Bug 1133873 - The module "org.apache.commons.fileupload" should depend on "org.apache.commons.io".
Summary: The module "org.apache.commons.fileupload" should depend on "org.apache.commo...
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: JBoss Enterprise Portal Platform 6
Classification: JBoss
Component: Portal
Version: 6.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: CR03
: 6.2.0
Assignee: Nobody
QA Contact: Tomas Kyjovsky
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-26 11:11 UTC by indrajit
Modified: 2025-02-10 03:42 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2025-02-10 03:42:51 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker GTNPORTAL-3578 0 Major Resolved Dependency org.apache.commons.io is not present in org.apache.commons.fileupload module 2017-05-23 13:52:20 UTC

Description indrajit 2014-08-26 11:11:38 UTC 
Description of problem:

Apache states clearly in [1] that commons-fileupload-*.jar is a direct dependent on commons-io-*.jar but in $JPP_HOME/modules/system/layers/gatein/org/apache/commons/fileupload/main/module.xml file does not specify dependency of "org.apache.commons.io" module: 

[1] http://commons.apache.org/proper/commons-fileupload/dependencies.html

So getting below exceptions while executing parseRequest(request) method of class - org.apache.commons.fileupload.servlet.ServletFileUpload :

----------------------------------------
16:15:51,245 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/TestFileUpload].[FileUploadServlet]] (http-/127.0.0.1:8080-1) JBWEB000236: Servlet.service() for servlet FileUploadServlet threw exception: java.lang.ClassNotFoundException: org.apache.commons.io.output.DeferredFileOutputStream from [Module "org.apache.commons.fileupload:main" from local module loader @4e3e95e6 (finder: local module finder @6ee3572b (roots: /NotBackedUp/Portal_SBR/EPP_6/EPP-6.1.0/jboss-jpp-6.1.0_test/jboss-jpp-6.1/modules,/NotBackedUp/Portal_SBR/EPP_6/EPP-6.1.0/jboss-jpp-6.1.0_test/jboss-jpp-6.1/modules/system/layers/gatein,/NotBackedUp/Portal_SBR/EPP_6/EPP-6.1.0/jboss-jpp-6.1.0_test/jboss-jpp-6.1/modules/system/layers/base))]
	at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:196) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:444) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:432) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:374) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:119) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.apache.commons.fileupload.disk.DiskFileItemFactory.createItem(DiskFileItemFactory.java:196) [commons-fileupload-1.2.1.jar:1.2.1]
	at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:358) [commons-fileupload-1.2.1.jar:1.2.1]
	at org.apache.commons.fileupload.servlet.ServletFileUpload.parseRequest(ServletFileUpload.java:126) [commons-fileupload-1.2.1.jar:1.2.1]
	at net.codejava.upload.FileUploadServlet.doPost(FileUploadServlet.java:89) [classes:]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.2.1.Final-redhat-10.jar:7.2.1.Final-redhat-10]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_10]

----------------------------------------

Version-Release number of selected component (if applicable):


How reproducible:

While using parseRequest(request) method of class - org.apache.commons.fileupload.servlet.ServletFileUpload. 

Use it like following in a code:

DiskFileItemFactory factory = new DiskFileItemFactory();

ServletFileUpload upload = new ServletFileUpload(factory);

List<FileItem> formItems = upload.parseRequest(request);


Steps to Reproduce:
1.
2.
3.

Actual results:

----------------------------------------
16:15:51,245 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/TestFileUpload].[FileUploadServlet]] (http-/127.0.0.1:8080-1) JBWEB000236: Servlet.service() for servlet FileUploadServlet threw exception: java.lang.ClassNotFoundException: org.apache.commons.io.output.DeferredFileOutputStream from [Module "org.apache.commons.fileupload:main" from local module loader @4e3e95e6 (finder: local module finder @6ee3572b (roots: /NotBackedUp/Portal_SBR/EPP_6/EPP-6.1.0/jboss-jpp-6.1.0_test/jboss-jpp-6.1/modules,/NotBackedUp/Portal_SBR/EPP_6/EPP-6.1.0/jboss-jpp-6.1.0_test/jboss-jpp-6.1/modules/system/layers/gatein,/NotBackedUp/Portal_SBR/EPP_6/EPP-6.1.0/jboss-jpp-6.1.0_test/jboss-jpp-6.1/modules/system/layers/base))]
	at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:196) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:444) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:432) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:374) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:119) [jboss-modules.jar:1.2.2.Final-redhat-1]
	at org.apache.commons.fileupload.disk.DiskFileItemFactory.createItem(DiskFileItemFactory.java:196) [commons-fileupload-1.2.1.jar:1.2.1]
	at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.java:358) [commons-fileupload-1.2.1.jar:1.2.1]
	at org.apache.commons.fileupload.servlet.ServletFileUpload.parseRequest(ServletFileUpload.java:126) [commons-fileupload-1.2.1.jar:1.2.1]
	at net.codejava.upload.FileUploadServlet.doPost(FileUploadServlet.java:89) [classes:]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.2.1.Final-redhat-10.jar:7.2.1.Final-redhat-10]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_10]

----------------------------------------


Expected results:

Getting executed successfully if you add a dependency of "org.apache.commons.io"
in module "org.apache.commons.fileupload" module.xml like following.


----------------------------------_
<module xmlns="urn:jboss:module:1.0" name="org.apache.commons.fileupload">
  <resources>
    <resource-root path="commons-fileupload-1.2.1.jar"/>
  </resources>

  <dependencies>
    <module name="javax.servlet.api"/>
    <module name="javax.portlet.api"/>


    <module name="org.apache.commons.io"/>


  </dependencies>
</module>

----------------------------------_

Additional info:
Comment 4 Lucas Ponce 2015-02-27 09:48:29 UTC 
Fix sent to 3.8.x branch in upstream:

https://github.com/gatein/gatein-portal/pull/932
Comment 5 Peter Palaga 2015-02-27 21:57:21 UTC 
https://github.com/gatein/gatein-portal/pull/932 was merged in upstream
Comment 6 Tomas Kyjovsky 2015-03-13 16:57:31 UTC 
Not fixed in 6.2.0.ER9.

The test app doesn't work unless I manually add the dependency to the fileupload module:

    <module name="org.apache.commons.io"/>
Comment 7 Peter Palaga 2015-03-16 10:28:14 UTC 
I checked that the changes from https://github.com/gatein/gatein-portal/pull/932 are available in the -prod tag 3.8.14.Final-prod-1 in file packaging/jboss/modules/src/main/resources/modules/org/apache/commons/fileupload/main/module.xml

So this is definitely a productization issue. 
Maybe our changes are overwritten by this patch?
packaging/jboss/pkg/src/main/patches/CVE-2014-0050/module.xml

Assigning to Honza
Comment 8 Tomas Kyjovsky 2015-04-13 11:56:27 UTC 
Not fixed in ER10.
Comment 11 Red Hat Bugzilla 2025-02-10 03:42:51 UTC 
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.
Note You need to log in before you can comment on or make changes to this bug.