This is an automated email from the ASF dual-hosted git repository. cziegeler pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/felix-dev.git
The following commit(s) were added to refs/heads/master by this push: new bc8f0398e0 FELIX-6654 : Remove support for commons fileupload bc8f0398e0 is described below commit bc8f0398e03d0d2832eeb979e6ca0ebe4ca10371 Author: Carsten Ziegeler <cziege...@apache.org> AuthorDate: Sun Sep 10 10:05:26 2023 +0200 FELIX-6654 : Remove support for commons fileupload --- webconsole/pom.xml | 16 ---- .../felix/webconsole/AbstractWebConsolePlugin.java | 18 +---- .../apache/felix/webconsole/WebConsoleUtil.java | 90 ++-------------------- .../webconsole/internal/core/BundlesServlet.java | 9 +-- 4 files changed, 11 insertions(+), 122 deletions(-) diff --git a/webconsole/pom.xml b/webconsole/pom.xml index 9afb96a11d..1c5ccb987f 100644 --- a/webconsole/pom.xml +++ b/webconsole/pom.xml @@ -108,7 +108,6 @@ </Bundle-Activator> <Import-Package> jakarta.servlet.*;version="[5,7)", - !javax.portlet, !javax.servlet, !javax.servlet.http, !org.apache.felix.http.javaxwrappers, @@ -230,27 +229,12 @@ <version>2.0.0</version> <scope>provided</scope> </dependency> - <dependency> - <groupId>commons-fileupload</groupId> - <artifactId>commons-fileupload</artifactId> - <version>1.5</version> - <scope>provided</scope> - </dependency> - - <dependency> - <groupId>commons-io</groupId> - <artifactId>commons-io</artifactId> - <version>2.11.0</version> - <scope>provided</scope> - </dependency> - <dependency> <groupId>org.owasp.encoder</groupId> <artifactId>encoder</artifactId> <version>1.2.3</version> <scope>provided</scope> </dependency> - <dependency> <groupId>org.osgi</groupId> <artifactId>org.osgi.service.log</artifactId> diff --git a/webconsole/src/main/java/org/apache/felix/webconsole/AbstractWebConsolePlugin.java b/webconsole/src/main/java/org/apache/felix/webconsole/AbstractWebConsolePlugin.java index b16001433e..4570523365 100644 --- a/webconsole/src/main/java/org/apache/felix/webconsole/AbstractWebConsolePlugin.java +++ b/webconsole/src/main/java/org/apache/felix/webconsole/AbstractWebConsolePlugin.java @@ -65,26 +65,14 @@ public abstract class AbstractWebConsolePlugin extends HttpServlet { private static final long serialVersionUID = 1L; /** - * The name of the request attribute containing the map of FileItems from the POST request. + * This attribute is not supported anymore * @deprecated Use the Servlet API for uploads */ @Deprecated public static final String ATTR_FILEUPLOAD = "org.apache.felix.webconsole.fileupload"; - /** - * The name of the request attribute containing a {@link java.io.File} - upload repository path used by - * {@link org.apache.commons.fileupload.disk.DiskFileItemFactory}.<p> - * - * The Web Console plugin, that utilizes file upload capabilities of the web console SHOULD: - * <ol> - * <li>Obtain the file using {@link org.osgi.framework.BundleContext#getDataFile(String)} - * <li>Set the file as request attribute - * <li>Use {@link WebConsoleUtil#getParameter(HttpServletRequest, String)} to obtain the file(s) - * </ol> - * - * Without setting this attribute, your plugin will not work if there is a security manager enabled. - * It is guaranteed, that your plugin has permissions to read/write/delete files to the location, - * provided by the bundle context. + /** + * This attribute is not supported anymore * @deprecated Use the Servlet API for uploads */ @Deprecated diff --git a/webconsole/src/main/java/org/apache/felix/webconsole/WebConsoleUtil.java b/webconsole/src/main/java/org/apache/felix/webconsole/WebConsoleUtil.java index aac06f6e69..cc8fb273ca 100644 --- a/webconsole/src/main/java/org/apache/felix/webconsole/WebConsoleUtil.java +++ b/webconsole/src/main/java/org/apache/felix/webconsole/WebConsoleUtil.java @@ -19,24 +19,13 @@ package org.apache.felix.webconsole; -import java.io.File; import java.io.IOException; import java.net.URLDecoder; import java.nio.charset.StandardCharsets; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - import javax.servlet.ServletRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.fileupload.FileItem; -import org.apache.commons.fileupload.FileUploadBase; -import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.fileupload.disk.DiskFileItemFactory; -import org.apache.commons.fileupload.servlet.ServletFileUpload; -import org.apache.commons.fileupload.servlet.ServletRequestContext; import org.apache.felix.webconsole.internal.Util; @@ -47,11 +36,9 @@ import org.apache.felix.webconsole.internal.Util; * @deprecated Some of the methods can be replaced with direct Servlet API calls. */ @Deprecated -public final class WebConsoleUtil -{ +public final class WebConsoleUtil { - private WebConsoleUtil() - { + private WebConsoleUtil() { /* no instantiation */ } @@ -108,82 +95,15 @@ public final class WebConsoleUtil /** - * An utility method, that is used to filter out simple parameter from file - * parameter when multipart transfer encoding is used. - * - * This method processes the request and sets a request attribute - * {@link AbstractWebConsolePlugin#ATTR_FILEUPLOAD}. The attribute value is a {@link Map} - * where the key is a String specifying the field name and the value - * is a {@link org.apache.commons.fileupload.FileItem}. - * + * An utility method to get a parameter value * @param request the HTTP request coming from the user * @param name the name of the parameter - * @return if not multipart transfer encoding is used - the value is the - * parameter value or <code>null</code> if not set. If multipart is used, - * and the specified parameter is field - then the value of the parameter - * is returned. + * @return The value or {@code null}. * @deprecated Use the Servlet API for uploads */ @Deprecated public static final String getParameter( final HttpServletRequest request, final String name ) { - // just get the parameter if not a multipart/form-data POST - if ( !FileUploadBase.isMultipartContent( new ServletRequestContext( request ) ) ) { - return request.getParameter( name ); - } - - // check, whether we already have the parameters - @SuppressWarnings("unchecked") - Map<String, FileItem[]> params = ( Map<String, FileItem[]> ) request.getAttribute( AbstractWebConsolePlugin.ATTR_FILEUPLOAD ); - if ( params == null ) { - // parameters not read yet, read now - // Create a factory for disk-based file items - DiskFileItemFactory factory = new DiskFileItemFactory(); - factory.setSizeThreshold( 256000 ); - // See https://issues.apache.org/jira/browse/FELIX-4660 - final Object repo = request.getAttribute( AbstractWebConsolePlugin.ATTR_FILEUPLOAD_REPO ); - if ( repo instanceof File ) { - factory.setRepository( (File) repo ); - } - - // Create a new file upload handler - ServletFileUpload upload = new ServletFileUpload( factory ); - upload.setSizeMax( -1 ); - upload.setFileCountMax(50); - - // Parse the request - params = new HashMap<>(); - try { - final List<FileItem> items = upload.parseRequest( request ); - for(final FileItem fi : items) { - FileItem[] current = ( FileItem[] ) params.get( fi.getFieldName() ); - if ( current == null ) { - current = new FileItem[] { fi }; - } else { - FileItem[] newCurrent = new FileItem[current.length + 1]; - System.arraycopy( current, 0, newCurrent, 0, current.length ); - newCurrent[current.length] = fi; - current = newCurrent; - } - params.put( fi.getFieldName(), current ); - } - } catch ( FileUploadException fue ) { - // fail - return null; - } - request.setAttribute( AbstractWebConsolePlugin.ATTR_FILEUPLOAD, params ); - } - - final FileItem[] param = ( FileItem[] ) params.get( name ); - if ( param != null ) { - for ( int i = 0; i < param.length; i++ ) { - if ( param[i].isFormField() ) { - return param[i].getString(); - } - } - } - - // no valid string parameter, fail - return null; + return request.getParameter( name ); } /** diff --git a/webconsole/src/main/java/org/apache/felix/webconsole/internal/core/BundlesServlet.java b/webconsole/src/main/java/org/apache/felix/webconsole/internal/core/BundlesServlet.java index 78e5f7bb07..a2deed844f 100644 --- a/webconsole/src/main/java/org/apache/felix/webconsole/internal/core/BundlesServlet.java +++ b/webconsole/src/main/java/org/apache/felix/webconsole/internal/core/BundlesServlet.java @@ -18,14 +18,13 @@ package org.apache.felix.webconsole.internal.core; import java.io.File; -import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; -import java.io.OutputStream; import java.io.PrintWriter; import java.io.StringWriter; import java.io.Writer; import java.lang.reflect.Array; +import java.nio.file.Files; import java.text.MessageFormat; import java.util.AbstractMap; import java.util.ArrayList; @@ -47,7 +46,6 @@ import java.util.TreeMap; import java.util.jar.JarFile; import java.util.jar.Manifest; -import org.apache.commons.io.IOUtils; import org.apache.felix.inventory.Format; import org.apache.felix.inventory.InventoryPrinter; import org.apache.felix.utils.json.JSONWriter; @@ -1497,9 +1495,8 @@ public class BundlesServlet extends AbstractOsgiManagerPlugin implements Invento try { // copy the data to a file for better processing tmpFile = File.createTempFile( "install", ".tmp" ); - try (final InputStream bundleStream = part.getInputStream(); - final OutputStream out = new FileOutputStream(tmpFile)) { - IOUtils.copy(bundleStream, out); + try (final InputStream bundleStream = part.getInputStream()) { + Files.copy(bundleStream, tmpFile.toPath()); } } catch ( final Exception e ) { Util.LOGGER.error("Problem accessing uploaded bundle file: {}", part.getSubmittedFileName(), e );