fix(sword): as of Payara 6, "attachment; " required to upload files #…

…8305 This is due to the fact that Payara 6 Servlets are more strict in their parsing of HTTP headers.
IQSS · Jun 28, 2023 · 89182c1 · 89182c1
1 parent 610c8fd
commit 89182c1
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 3 deletions.
diff --git a/doc/release-notes/8305-payara6.md b/doc/release-notes/8305-payara6.md
@@ -0,0 +1,3 @@
+## Backward Incompatible Changes
+
+- To upload files, the SWORD API now requires "Content-Disposition: attachment; filename=example.zip" rather than "Content-Disposition: filename=example.zip".
diff --git a/doc/sphinx-guides/source/api/sword.rst b/doc/sphinx-guides/source/api/sword.rst
@@ -67,6 +67,8 @@ Differences in Dataverse Software 4 from DVN 3.x lead to a few minor backward in
 
 - As of Dataverse Software 5.10, ``NONE`` is no longer supported as a license.
 
+- As of Dataverse Software 6.0, when uploading files, you must supply "Content-Disposition: attachment; filename=example.zip" rather than "Content-Disposition: filename=example.zip". See :ref:`sword-add-files`.
+
 New features as of v1.1
 -----------------------
 
@@ -161,14 +163,16 @@ You must have permission to add datasets in a Dataverse collection (the Datavers
 
   curl -u $API_TOKEN: https://$HOSTNAME/dvn/api/data-deposit/v1.1/swordv2/collection/dataverse/$DATAVERSE_ALIAS
 
+.. _sword-add-files:
+
 Add files to a dataset with a zip file
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 You must have ``EditDataset`` permission (Contributor role or above such as Curator or Admin) on the dataset to add files.
 
 .. code-block:: bash
 
-  curl -u $API_TOKEN: --data-binary @path/to/example.zip -H "Content-Disposition: filename=example.zip" -H "Content-Type: application/zip" -H "Packaging: http://purl.org/net/sword/package/SimpleZip" https://$HOSTNAME/dvn/api/data-deposit/v1.1/swordv2/edit-media/study/doi:TEST/12345
+  curl -u $API_TOKEN: --data-binary @path/to/example.zip -H "Content-Disposition: attachment; filename=example.zip" -H "Content-Type: application/zip" -H "Packaging: http://purl.org/net/sword/package/SimpleZip" https://$HOSTNAME/dvn/api/data-deposit/v1.1/swordv2/edit-media/study/doi:TEST/12345
 
 Display a dataset atom entry
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/datadeposit/SWORDv2MediaResourceServlet.java b/src/main/java/edu/harvard/iq/dataverse/api/datadeposit/SWORDv2MediaResourceServlet.java
@@ -61,6 +61,10 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws S
         try {
             lock.lock();
             mediaResourceManagerImpl.setHttpRequest(req);
+            // Under Payara 5 we could send "Content-Disposition: filename=example.zip"
+            // Under Payara 6 now must send "Content-Disposition: attachment; filename=example.zip"
+            // Otherwise we get "Filename could not be extracted from Content-Disposition: Expected separator ';' instead of '='"
+            // Use req.getHeader("Content-Disposition") to see what the client is sending.
             this.api.post(req, resp);
             mediaResourceManagerImpl.setHttpRequest(null);
         } finally {

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -647,7 +647,7 @@ public static Response uploadFile(String persistentId, String zipfilename, Strin
         Response swordStatementResponse = given()
                 .body(bytes)
                 .header("Packaging", "http://purl.org/net/sword/package/SimpleZip")
-                .header("Content-Disposition", "filename=" + zipfilename)
+                .header("Content-Disposition", "attachment; filename=" + zipfilename)
                 /**
                  * It's unclear why we need to add "preemptive" to auth but
                  * without it we can't use send bytes using the body/content
@@ -674,7 +674,7 @@ public static Response uploadZipFileViaSword(String persistentId, String pathToZ
         Response swordStatementResponse = given()
                 .body(bytes)
                 .header("Packaging", "http://purl.org/net/sword/package/SimpleZip")
-                .header("Content-Disposition", "filename=" + zipfilename)
+                .header("Content-Disposition", "attachment; filename=" + zipfilename)
                 /**
                  * It's unclear why we need to add "preemptive" to auth but
                  * without it we can't use send bytes using the body/content