diff --git a/pom.xml b/pom.xml
index 639e32e2..4d40572c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -151,7 +151,7 @@
commons-io
commons-io
- 2.14.0
+ 2.17.0
com.jcraft
@@ -167,7 +167,7 @@
com.auth0
java-jwt
- 4.2.1
+ 4.4.0
@@ -246,17 +246,25 @@
org.apache.tomcat.embed
tomcat-embed-core
- 9.0.90
+ 9.0.95
org.apache.tomcat
tomcat-jdbc
- 9.0.71
+ 9.0.95
-
+
+ org.apache.commons
+ commons-fileupload2-javax
+ 2.0.0-M2
+
+
+
+
+
jakarta.xml.bind
jakarta.xml.bind-api
diff --git a/src/main/java/org/kawanfw/sql/api/server/blob/DefaultBlobUploadConfigurator.java b/src/main/java/org/kawanfw/sql/api/server/blob/DefaultBlobUploadConfigurator.java
index 83e3044f..966e963e 100644
--- a/src/main/java/org/kawanfw/sql/api/server/blob/DefaultBlobUploadConfigurator.java
+++ b/src/main/java/org/kawanfw/sql/api/server/blob/DefaultBlobUploadConfigurator.java
@@ -11,6 +11,19 @@
*/
package org.kawanfw.sql.api.server.blob;
+//see https://commons.apache.org/proper/commons-fileupload/migration.html and https://stackoverflow.com/a/79047694
+import org.apache.commons.fileupload2.core.DiskFileItemFactory;
+import org.apache.commons.fileupload2.core.FileItemInput;
+import org.apache.commons.fileupload2.core.FileItemInputIterator;
+import org.apache.commons.fileupload2.javax.JavaxServletFileUpload;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.SystemUtils;
+import org.kawanfw.sql.util.FrameworkDebug;
+import org.kawanfw.sql.util.FrameworkFileUtil;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
@@ -21,20 +34,6 @@
import java.nio.file.StandardCopyOption;
import java.util.Date;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.io.FileUtils;
-import org.apache.commons.lang3.SystemUtils;
-import org.apache.tomcat.util.http.fileupload.FileItemIterator;
-import org.apache.tomcat.util.http.fileupload.FileItemStream;
-import org.apache.tomcat.util.http.fileupload.FileUploadException;
-import org.apache.tomcat.util.http.fileupload.disk.DiskFileItemFactory;
-import org.apache.tomcat.util.http.fileupload.servlet.ServletFileUpload;
-import org.apache.tomcat.util.http.fileupload.util.Streams;
-import org.kawanfw.sql.util.FrameworkDebug;
-import org.kawanfw.sql.util.FrameworkFileUtil;
-
/**
*
* Class that allows uploading Blob/Clobs. Default implementation.
@@ -57,7 +56,7 @@ public class DefaultBlobUploadConfigurator implements BlobUploadConfigurator {
*/
@Override
public void upload(HttpServletRequest request, HttpServletResponse response, File blobDirectory, long maxBlobLength)
- throws IOException, FileUploadException {
+ throws IOException {
debug("in upload()");
@@ -65,7 +64,7 @@ public void upload(HttpServletRequest request, HttpServletResponse response, Fil
// Prepare the response
// Check that we have a file upload request
- boolean isMultipart = ServletFileUpload.isMultipartContent(request);
+ boolean isMultipart = JavaxServletFileUpload.isMultipartContent(request);
debug("isMultipart: " + isMultipart);
if (!isMultipart) {
@@ -78,12 +77,14 @@ public void upload(HttpServletRequest request, HttpServletResponse response, Fil
debug("tempRepository: " + tempRepository);
// Create a factory for disk-based file items
- DiskFileItemFactory factory = new DiskFileItemFactory();
- factory.setRepository(tempRepository);
+ //DiskFileItemFactory factory = new DiskFileItemFactory();
+ //factory.setRepository(tempRepository);
+ DiskFileItemFactory factory =
+ new DiskFileItemFactory.Builder().setPath(tempRepository.getPath()).get();
// Create a new file upload handler using the factory
// that define the secure temp dir
- ServletFileUpload upload = new ServletFileUpload(factory);
