Bump com.amazonaws:aws-java-sdk-s3 from 1.12.791 to 1.12.792

Bumps [com.amazonaws:aws-java-sdk-s3](https://github.com/aws/aws-sdk-java) from 1.12.791 to 1.12.792.
- [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-java/compare/1.12.791...1.12.792)

---
updated-dependencies:
- dependency-name: com.amazonaws:aws-java-sdk-s3
  dependency-version: 1.12.792
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

.codecov.yml

@@ -4,13 +4,6 @@
 # Can be validated via instructions at:
 # https://docs.codecov.io/docs/codecov-yaml#validate-your-repository-yaml
 
-# Tell Codecov not to send a coverage notification until (at least) 2 builds are completed
-# Since we run Unit & Integration tests in parallel, this lets Codecov know that coverage
-# needs to be merged across those builds
-codecov:
-  notify:
-    after_n_builds: 2
-
 # Settings related to code coverage analysis
 coverage:
   status:

.dockerignore

@@ -6,6 +6,5 @@ dspace/modules/*/target/
 Dockerfile.*
 dspace/src/main/docker/dspace-postgres-pgcrypto
 dspace/src/main/docker/dspace-postgres-pgcrypto-curl
-dspace/src/main/docker/solr
 dspace/src/main/docker/README.md
 dspace/src/main/docker-compose/

.github/dependabot.yml

@@ -0,0 +1,118 @@
+#-------------------
+# DSpace's dependabot rules. Enables maven updates for all dependencies on a weekly basis
+# for main and any maintenance branches. Security updates only apply to main.
+#-------------------
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    # Allow up to 10 open PRs for dependencies
+    open-pull-requests-limit: 10
+    # Group together some upgrades in a single PR
+    groups:
+      # Group together all Build Tools in a single PR
+      build-tools:
+        applies-to: version-updates
+        patterns:
+        - "org.apache.maven.plugins:*"
+        - "*:*-maven-plugin"
+        - "*:maven-*-plugin"
+        - "com.github.spotbugs:spotbugs"
+        - "com.google.code.findbugs:*"
+        - "com.google.errorprone:*"
+        - "com.puppycrawl.tools:checkstyle"
+        - "org.sonatype.plugins:*"
+        exclude-patterns:
+        # Exclude anything from Spring, as that is in a separate group
+        - "org.springframework.*:*"
+        update-types:
+        - "minor"
+        - "patch"
+      test-tools:
+        applies-to: version-updates
+        patterns:
+        - "junit:*"
+        - "com.github.stefanbirker:system-rules"
+        - "com.h2database:*"
+        - "io.findify:s3mock*"
+        - "io.netty:*"
+        - "org.hamcrest:*"
+        - "org.mock-server:*"
+        - "org.mockito:*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all Apache Commons deps in a single PR
+      apache-commons:
+        applies-to: version-updates
+        patterns:
+        - "org.apache.commons:*"
+        - "commons-*:commons-*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all fasterxml deps in a single PR
+      fasterxml:
+        applies-to: version-updates
+        patterns:
+        - "com.fasterxml:*"
+        - "com.fasterxml.*:*"
+        update-types:
+        - "minor"
+        - "patch"
+       # Group together all Hibernate deps in a single PR
+      hibernate:
+        applies-to: version-updates
+        patterns:
+        - "org.hibernate.*:*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all Jakarta deps in a single PR
+      jakarta:
+        applies-to: version-updates
+        patterns:
+        - "jakarta.*:*"
+        - "org.eclipse.angus:jakarta.mail"
+        - "org.glassfish.jaxb:jaxb-runtime"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all Google deps in a single PR
+      google-apis:
+        applies-to: version-updates
+        patterns:
+        - "com.google.apis:*"
+        - "com.google.api-client:*"
+        - "com.google.http-client:*"
+        - "com.google.oauth-client:*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all Spring deps in a single PR
+      spring:
+        applies-to: version-updates
+        patterns:
+        - "org.springframework:*"
+        - "org.springframework.*:*"
+        update-types:
+        - "minor"
+        - "patch"
+      # Group together all WebJARs deps in a single PR
+      webjars:
+        applies-to: version-updates
+        patterns:
+        - "org.webjars:*"
+        - "org.webjars.*:*"
+        update-types:
+        - "minor"
+        - "patch"
+    ignore:
+      # Don't try to auto-update any DSpace dependencies
+      - dependency-name: "org.dspace:*"
+      - dependency-name: "org.dspace.*:*"
+      # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates.
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]

