Migration javax -> jakarta if anyone need it

pom.xml

@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.5.3.0-SNAPSHOT</version>
+    <version>2.5.3.0-SNAPSHOT-JAKARTA</version>
     <packaging>jar</packaging>
 
     <distributionManagement>
@@ -152,24 +152,24 @@
 
     <dependencies>
         <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>javax.servlet-api</artifactId>
-            <version>3.1.0</version>
+            <groupId>jakarta.servlet</groupId>
+            <artifactId>jakarta.servlet-api</artifactId>
+            <version>6.0.0</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
-            <groupId>javax.servlet.jsp</groupId>
-            <artifactId>javax.servlet.jsp-api</artifactId>
-            <version>2.3.3</version>
+            <groupId>jakarta.servlet.jsp</groupId>
+            <artifactId>jakarta.servlet.jsp-api</artifactId>
+            <version>3.1.1</version>
             <scope>provided</scope>
             <!-- Note: Because this dependency is provided, this exclusion doesn't actually do anything.
                  But we include it so the convergence report will report 100% convergence.
                  Deleting this does not cause the convergence check to fail.
             -->
             <exclusions>
                 <exclusion>
-                    <groupId>javax.servlet</groupId>
-                    <artifactId>javax.servlet-api</artifactId>
+                    <groupId>jakarta.servlet</groupId>
+                    <artifactId>jakarta.servlet-api</artifactId>
                 </exclusion>
             </exclusions>
         </dependency>
@@ -229,9 +229,9 @@
             <version>2.6</version>
         </dependency>
         <dependency>
-            <groupId>commons-fileupload</groupId>
-            <artifactId>commons-fileupload</artifactId>
-            <version>1.5</version>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-fileupload2</artifactId>
+            <version>2.0-SNAPSHOT</version>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>

src/examples/java/PersistedEncryptedData.java

@@ -3,7 +3,7 @@
 import org.owasp.esapi.crypto.*;
 import org.owasp.esapi.errors.*;
 import org.owasp.esapi.codecs.*;
-import javax.servlet.ServletRequest;
+import jakarta.servlet.ServletRequest;
 
 /** A slightly more complex example showing encoding encrypted data and writing
  *  it out to a file. This is very similar to the example in the ESAPI User

src/main/java/org/owasp/esapi/Authenticator.java

@@ -18,8 +18,8 @@
 import org.owasp.esapi.errors.AuthenticationException;
 import org.owasp.esapi.errors.EncryptionException;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.util.Set;
 
 
@@ -71,7 +71,7 @@ public interface Authenticator {
     /**
      * Calls login with the *current* request and response.
      * @return Authenticated {@code User} if login is successful.
-     * @see HTTPUtilities#setCurrentHTTP(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+     * @see HTTPUtilities#setCurrentHTTP(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse)
      */
     User login() throws AuthenticationException;
 

src/main/java/org/owasp/esapi/ESAPI.java

@@ -16,8 +16,8 @@
  */
 package org.owasp.esapi;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.owasp.esapi.util.ObjFactory;
 

src/main/java/org/owasp/esapi/HTTPUtilities.java

@@ -17,11 +17,11 @@
 
 import org.owasp.esapi.errors.*;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 import java.io.File;
 import java.io.IOException;
 import java.util.List;
@@ -320,7 +320,7 @@ public interface HTTPUtilities
      * in your <b>ESAPI.properties</b> file.
      * <p/><p>
      * This method uses {@link HTTPUtilities#getCurrentRequest()} to obtain the
-     * {@link javax.servlet.http.HttpServletRequest HttpServletRequest}
+     * {@link jakarta.servlet.http.HttpServletRequest HttpServletRequest}
      * object. If the ESAPI property <b>HttpUtilities.FileUploadAllowAnonymousUser</b> is set to {@code false} (the
      * default is {@code true}), then {@code getFileUploads} will call {@code ESAPI.authenticator().getCurrentUser()}
      * to check if the user is authenticated. If that property is set to {@code false} and a call to that function returns
@@ -708,7 +708,7 @@ public interface HTTPUtilities
     * @param    key
     *           The key that references the session attribute
     * @return   The requested object.
-    * @see      HTTPUtilities#getSessionAttribute(javax.servlet.http.HttpSession, String)
+    * @see      HTTPUtilities#getSessionAttribute(jakarta.servlet.http.HttpSession, String)
     */
     <T> T getSessionAttribute( String key );
 

src/main/java/org/owasp/esapi/User.java

@@ -19,7 +19,7 @@
 import org.owasp.esapi.errors.AuthenticationHostException;
 import org.owasp.esapi.errors.EncryptionException;
 
