[Geoserver-devel] [jira] (GEOS-5111) Better temporary file handling in REST API

David Winslow created GEOS-5111:
-----------------------------------

             Summary: Better temporary file handling in REST API
                 Key: GEOS-5111
                 URL: https://jira.codehaus.org/browse/GEOS-5111
             Project: GeoServer
          Issue Type: Bug
          Components: REST
    Affects Versions: 2.1.3
            Reporter: David Winslow
            Assignee: Andrea Aime
             Fix For: 2.1.4

In the REST API the datastore upload handling code never uses temporary space, writing files straight to the data directory even when they are ultimately going to be converted formats or inserted into an external storage system such as a RDBMS. This means that some uploads can cause files in the datastore to be overwritten or deleted. The issue is compounded by a couple of bugs:
1) The upload code does actually attempt to detect and prevent file conflicts in uploads. However, it does so by checking based on the name of the datastore and the format of the upload. Depending on the upload parameters either of these parameters may be incorrect; in the case of a ZIP archive containing files whose name is different from the store name they will both be incorrect.
2) The conflict prevention mechanism used is to simply delete all files in the directory (a subdirectory of the datadir, not the data dir itself) which may remove files that would otherwise be unaffected by the upload (ie, a directory of shapefiles will all be deleted even if none of them have the same name as the uploaded zipped shapefile.)

As a *partial* fix, I've put together a patch that detects when ZIP files are uploaded and writes the ZIP archive temporarily to /tmp/ instead of the datadir. This also includes some changes to RESTUtils to add "direct-to-file" alternatives to each of the file upload methods, which currently construct their output file paths from the datastore name and format (as described above.) Test case included.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira