipart data. Try to parse with commons-upload.");

    final Multiset<String> indexes = HashMultiset.create();
    final Multimap<String, String> params = LinkedListMultimap.create();

    ServletFileUpload uploader = createServletFileUpload(config);

    UploadSizeLimit uploadSizeLimit =
        event.getMethod().getMethod().getAnnotation(UploadSizeLimit.class);
    uploader.setSizeMax(
        uploadSizeLimit != null ? uploadSizeLimit.sizeLimit() : config.getSizeLimit());
    uploader.setFileSizeMax(
        uploadSizeLimit != null ? uploadSizeLimit.fileSizeLimit() : config.getFileSizeLimit());
    logger.debug(
        "Setting file sizes: total={}, file={}", uploader.getSizeMax(), uploader.getFileSizeMax());

    try {
      final List<FileItem> items = uploader.parseRequest(request);
      logger.debug(
          "Found {} attributes in the multipart form submission. Parsing them.", items.size());

      for (FileItem item : items) {
        String name = item.getFieldName();
        name = fixIndexedParameters(name, indexes);

        if (item.isFormField()) {
          logger.debug("{} is a field", name);
          params.put(name, getValue(item, request));

        } else if (isNotEmpty(item)) {
          logger.debug("{} is a file", name);
          processFile(item, name, request);

        } else {
          logger.debug("A file field is empty: {}", item.getFieldName());
        }
      }

      for (String paramName : params.keySet()) {
        Collection<String> paramValues = params.get(paramName);
        request.setParameter(paramName, paramValues.toArray(new String[paramValues.size()]));
      }

    } catch (final SizeLimitExceededException e) {
      reportSizeLimitExceeded(e, validator);

    } catch (FileUploadException e) {
      reportFileUploadException(e, validator);
    }
  }
 private <T> void includeParametersInFlash(final Class<T> type, Method method, Object[] args) {
   Object params =
       creator.instanceWithParameters(DefaultResourceMethod.instanceFor(type, method), args);
   request.getSession().setAttribute(FLASH_PARAMETERS, params);
 }