.github/disabled-workflows/pull_request_opened.yml

@@ -1,26 +0,0 @@
-# This workflow runs whenever a new pull request is created
-# TEMPORARILY DISABLED. Unfortunately this doesn't work for PRs created from forked repositories (which is how we tend to create PRs).
-# There is no known workaround yet. See https://github.community/t/how-to-use-github-token-for-prs-from-forks/16818
-name: Pull Request opened
-
-# Only run for newly opened PRs against the "main" branch
-on: 
-  pull_request:
-    types: [opened]
-    branches: 
-      - main
-
-jobs:
-  automation:
-    runs-on: ubuntu-latest
-    steps:
-    # Assign the PR to whomever created it. This is useful for visualizing assignments on project boards
-    # See https://github.com/marketplace/actions/pull-request-assigner
-    - name: Assign PR to creator
-      uses: thomaseizinger/assign-pr-creator-action@v1.0.0
-      # Note, this authentication token is created automatically
-      # See: https://docs.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-      # Ignore errors. It is possible the PR was created by someone who cannot be assigned
-      continue-on-error: true

.github/pull_request_template.md

@@ -1,7 +1,7 @@
 ## References
 _Add references/links to any related issues or PRs. These may include:_
-* Fixes #[issue-number]
-* Related to [REST Contract](https://github.com/DSpace/Rest7Contract)
+* Fixes #`issue-number` (if this fixes an issue ticket)
+* Related to DSpace/RestContract#`pr-number`  (if a corresponding REST Contract PR exists)
 
 ## Description
 Short summary of changes (1-2 sentences).
@@ -22,5 +22,7 @@ _This checklist provides a reminder of what we are going to look for when review
 - [ ] My PR passes Checkstyle validation based on the [Code Style Guide](https://wiki.lyrasis.org/display/DSPACE/Code+Style+Guide).
 - [ ] My PR includes Javadoc for _all new (or modified) public methods and classes_. It also includes Javadoc for large or complex private methods.
 - [ ] My PR passes all tests and includes new/updated Unit or Integration Tests based on the [Code Testing Guide](https://wiki.lyrasis.org/display/DSPACE/Code+Testing+Guide).
-- [ ] If my PR includes new, third-party dependencies (in any `pom.xml`), I've made sure their licenses align with the [DSpace BSD License](https://github.com/DSpace/DSpace/blob/main/LICENSE) based on the [Licensing of Contributions](https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines#CodeContributionGuidelines-LicensingofContributions) documentation.
-- [ ] If my PR modifies the REST API, I've linked to the REST Contract page (or open PR) related to this change.
+- [ ] If my PR includes new libraries/dependencies (in any `pom.xml`), I've made sure their licenses align with the [DSpace BSD License](https://github.com/DSpace/DSpace/blob/main/LICENSE) based on the [Licensing of Contributions](https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines#CodeContributionGuidelines-LicensingofContributions) documentation.
+- [ ] If my PR modifies REST API endpoints, I've opened a separate [REST Contract](https://github.com/DSpace/RestContract/blob/main/README.md) PR related to this change.
+- [ ] If my PR includes new configurations, I've provided basic technical documentation in the PR itself.
+- [ ] If my PR fixes an issue ticket, I've [linked them together](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue).

