Skip to content

RESOURCES / BLOG

How to Upload Images Using Java

Developers often ask for a clean, production-ready approach to image uploads in Java. Whether you are adding a profile photo endpoint or building a gallery uploader, a simple, secure flow can save a lot of time later. 

Question:

Hi all,
I need a straightforward, secure way to handle image uploads on a Java backend for a web app. What is the best practice for how to upload images using Java, including server-side validation and saving files? Bonus points if there is a way to store and serve them from a CDN without me building that from scratch. Sample code would be awesome.

Answer:

In Java, the most common approach is to accept multi-part form data on the server, validate the upload, and persist the file to a stable storage location. You can do this with raw Servlets or with Spring Boot. Here’s a Spring Boot example that minimizes boilerplate and includes nice helpers for multipara handling.

1) Build a secure Spring Boot upload endpoint

Core steps:

  • Accept multipart form data at a POST endpoint
  • Validate content type starts with image/ and enforce a size limit
  • Normalize the filename, then write to disk or object storage
  • Return metadata or a URL
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.server.ResponseStatusException;

import java.io.IOException;
import java.nio.file.*;
import java.util.Map;

@RestController
@RequestMapping("/api/uploads")
public class ImageUploadController {

  @PostMapping(consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
  public Map<String, Object> upload(@RequestParam("image") MultipartFile image) throws IOException {
    if (image == null || image.isEmpty()) {
      throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Missing file");
    }

    // Simple server-side checks
    if (image.getSize() > 5 * 1024 * 1024) {
      throw new ResponseStatusException(HttpStatus.PAYLOAD_TOO_LARGE, "Max file size is 5 MB");
    }
    String contentType = image.getContentType();
    if (contentType == null || !contentType.startsWith("image/")) {
      throw new ResponseStatusException(HttpStatus.UNSUPPORTED_MEDIA_TYPE, "Only image uploads are allowed");
    }

    // Save to a local directory (swap with object storage in production)
    Path dir = Paths.get("uploads").toAbsolutePath();
    Files.createDirectories(dir);

    String original = Paths.get(image.getOriginalFilename() == null ? "upload" : image.getOriginalFilename())
        .getFileName()
        .toString()
        .replaceAll("[^a-zA-Z0-9._-]", "_");

    String filename = System.currentTimeMillis() + "_" + original;
    Path target = dir.resolve(filename);
    Files.copy(image.getInputStream(), target, StandardCopyOption.REPLACE_EXISTING);

    return Map.of(
        "filename", filename,
        "contentType", contentType,
        "size", image.getSize(),
        "path", target.toString()
    );
  }
}Code language: JavaScript (javascript)

Test with cURL:

curl -F "image=@/path/to/picture.jpg" http://localhost:8080/api/uploads

2) Validate formats and optimize before storing

  • Prefer modern formats like WebP or AVIF for delivery, but accept common uploads such as JPG or PNG.
  • Pick formats intentionally. For example, photos often compress better as JPG, while graphics or logos can benefit from PNG. 
  • Reduce payload sizes to save bandwidth and storage. If you process files server side, read these tips on how to reduce image file size.

3) Serving files

You can serve files directly from your app in development. For production, consider a CDN or a dedicated media service to handle caching, format conversion, and resizing.

4) Optional: Use Cloudinary to upload and deliver

If you do not want to build storage, resizing, optimization, and delivery yourself, you can upload directly to Cloudinary using the Java SDK and get back a secure CDN URL. You can still keep your Spring controller and forward the bytes upstream.

// Maven: add Cloudinary Java dependency in your build file
// Sample server-side upload using the Cloudinary SDK

import com.cloudinary.Cloudinary;
import com.cloudinary.utils.ObjectUtils;

...

Cloudinary cloudinary = new Cloudinary(ObjectUtils.asMap(
  "cloud_name", "CLOUD_NAME",
  "api_key", "API_KEY",
  "api_secret", "API_SECRET"
));

// Inside your controller after validation
Map uploadResult = cloudinary.uploader().upload(image.getBytes(), ObjectUtils.asMap(
  "folder", "java-uploads",
  "resource_type", "image",
  "use_filename", true,
  "unique_filename", true,
  "overwrite", false
));
String secureUrl = (String) uploadResult.get("secure_url");
// Return secureUrl to the clientCode language: JavaScript (javascript)

This approach offloads storage, responsive resizing, and smart format selection to a CDN, which improves performance and reduces your maintenance overhead.

Security checklist

  • Limit max file size and enforce image content types
  • Normalize filenames and never trust client-supplied paths
  • Store outside your classpath and never execute uploaded files
  • Generate stable public URLs and avoid exposing your file system structure

TL;DR

  • Use a Spring Boot endpoint that accepts multipart uploads, validates content type and size, and saves to storage.
  • Choose formats wisely and keep uploads small.
  • For effortless storage and fast delivery at scale, upload with the Cloudinary Java SDK and return a CDN URL.

Learn More

Ready to streamline image uploads, optimization, and delivery in your Java app? Sign up for Cloudinary and start building a faster, simpler pipeline today.

Start Using Cloudinary

Sign up for our free plan and start creating stunning visual experiences in minutes.

Sign Up for Free