@POST @Consumes({MediaType.MULTIPART_FORM_DATA}) @Produces({MediaType.APPLICATION_JSON}) public String createDocument( @PathParam("entityType") final String entityType, @PathParam("entityId") final Long entityId, @HeaderParam("Content-Length") final Long fileSize, @FormDataParam("file") final InputStream inputStream, @FormDataParam("file") final FormDataContentDisposition fileDetails, @FormDataParam("file") final FormDataBodyPart bodyPart, @FormDataParam("name") final String name, @FormDataParam("description") final String description) { FileUtils.validateFileSizeWithinPermissibleRange( fileSize, name, ApiConstants.MAX_FILE_UPLOAD_SIZE_IN_MB); /** * TODO: also need to have a backup and stop reading from stream after max size is reached to * protect against malicious clients */ /** TODO: need to extract the actual file type and determine if they are permissable */ final DocumentCommand documentCommand = new DocumentCommand( null, null, entityType, entityId, name, fileDetails.getFileName(), fileSize, bodyPart.getMediaType().toString(), description, null); final Long documentId = this.documentWritePlatformService.createDocument(documentCommand, inputStream); return this.toApiJsonSerializer.serialize( CommandProcessingResult.resourceResult(documentId, null)); }