The magic number solution is already implemented: see this topicfor links to the Java Mime Magic Library.

幻数解决方案已经实现：请参阅此主题以获取指向 Java Mime Magic Library 的链接。

Check the file signature:

检查文件签名：

http://www.filesignatures.net/index.php?search=JPEG&mode=EXT

http://www.filesignatures.net/index.php?search=JPEG&mode=EXT

http://en.wikipedia.org/wiki/List_of_file_signatures

http://en.wikipedia.org/wiki/List_of_file_signatures

You can verify file type by reading few bytes.

您可以通过读取几个字节来验证文件类型。

Regards.

问候。

a. This function below will list all the extension in the directory. What you can do is list all and get the extension of all files and can check which files can be uploaded. You can provide a client side validation on the UI that only .jpeg files are allowed.

一种。下面的这个函数将列出目录中的所有扩展名。您可以做的是列出所有文件并获取所有文件的扩展名，并可以检查可以上传哪些文件。您可以在 UI 上提供仅允许 .jpeg 文件的客户端验证。

public static void main(String args[]) {
        System.out.println("GET");
        File fileObj = new File("D:\");
        File[] listAll = fileObj.listFiles();
        for (File file : listOfFiles) {
        if (file.isFile()) {
            System.out.println("Extension ."+file.getName().substring(file.getName().lastIndexOf('.')+1));
        }
        }
    }

b. Regarding miscrepancies of the extension i have not gone through such situation. May be the point specified by eltabo can help.

湾 关于延期的错误，我没有经历过这种情况。可能是 eltabo 指定的点可以提供帮助。

If you want just to check the file name, you can do this:

如果你只想检查文件名，你可以这样做：

public boolean checkJPEG(File file) {
   String fileName = file.getName().toUpperCase();
   return fileName.endsWith(".JPG") || fileName.endsWith(".JPEG");
}

But this method check only the file name, not the content. A more complete method include the magic number test.

但是这种方法只检查文件名，而不是内容。更完整的方法包括幻数测试。

public boolean checkJPEG(File file) throws IOException {
   String fileName = file.getName().toUpperCase();
   boolean extension = fileName.endsWith(".JPG") || fileName.endsWith(".JPEG");
   if (!extension) {
      return false;
   }
   FileInputStream in = null;
   try {
      in = new FileInputStream(file)
      byte[] magic = new byte[3];
      int count = in.read(magic);
      if (count < 3) return false;
      return magic[0] == 0xFF && magic[1] == 0xD8 && magic[2] == 0xFF;
   } finally {
      try {
         if (in != null) in.close();
      } catch (IOException ex) {}
   }
}

List of file signatures here: http://en.wikipedia.org/wiki/List_of_file_signatures

此处的文件签名列表：http: //en.wikipedia.org/wiki/List_of_file_signatures

You can not be sure of a files type, unless you completelyparse the file and verify that it adheres completely to the format specification. Only then you can be sure.

您无法确定文件类型，除非您完全解析文件并验证它完全符合格式规范。只有这样你才能确定。

Checking the magic number is a quick way of checking with a high probability to guess the type correctly. But obviously its not foolproof, its easy to make a file that starts with the bytes FF D8 FF, which would look like its a jpeg, but there is obviously no guarantee that its really a jpeg.

检查幻数是一种以高概率正确猜测类型的快速检查方法。但显然它不是万无一失的，它很容易制作一个以字节 FF D8 FF 开头的文件，它看起来像一个 jpeg，但显然不能保证它真的是一个 jpeg。

Or just rely on the file extension.

或者只依赖文件扩展名。

You just have to make a trade between reliability and simplicity. If you want simple, trust the file extension. If you want safety, verify the file contents.

您只需要在可靠性和简单性之间进行权衡。如果您想要简单，请信任文件扩展名。如果您想要安全，请验证文件内容。