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpSession;
 import java.io.Serializable;
 import java.security.Principal;
 import java.util.*;

src/main/java/org/owasp/esapi/Validator.java

@@ -23,7 +23,7 @@
 import java.util.List;
 import java.util.Set;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.owasp.esapi.errors.IntrusionException;
 import org.owasp.esapi.errors.ValidationException;

src/main/java/org/owasp/esapi/filters/ClickjackFilter.java

@@ -17,13 +17,13 @@
 package org.owasp.esapi.filters;
 import java.io.IOException;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * The {@code ClickjackFilter} is configured as follows:

src/main/java/org/owasp/esapi/filters/ESAPIFilter.java

@@ -18,14 +18,14 @@
 import java.io.IOException;
 import java.util.Arrays;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.RequestDispatcher;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;

src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java

@@ -17,11 +17,10 @@
 
 import org.owasp.esapi.ESAPI;
 
-import javax.servlet.*;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.*;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
 import java.io.IOException;
-import java.util.Date;
 import java.util.List;
 import java.util.LinkedList;
 

src/main/java/org/owasp/esapi/filters/SecurityWrapper.java

@@ -17,14 +17,14 @@
 
 import java.io.IOException;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
@@ -84,7 +84,7 @@ public class SecurityWrapper implements Filter {
      * @param response
      * @param chain
      * @throws java.io.IOException
-     * @throws javax.servlet.ServletException
+     * @throws jakarta.servlet.ServletException
      */
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
         if (!(request instanceof HttpServletRequest)) {
@@ -127,7 +127,7 @@ public void destroy() {
     /**
      *
      * @param filterConfig
-     * @throws javax.servlet.ServletException
+     * @throws jakarta.servlet.ServletException
      */
     public void init(FilterConfig filterConfig) throws ServletException {
         this.allowableResourcesRoot = StringUtilities.replaceNull( filterConfig.getInitParameter( "allowableResourcesRoot" ), allowableResourcesRoot );

src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java

@@ -25,13 +25,13 @@
 import java.util.Map;
 import java.util.Vector;
 
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.RequestDispatcher;
+import jakarta.servlet.ServletInputStream;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
@@ -528,20 +528,6 @@ public BufferedReader getReader() throws IOException {
         return getHttpServletRequest().getReader();
     }
 
-    // CHECKME: Should this be deprecated since ServletRequest.getRealPath(String)
-    //          is deprecated? Should use ServletContext.getRealPath(String) instead.
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @param path A virtual path on a web or application server; e.g., "/index.htm".
-     * @return Returns a String containing the real path for a given virtual path.
-     * @deprecated in servlet spec 2.1. Use {@link javax.servlet.ServletContext#getRealPath(String)} instead.
-     */
-    @SuppressWarnings({"deprecation"})
-    @Deprecated
-    public String getRealPath(String path) {
-        return getHttpServletRequest().getRealPath(path);
-    }
-
     /**
      * Same as HttpServletRequest, no security changes required.
      * @return Returns the IP address of the client or last proxy that sent the request.
@@ -768,17 +754,6 @@ public boolean isRequestedSessionIdFromCookie() {
         return getHttpServletRequest().isRequestedSessionIdFromCookie();
     }
 
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Whether the requested session id is from the URL
-     * @deprecated in servlet spec 2.1. Use {@link #isRequestedSessionIdFromURL()} instead.
-     */
-    @SuppressWarnings({"deprecation"})
-    @Deprecated
-    public boolean isRequestedSessionIdFromUrl() {
-        return getHttpServletRequest().isRequestedSessionIdFromUrl();
-    }
-
     /**
      * Same as HttpServletRequest, no security changes required.
      * @return Whether the requested session id is from the URL

src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java

@@ -17,10 +17,10 @@
 import java.io.PrintWriter;
 import java.util.Locale;
 
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
+import jakarta.servlet.ServletOutputStream;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponseWrapper;
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;

src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java

@@ -18,8 +18,8 @@
 // Uncomment and use once ESAPI supports Java 8 as the minimal baseline.
 // import java.util.function.Supplier;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.User;

src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java

@@ -18,7 +18,7 @@
 // Uncomment and use once ESAPI supports Java 8 as the minimal baseline.
 // import java.util.function.Supplier;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.owasp.esapi.ESAPI;
 

src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java

@@ -2,9 +2,9 @@
 
 import java.util.Date;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.HTTPUtilities;