Cannot override UploadServlet.getFileItemFactory()

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Create a custom servlet class that extends UploadAction (which in turn 
extends UploadServlet)
2. Attempt to override the PROTECTED method getFileItemFactory()
3. Compilation fails because your custom servlet is not in the same package as 
UploadServlet and, therefore, cannot override that method.

What is the expected output? What do you see instead?
I would expect to be able to override that method, especially since the 
comments around the method say to override if you want to provide a different 
factory. Since custom classes will always be outside the gwtupload package, 
this method should be declared as public.

Moreover, this is a big security hole, described in numerous places (for 
example, http://archives.neohapsis.com/archives/bugtraq/2013-03/0035.html) 
because of the default java.io.tmpdir directory (/tmp in most cases) used by 
apache commons-fileupload. I am attempting to override this method so that I 
may call a DiskFileItemFactory.setRepository() method using a context attribute 
to set the temp directory to something other than the system default.

Even though we are subclassing UploadServlet, we are doing it in a different 
package, which gives it different permissions, and adds visibility outside of 
the original protected definition.

What version of the product are you using? On what operating system?
gwtupload 0.6.6. Any OS

Please provide any additional information below.

Original issue reported on code.google.com by sh...@tarves.net on 9 Oct 2013 at 1:06

[GoogleCodeExporter]

Sorry, I didn't realize that 0.6.6 had a different signature (int vs. long) in 
that method. That was the cause of the problem.

Original comment by sh...@tarves.net on 9 Oct 2013 at 3:55

[GoogleCodeExporter]

Original comment by manuel.carrasco.m on 24 Oct 2013 at 2:37

• Changed state: Done