Issue Details (XML | Word | Printable)

Key: FILEUPLOAD-50
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Unassigned
Reporter: Cris Daniluk
Votes: 2
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Commons FileUpload

[fileupload] FileItem implements Serializable incorrectly

Created: 21/Dec/04 11:26 AM   Updated: 30/Oct/06 09:45 PM
Return to search
Component/s: None
Affects Version/s: None
Fix Version/s: None

Time Tracking:
Not Specified

File Attachments:
  File Name Date Attached Attached By Size
Java Source File DiskFileItemSerializeTest.java 2005-11-28 10:50 AM Niall Pemberton 8 kB
Text File FileUploadSerializeDiskFileItem.patch 2005-11-28 11:52 AM Niall Pemberton 3 kB
Text File FileUploadSerializeDiskFileItem.patch 2005-11-28 10:48 AM Niall Pemberton 3 kB
Text File FileUploadSerializeDiskFileItem3.patch 2005-11-28 01:07 PM Niall Pemberton 5 kB
Environment:
Operating System: All
Platform: PC

Bugzilla Id: 32785
Resolution Date: 30/Oct/06 09:45 PM


 Description  « Hide
org.apache.commons.fileupload.FileItem implements Serializable, but does not
honor the contract. It contains member field
org.apache.commons.fileupload.DeferredFileOutputStream, which is not
Serializable. Would prefer to have this class be truly Serializable but may not
be practical considering the nature of it. It should at least not define itself
as such, as it is misleading.

 All   Comments   Work Log   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Christoffer Hammarström added a comment - 22/Dec/04 08:33 PM
Is there any hope that this will be fixed in the next release? This is the only
thing that makes my webapp sessions non-serializable.

[ Permlink | « Hide ]
Martin Cooper added a comment - 28/Nov/05 05:29 AM
I believe you are referring to DiskFileItem not being serialisable. I don't see
a way to fix this, as you say, because of the nature of the class. Note that it
is the FileItem interface that is serialisable, but this particular
implementation of that interface cannot be serialised. That doesn't mean that
all implementations will not be serialisable.

As for comment #1, the simple solution is to not store FileItem instances in
your session.

If anyone has any good ideas on how to make DiskFileItem serialisable, please
let me know ASAP. Otherwise I will mark this as WONTFIX.


[ Permlink | « Hide ]
Niall Pemberton added a comment - 28/Nov/05 10:48 AM
Created an attachment (id=17057)
Patch to make DiskFileItem Serializable

I'm attaching a patch that makes DiskFileItem serializable. It works by making
the DeferredFileOutputStream transient and storing the file contents in a cache
during serialization and then re-writing them back out (if not in memory) to a
new file during de-serialization. Its not ideal, but maybe better than not
being serializabe.

I also included a slight change to ensure cachedData is always used if exists.


[ Permlink | « Hide ]
Niall Pemberton added a comment - 28/Nov/05 10:50 AM
Created an attachment (id=17058)
Serialization JUnit test for DiskFileItem

[ Permlink | « Hide ]
Martin Cooper added a comment - 28/Nov/05 11:26 AM
Unfortunately, this will almost certainly cause OutOfMemory exceptions when
large uploads are involved. This is because both writeObject and readObject rely
on the entire contents being loaded into memory. That's fine for typical form
fields, but if the item represents a 2GB upload, things don't look so good.

Something along these lines that streams the content from or to a DFOS might
work, but I hate to think of the performance implications of serialisable
sessions that contain multiple gigabytes of data...


[ Permlink | « Hide ]
Niall Pemberton added a comment - 28/Nov/05 11:52 AM
Created an attachment (id=17059)
Modified patch for DiskFileItem

OK, how about copying the disk file to a new file during de-serialization
Instead?


[ Permlink | « Hide ]
Martin Cooper added a comment - 28/Nov/05 01:01 PM
That'll work. Thanks! Patch applied, with a simplification to readObject() and
some other minor changes.

[ Permlink | « Hide ]
Niall Pemberton added a comment - 28/Nov/05 01:07 PM
Created an attachment (id=17060)
3rd Patch for DiskFileItem

I guess the 2nd patch isn't a great idea either since its not v.efficient
copying a ton of data.

Attaching a 3rd patch - if its not "in memory" this one caches the File that
DeferredFileOutputStream has written to when serializing. Everywhere that
referenced the DeferredFileOutputStream now checks to see if that File is there
first. If it is "in memory" it re-creates the DeferredFileOutputStream.
Powered by a free Atlassian JIRA open source license for Apache Software Foundation. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators