SLING-13202 Remove dependency on commons-fileupload

pom.xml

@@ -141,12 +141,6 @@
             <version>2.1.2</version>
             <scope>provided</scope>
         </dependency>
-        <dependency>
-            <groupId>commons-fileupload</groupId>
-            <artifactId>commons-fileupload</artifactId>
-            <version>1.6.0</version>
-            <scope>provided</scope>
-        </dependency>
         <dependency>
             <groupId>org.osgi</groupId>
             <artifactId>org.osgi.framework</artifactId>

src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java

@@ -36,6 +36,7 @@
 import org.apache.sling.engine.impl.helper.ClientAbortException;
 import org.apache.sling.engine.impl.helper.RequestListenerManager;
 import org.apache.sling.engine.impl.helper.SlingServletContext;
+import org.apache.sling.engine.impl.parameters.RequestParameterConfig;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.Constants;
 import org.osgi.framework.ServiceRegistration;
@@ -90,6 +91,10 @@ public class SlingMainServlet extends GenericServlet {
     @Reference
     private volatile SlingRequestProcessorImpl requestProcessorImpl;
 
+    /** extra config properties for multipart file upload support */
+    @Reference
+    private transient RequestParameterConfig reqParamConfig;
+
     private volatile boolean allowTrace;
 
     private volatile ServiceRegistration<Servlet> servletRegistration;
@@ -181,6 +186,21 @@ private Dictionary<String, Object> getServletContextRegistrationProps(final Stri
         if (servletName != null) {
             servletConfig.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_NAME, servletName);
         }
+
+        // configure support for multipart file uploads
+        servletConfig.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_MULTIPART_ENABLED, true);
+        // dig the multipart configuration out of the "Request Parameter Handling" configuration
+        final String multipartLocation = reqParamConfig.resolveLocation();
+        if (multipartLocation != null) {
+            servletConfig.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_MULTIPART_LOCATION, multipartLocation);
+        }
+        final org.apache.sling.engine.impl.parameters.RequestParameterConfig.Config config = reqParamConfig.getConfig();
+        servletConfig.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_MULTIPART_MAXFILESIZE, config.file_max());
+        servletConfig.put(
+                HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_MULTIPART_MAXREQUESTSIZE, config.request_max());
+        servletConfig.put(
+                HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_MULTIPART_FILESIZETHRESHOLD, config.file_threshold());
+
         servletConfig.put(Constants.SERVICE_DESCRIPTION, "Apache Sling Engine Main Servlet");
         servletConfig.put(Constants.SERVICE_VENDOR, "The Apache Software Foundation");
 

src/main/java/org/apache/sling/engine/impl/parameters/MultipartRequestParameter.java

@@ -20,9 +20,10 @@
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.UncheckedIOException;
 import java.io.UnsupportedEncodingException;
 
-import org.apache.commons.fileupload.disk.DiskFileItem;
+import jakarta.servlet.http.Part;
 
 /**
  * The <code>MultipartRequestParameter</code> represents a request parameter
@@ -34,33 +35,38 @@
  */
 public class MultipartRequestParameter extends AbstractRequestParameter {
 
-    private final DiskFileItem delegatee;
+    private final Part delegatee;
 
     private String encodedFileName;
 
     private String cachedValue;
 
-    public MultipartRequestParameter(DiskFileItem delegatee) {
-        super(delegatee.getFieldName(), null);
+    public MultipartRequestParameter(Part delegatee) {
+        super(delegatee.getName(), null);
         this.delegatee = delegatee;
     }
 
     void dispose() throws IOException {
         this.delegatee.delete();
     }
 
-    DiskFileItem getFileItem() {
+    Part getPart() {
         return this.delegatee;
     }
 
     @Override
     void setEncoding(String encoding) {
         super.setEncoding(encoding);
         cachedValue = null;
+        encodedFileName = null;
     }
 
     public byte[] get() {
-        return this.delegatee.get();
+        try {
+            return getInputStream().readAllBytes();
+        } catch (IOException e) {
+            throw new UncheckedIOException(e);
+        }
     }
 
     public String getContentType() {
@@ -72,8 +78,8 @@ public InputStream getInputStream() throws IOException {
     }
 
     public String getFileName() {
-        if (this.encodedFileName == null && this.delegatee.getName() != null) {
-            String tmpFileName = this.delegatee.getName();
+        if (this.encodedFileName == null && this.delegatee.getSubmittedFileName() != null) {
+            String tmpFileName = this.delegatee.getSubmittedFileName();
             if (this.getEncoding() != null) {
                 try {
                     byte[] rawName = tmpFileName.getBytes(Util.ENCODING_DIRECT);
@@ -117,15 +123,16 @@ public String getString() {
             return this.cachedValue;
         }
 
-        return this.delegatee.getString();
+        return new String(this.get());
     }
 
     public String getString(String enc) throws UnsupportedEncodingException {
         return new String(this.get(), enc);
     }
 
     public boolean isFormField() {
-        return this.delegatee.isFormField();
+        // If getSubmittedFileName() returns null, it is likely a regular form field
+        return this.delegatee.getSubmittedFileName() == null;
     }
 
     public String toString() {

src/main/java/org/apache/sling/engine/impl/parameters/ParameterMap.java

@@ -66,6 +66,7 @@ void renameParameter(String oldName, String newName) {
         }
 
         super.put(newName, params);
+        this.stringParameterMap = null;
     }
 
     void addParameter(RequestParameter parameter, boolean prependNew) {
@@ -93,10 +94,12 @@ void addParameter(RequestParameter parameter, boolean prependNew) {
 
         // list of parameters
         this.requestParameters.add(parameter);
+        this.stringParameterMap = null;
     }
 
     void setParameters(String name, RequestParameter[] parameters) {
         super.put(name, parameters);
+        stringParameterMap = null;
     }
 
     // ---------- String parameter support
@@ -125,19 +128,19 @@ public Map<String, String[]> getStringParameterMap() {
 
     public Object getPart(final String name) {
         final RequestParameter p = this.getValue(name);
-        if (p instanceof MultipartRequestParameter) {
-            return new SlingPart((MultipartRequestParameter) p);
+        if (p instanceof MultipartRequestParameter mrp) {
+            return mrp.getPart();
         }
 
         // no such part
         return null;
     }
 
     public Collection<?> getParts() {
-        final ArrayList<Part> parts = new ArrayList<Part>(this.size());
+        final ArrayList<Part> parts = new ArrayList<>(this.size());
         for (RequestParameter[] param : this.values()) {
-            if (param.length >= 1 && param[0] instanceof MultipartRequestParameter) {
-                parts.add(new SlingPart((MultipartRequestParameter) param[0]));
+            if (param.length >= 1 && param[0] instanceof MultipartRequestParameter mrp) {
+                parts.add(mrp.getPart());
             }
         }
         return parts;