+ JavaxServletFileUpload upload = new JavaxServletFileUpload(factory);
debug("maxBlobLength: " + maxBlobLength);
if (DEBUG) {
@@ -99,22 +100,22 @@ public void upload(HttpServletRequest request, HttpServletResponse response, Fil
}
// Parse the request
- FileItemIterator iter = upload.getItemIterator(request);
+ FileItemInputIterator iter = upload.getItemIterator(request);
String blobId = null;
// Parse the request
while (iter.hasNext()) {
- FileItemStream item = iter.next();
+ FileItemInput item = iter.next();
String name = item.getFieldName();
debug("name: " + name);
// The input Stream for the File
- try (InputStream inputstream = item.openStream()) {
+ try (InputStream inputstream = item.getInputStream()) {
if (item.isFormField()) {
if (name.equals("blob_id")) {
- blobId = Streams.asString(inputstream);
+ blobId = IOUtils.toString(inputstream, StandardCharsets.UTF_8);
debug("blob_id: " + blobId);
}
} else {
diff --git a/src/main/java/org/kawanfw/sql/servlet/ServerSqlDispatch.java b/src/main/java/org/kawanfw/sql/servlet/ServerSqlDispatch.java
index 3eb6740e..46ae021d 100644
--- a/src/main/java/org/kawanfw/sql/servlet/ServerSqlDispatch.java
+++ b/src/main/java/org/kawanfw/sql/servlet/ServerSqlDispatch.java
@@ -11,22 +11,9 @@
*/
package org.kawanfw.sql.servlet;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.sql.Connection;
-import java.sql.DatabaseMetaData;
-import java.sql.SQLException;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
+//see https://commons.apache.org/proper/commons-fileupload/migration.html and https://stackoverflow.com/a/79047694
+import org.apache.commons.fileupload2.javax.JavaxServletFileUpload;
import org.apache.commons.lang3.exception.ExceptionUtils;
-import org.apache.tomcat.util.http.fileupload.FileUploadException;
-import org.apache.tomcat.util.http.fileupload.servlet.ServletFileUpload;
import org.kawanfw.sql.api.server.DatabaseConfigurator;
import org.kawanfw.sql.api.server.firewall.SqlFirewallManager;
import org.kawanfw.sql.metadata.dto.DatabaseInfoDto;
@@ -51,6 +38,18 @@
import org.kawanfw.sql.util.FrameworkDebug;
import org.kawanfw.sql.version.VersionWrapper;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.sql.Connection;
+import java.sql.DatabaseMetaData;
+import java.sql.SQLException;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.Set;
+
/**
* @author Nicolas de Pomereu
*
@@ -74,10 +73,9 @@ public class ServerSqlDispatch {
* @param out
* @throws IOException if any IOException occurs
* @throws SQLException
- * @throws FileUploadException
*/
public void executeRequestInTryCatch(HttpServletRequest request, HttpServletResponse response, OutputStream out)
- throws IOException, SQLException, FileUploadException {
+ throws IOException, SQLException {
if (doBlobUpload(request, response, out)) {
return;
@@ -517,15 +515,14 @@ private void treatCloseAction(HttpServletResponse response, OutputStream out, St
* @param response
* @param out
* @throws IOException
- * @throws FileUploadException
* @throws SQLException
*/
private boolean doBlobUpload(HttpServletRequest request, HttpServletResponse response, OutputStream out)
- throws IOException, FileUploadException, SQLException {
+ throws IOException, SQLException {
// Immediate catch if we are asking a file upload, because
// parameters are in unknown sequence.
// We know it's a upload action if it's mime Multipart
- if (ServletFileUpload.isMultipartContent(request)) {
+ if (JavaxServletFileUpload.isMultipartContent(request)) {
BlobUploader blobUploader = new BlobUploader(request, response, out);
blobUploader.blobUpload();
return true;