SLING-13202 Remove dependency on commons-fileupload

pom.xml

@@ -141,12 +141,6 @@
             <version>2.1.2</version>
             <scope>provided</scope>
         </dependency>
-        <dependency>
-            <groupId>commons-fileupload</groupId>
-            <artifactId>commons-fileupload</artifactId>
-            <version>1.6.0</version>
-            <scope>provided</scope>
-        </dependency>
         <dependency>
             <groupId>org.osgi</groupId>
             <artifactId>org.osgi.framework</artifactId>

src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java

@@ -36,6 +36,7 @@
 import org.apache.sling.engine.impl.helper.ClientAbortException;
 import org.apache.sling.engine.impl.helper.RequestListenerManager;
 import org.apache.sling.engine.impl.helper.SlingServletContext;
+import org.apache.sling.engine.impl.parameters.RequestParameterConfig;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.Constants;
 import org.osgi.framework.ServiceRegistration;
@@ -90,6 +91,10 @@ public class SlingMainServlet extends GenericServlet {
     @Reference
     private volatile SlingRequestProcessorImpl requestProcessorImpl;
 
+    /** extra config properties for multipart file upload support */
+    @Reference
+    private transient RequestParameterConfig reqParamConfig;
+
     private volatile boolean allowTrace;
 
     private volatile ServiceRegistration<Servlet> servletRegistration;
@@ -181,6 +186,22 @@ private Dictionary<String, Object> getServletContextRegistrationProps(final Stri
         if (servletName != null) {
             servletConfig.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_NAME, servletName);
         }
+
+        // configure support for multipart file uploads
+        servletConfig.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_MULTIPART_ENABLED, true);
+        // dig the multipart configuration out of the "Request Parameter Handling" configuration
+        final String multipartLocation = reqParamConfig.resolveLocation();
+        if (multipartLocation != null) {
+            servletConfig.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_MULTIPART_LOCATION, multipartLocation);
+        }
+        final org.apache.sling.engine.impl.parameters.RequestParameterConfig.Config config = reqParamConfig.getConfig();
+        servletConfig.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_MULTIPART_MAXFILESIZE, config.file_max());
+        servletConfig.put(
+                HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_MULTIPART_MAXREQUESTSIZE, config.request_max());
+        servletConfig.put(
+                HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_MULTIPART_FILESIZETHRESHOLD, config.file_threshold());
+        servletConfig.put("osgi.http.whiteboard.servlet.multipart.maxFileCount", config.request_max_file_count());
+
         servletConfig.put(Constants.SERVICE_DESCRIPTION, "Apache Sling Engine Main Servlet");
         servletConfig.put(Constants.SERVICE_VENDOR, "The Apache Software Foundation");
 

src/main/java/org/apache/sling/engine/impl/parameters/FileCountLimitExceededException.java

@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.engine.impl.parameters;
+
+import java.io.IOException;
+
+/**
+ * This exception is thrown if a request contains more files than the specified
+ * limit.
+ */
+public class FileCountLimitExceededException extends IOException {
+
+    private static final long serialVersionUID = 6904179610227521789L;
+
+    /**
+     * The limit that was exceeded.
+     */
+    private final long limit;
+
+    /**
+     * Creates a new instance.
+     *
+     * @param message The detail message
+     * @param limit The limit that was exceeded
+     */
+    public FileCountLimitExceededException(final String message, final long limit) {
+        super(message);
+        this.limit = limit;
+    }
+
+    /**
+     * Gets the limit that was exceeded.
+     *
+     * @return The limit that was exceeded by the request
+     */
+    public long getLimit() {
+        return limit;
+    }
+}

src/main/java/org/apache/sling/engine/impl/parameters/MultipartRequestParameter.java

@@ -20,9 +20,11 @@
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.UncheckedIOException;
 import java.io.UnsupportedEncodingException;
+import java.nio.charset.StandardCharsets;
 
-import org.apache.commons.fileupload.disk.DiskFileItem;
+import jakarta.servlet.http.Part;
 
 /**
  * The <code>MultipartRequestParameter</code> represents a request parameter
@@ -34,33 +36,37 @@
  */
 public class MultipartRequestParameter extends AbstractRequestParameter {
 
