jsr369-experts@servlet-spec.java.net

[jsr369-experts] Re: [SERVLET_SPEC-172-Part.write] DISCUSSION (was: Re: [servlet-spec users] Re: Re: Part write clarification?)

From: Greg Wilkins <gregw_at_webtide.com>
Date: Fri, 24 Mar 2017 09:51:48 +1100

Ed et al,

Firstly, if I understand this proposal correctly, it is not supporting the
current interpretation made by Tomcat and others. While, Jetty is OK with
that, we would still be willing to support an interpretation that did
support Tomcat et al, so long as it is clearly specified.

See more comments below:

On 24 March 2017 at 09:01, Edward Burns <edward.burns_at_oracle.com> wrote:

> PROPOSAL: Modify the spec for Part.write() to be:
>
> Add this text in the main javadoc for the method.
>
> -----
>
> The following constraints apply to the fileName argument:
>
> * For all values of the fileName argument, the resultant location on the
> server's filesystem is relative to the location as specified in the
> MultipartConfig.
>
> * If fileName is an absolute location, it still is relative to the
> location, in a system-dependent manner, as specified in the
> MultiPartConfig.
>
>
A "system dependent manner" is not really a clarification. If we wish to
have portability then we need to nail down handling of absolution locations.

My preference would be that absolute locations are allowed so long as they
are within the tree that is defined by the config in MultiPartConfig. So I
would propose:

* If fileName is an absolute location, it still must be for a Path that has
the
  location as specified in the MultiPartConfig as a parent, otherwise an
IllegalArgumentException is thrown


> * If fileName contains system-dependent relative path segments, such as
> "../", if the resultant path is "higher" than the location, as
> specified in the MultiPartConfig, throw an IOException.
>

Would IllegalArgumentException be better here?



>
> ----
>
> Change the paramaters to be:
>
> Parameters:
>
> fileName - the path of the file to which the stream will be written.
>

This should be further clarified that URI notation may not be interpreted
in a portable fashion:

 fileName - the path of the file to which the stream will be written. Note
that this is a system dependent string and URI notation may not be
acceptable on all systems. For portability, this string should be generated
with the File or Path APIs



> Throws:
> IOException - if an error occurs.
>
> What do you think?
>
> 



-- 
Greg Wilkins <gregw@webtide.com> CTO http://webtide.com
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.