Bug 1133873 - The module "org.apache.commons.fileupload" should depend on "org.apache.commons.io".
Summary: The module "org.apache.commons.fileupload" should depend on "org.apache.commo...
Keywords:
Status: VERIFIED
Alias: None
Product: JBoss Enterprise Portal Platform 6
Classification: JBoss
Component: Portal
Version: 6.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: CR03
: 6.2.0
Assignee: Default User
QA Contact: Tomas Kyjovsky
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-26 11:11 UTC by indrajit
Modified: 2018-12-06 17:52 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
JBoss Issue Tracker GTNPORTAL-3578 Major Resolved Dependency org.apache.commons.io is not present in org.apache.commons.fileupload module 2017-05-23 13:52:20 UTC

Description indrajit 2014-08-26 11:11:38 UTC
Description of problem:

Apache states clearly in [1] that commons-fileupload-*.jar is a direct dependent on commons-io-*.jar but in $JPP_HOME/modules/system/layers/gatein/org/apache/commons/fileupload/main/module.xml file does not specify dependency of "org.apache.commons.io" module: 

[1] http://commons.apache.org/proper/commons-fileupload/dependencies.html

So getting below exceptions while executing parseRequest(request) method of class - org.apache.commons.fileupload.servlet.ServletFileUpload :

----------------------------------------
16:15:51,245 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/TestFileUpload].[FileUploadServlet]] (http-/127.0.0.1:8080-1) JBWEB000236: Servlet.service() for servlet FileUploadServlet threw exception: java.lang.ClassNotFoundException: org.apache.commons.io.output.DeferredFileOutputStream from [Module "org.apache.commons.fileupload:main" from local module loader @4e3e95e6 (finder: local module finder @6ee3572b (roots: /NotBackedUp/Portal_SBR/EPP_6/EPP-6.1.0/jboss-jpp-6.1.0_test/jboss-jpp-6.1/modules,/NotBackedUp/Portal_SBR/EPP_6/EPP-6.1.0/jboss-jpp-6.1.0_test/jboss-jpp-6.1/modules/system/layers/gatein,/NotBackedUp/Portal_SBR/EPP_6/EPP-6.1.0/jboss-jpp-6.1.0_test/jboss-jpp-6.1/modules/system/layers/base))]
	at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:196) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:444) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:432) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:374) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:119) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.apache.commons.fileupload.disk.DiskFileItemFactory.createItem(DiskFileItemFactory.java:196) [commons-fileupload-1.2.1.jar:1.2.1]
	at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:358) [commons-fileupload-1.2.1.jar:1.2.1]
	at org.apache.commons.fileupload.servlet.ServletFileUpload.parseRequest(ServletFileUpload.java:126) [commons-fileupload-1.2.1.jar:1.2.1]
	at net.codejava.upload.FileUploadServlet.doPost(FileUploadServlet.java:89) [classes:]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.2.1.Final-redhat-10.jar:7.2.1.Final-redhat-10]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_10]

----------------------------------------

Version-Release number of selected component (if applicable):


How reproducible:

While using parseRequest(request) method of class - org.apache.commons.fileupload.servlet.ServletFileUpload. 

Use it like following in a code:

DiskFileItemFactory factory = new DiskFileItemFactory();

ServletFileUpload upload = new ServletFileUpload(factory);

List<FileItem> formItems = upload.parseRequest(request);


Steps to Reproduce:
1.
2.
3.

Actual results:

----------------------------------------
16:15:51,245 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/TestFileUpload].[FileUploadServlet]] (http-/127.0.0.1:8080-1) JBWEB000236: Servlet.service() for servlet FileUploadServlet threw exception: java.lang.ClassNotFoundException: org.apache.commons.io.output.DeferredFileOutputStream from [Module "org.apache.commons.fileupload:main" from local module loader @4e3e95e6 (finder: local module finder @6ee3572b (roots: /NotBackedUp/Portal_SBR/EPP_6/EPP-6.1.0/jboss-jpp-6.1.0_test/jboss-jpp-6.1/modules,/NotBackedUp/Portal_SBR/EPP_6/EPP-6.1.0/jboss-jpp-6.1.0_test/jboss-jpp-6.1/modules/system/layers/gatein,/NotBackedUp/Portal_SBR/EPP_6/EPP-6.1.0/jboss-jpp-6.1.0_test/jboss-jpp-6.1/modules/system/layers/base))]
	at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:196) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:444) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:432) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:374) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:119) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.apache.commons.fileupload.disk.DiskFileItemFactory.createItem(DiskFileItemFactory.java:196) [commons-fileupload-1.2.1.jar:1.2.1]
	at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:358) [commons-fileupload-1.2.1.jar:1.2.1]
	at org.apache.commons.fileupload.servlet.ServletFileUpload.parseRequest(ServletFileUpload.java:126) [commons-fileupload-1.2.1.jar:1.2.1]
	at net.codejava.upload.FileUploadServlet.doPost(FileUploadServlet.java:89) [classes:]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.2.1.Final-redhat-10.jar:7.2.1.Final-redhat-10]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_10]

----------------------------------------


Expected results:

Getting executed successfully if you add a dependency of "org.apache.commons.io"
in module "org.apache.commons.fileupload" module.xml like following.


----------------------------------_
<module xmlns="urn:jboss:module:1.0" name="org.apache.commons.fileupload">
  <resources>
    <resource-root path="commons-fileupload-1.2.1.jar"/>
  </resources>

  <dependencies>
    <module name="javax.servlet.api"/>
    <module name="javax.portlet.api"/>


    <module name="org.apache.commons.io"/>


  </dependencies>
</module>

----------------------------------_

Additional info:

Comment 4 Lucas Ponce 2015-02-27 09:48:29 UTC
Fix sent to 3.8.x branch in upstream:

https://github.com/gatein/gatein-portal/pull/932

Comment 5 Peter Palaga 2015-02-27 21:57:21 UTC
https://github.com/gatein/gatein-portal/pull/932 was merged in upstream

Comment 6 Tomas Kyjovsky 2015-03-13 16:57:31 UTC
Not fixed in 6.2.0.ER9.

The test app doesn't work unless I manually add the dependency to the fileupload module:

    <module name="org.apache.commons.io"/>

Comment 7 Peter Palaga 2015-03-16 10:28:14 UTC
I checked that the changes from https://github.com/gatein/gatein-portal/pull/932 are available in the -prod tag 3.8.14.Final-prod-1 in file packaging/jboss/modules/src/main/resources/modules/org/apache/commons/fileupload/main/module.xml

So this is definitely a productization issue. 
Maybe our changes are overwritten by this patch?
packaging/jboss/pkg/src/main/patches/CVE-2014-0050/module.xml

Assigning to Honza

Comment 8 Tomas Kyjovsky 2015-04-13 11:56:27 UTC
Not fixed in ER10.


Note You need to log in before you can comment on or make changes to this bug.