-    private final DiskFileItem delegatee;
+    private final Part delegatee;
 
     private String encodedFileName;
-
     private String cachedValue;
 
-    public MultipartRequestParameter(DiskFileItem delegatee) {
-        super(delegatee.getFieldName(), null);
+    public MultipartRequestParameter(Part delegatee, String encoding) {
+        super(delegatee.getName(), encoding);
         this.delegatee = delegatee;
     }
 
     void dispose() throws IOException {
         this.delegatee.delete();
     }
 
-    DiskFileItem getFileItem() {
+    Part getPart() {
         return this.delegatee;
     }
 
     @Override
     void setEncoding(String encoding) {
         super.setEncoding(encoding);
         cachedValue = null;
+        encodedFileName = null;
     }
 
     public byte[] get() {
-        return this.delegatee.get();
+        try (InputStream inStream = getInputStream()) {
+            return inStream.readAllBytes();
+        } catch (IOException e) {
+            throw new UncheckedIOException(e);
+        }
     }
 
     public String getContentType() {
@@ -72,8 +78,8 @@ public InputStream getInputStream() throws IOException {
     }
 
     public String getFileName() {
-        if (this.encodedFileName == null && this.delegatee.getName() != null) {
-            String tmpFileName = this.delegatee.getName();
+        if (this.encodedFileName == null && this.delegatee.getSubmittedFileName() != null) {
+            String tmpFileName = this.delegatee.getSubmittedFileName();
             if (this.getEncoding() != null) {
                 try {
                     byte[] rawName = tmpFileName.getBytes(Util.ENCODING_DIRECT);
@@ -117,15 +123,27 @@ public String getString() {
             return this.cachedValue;
         }
 
-        return this.delegatee.getString();
+        // try explicit encoding if available
+        String encoding = getEncoding();
+        if (encoding == null) {
+            // fallback to be used when no explicit value is provided
+            encoding = StandardCharsets.ISO_8859_1.name();
+        }
+        try {
+            return new String(this.get(), encoding);
+        } catch (final UnsupportedEncodingException e) {
+            // don't care, fall back to empty for backward compatibility
+            return "";
+        }
     }
 
     public String getString(String enc) throws UnsupportedEncodingException {
         return new String(this.get(), enc);
     }
 
     public boolean isFormField() {
-        return this.delegatee.isFormField();
+        // If getSubmittedFileName() returns null, it is likely a regular form field
+        return this.delegatee.getSubmittedFileName() == null;
     }
 
     public String toString() {

src/main/java/org/apache/sling/engine/impl/parameters/ParameterMap.java

@@ -66,6 +66,7 @@ void renameParameter(String oldName, String newName) {
         }
 
         super.put(newName, params);
+        this.stringParameterMap = null;
     }
 
     void addParameter(RequestParameter parameter, boolean prependNew) {
@@ -93,10 +94,12 @@ void addParameter(RequestParameter parameter, boolean prependNew) {
 
         // list of parameters
         this.requestParameters.add(parameter);
+        this.stringParameterMap = null;
     }
 
     void setParameters(String name, RequestParameter[] parameters) {
         super.put(name, parameters);
+        stringParameterMap = null;
     }
 
     // ---------- String parameter support
@@ -125,19 +128,19 @@ public Map<String, String[]> getStringParameterMap() {
 
     public Object getPart(final String name) {
         final RequestParameter p = this.getValue(name);
-        if (p instanceof MultipartRequestParameter) {
-            return new SlingPart((MultipartRequestParameter) p);
+        if (p instanceof MultipartRequestParameter mrp) {
+            return new SlingPart(mrp);
         }
 
         // no such part
         return null;
     }
 
     public Collection<?> getParts() {
-        final ArrayList<Part> parts = new ArrayList<Part>(this.size());
+        final ArrayList<Part> parts = new ArrayList<>(this.size());
         for (RequestParameter[] param : this.values()) {
-            if (param.length >= 1 && param[0] instanceof MultipartRequestParameter) {
-                parts.add(new SlingPart((MultipartRequestParameter) param[0]));
+            if (param.length >= 1 && param[0] instanceof MultipartRequestParameter mrp) {
+                parts.add(new SlingPart(mrp));
             }
         }
         return parts;