.github/workflows/build.yml

@@ -6,6 +6,9 @@ name: Build
 # Run this Build for all pushes / PRs to current branch
 on: [push, pull_request]
 
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+
 jobs:
   tests:
     runs-on: ubuntu-latest
@@ -42,24 +45,15 @@ jobs:
     steps:
       # https://github.com/actions/checkout
       - name: Checkout codebase
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       # https://github.com/actions/setup-java
       - name: Install JDK ${{ matrix.java }}
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v4
         with:
           java-version: ${{ matrix.java }}
           distribution: 'temurin'
-
-      # https://github.com/actions/cache
-      - name: Cache Maven dependencies
-        uses: actions/cache@v2
-        with:
-          # Cache entire ~/.m2/repository
-          path: ~/.m2/repository
-          # Cache key is hash of all pom.xml files. Therefore any changes to POMs will invalidate cache
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-maven-
+          cache: 'maven'
 
       # Run parallel Maven builds based on the above 'strategy.matrix'
       - name: Run Maven ${{ matrix.type }}
@@ -71,11 +65,48 @@ jobs:
       # (This artifact is downloadable at the bottom of any job's summary page)
       - name: Upload Results of ${{ matrix.type }} to Artifact
         if: ${{ failure() }}
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.type }} results
           path: ${{ matrix.resultsdir }}
 
-      # https://github.com/codecov/codecov-action
+      # Upload code coverage report to artifact, so that it can be shared with the 'codecov' job (see below)
+      - name: Upload code coverage report to Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.type }} coverage report
+          path: 'dspace/target/site/jacoco-aggregate/jacoco.xml'
+          retention-days: 14
+
+  # Codecov upload is a separate job in order to allow us to restart this separate from the entire build/test
+  # job above. This is necessary because Codecov uploads seem to randomly fail at times.
+  # See https://community.codecov.com/t/upload-issues-unable-to-locate-build-via-github-actions-api/3954
+  codecov:
+    # Must run after 'tests' job above
+    needs: tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # Download artifacts from previous 'tests' job
+      - name: Download coverage artifacts
+        uses: actions/download-artifact@v4
+
+      # Now attempt upload to Codecov using its action.
+      # NOTE: We use a retry action to retry the Codecov upload if it fails the first time.
+      #
+      # Retry action: https://github.com/marketplace/actions/retry-action
+      # Codecov action: https://github.com/codecov/codecov-action
       - name: Upload coverage to Codecov.io
-        uses: codecov/codecov-action@v2
+        uses: Wandalen/wretry.action@v1.3.0
+        with:
+          action: codecov/codecov-action@v4
+          # Ensure codecov-action throws an error when it fails to upload
+          with: |
+            fail_ci_if_error: true
+            token: ${{ secrets.CODECOV_TOKEN }}
+          # Try re-running action 5 times max
+          attempt_limit: 5
+          # Run again in 30 seconds
+          attempt_delay: 30000

.github/workflows/codescan.yml

@@ -0,0 +1,63 @@
+# DSpace CodeQL code scanning configuration for GitHub
+# https://docs.github.com/en/code-security/code-scanning
+#
+# NOTE: Code scanning must be run separate from our default build.yml
+# because CodeQL requires a fresh build with all tests *disabled*.
+name: "Code Scanning"
+
+# Run this code scan for all pushes / PRs to main or maintenance branches. Also run once a week.
+on:
+  push:
+    branches:
+      - main
+      - 'dspace-**'
+  pull_request:
+    branches:
+      - main
+      - 'dspace-**'
+    # Don't run if PR is only updating static documentation
+    paths-ignore:
+      - '**/*.md'
+      - '**/*.txt'
+  schedule:
+    - cron: "37 0 * * 1"
+
+jobs:
+  analyze:
+    name: Analyze Code
+    runs-on: ubuntu-latest
+    # Limit permissions of this GitHub action. Can only write to security-events
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      # https://github.com/actions/checkout
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # https://github.com/actions/setup-java
+      - name: Install JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: 11
+          distribution: 'temurin'
+
+      # Initializes the CodeQL tools for scanning.
+      # https://github.com/github/codeql-action
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          # Codescan Javascript as well since a few JS files exist in REST API's interface
+          languages: java, javascript
+
+      # Autobuild attempts to build any compiled languages
+      # NOTE: Based on testing, this autobuild process works well for DSpace. A custom
+      # DSpace build w/caching (like in build.yml) was about the same speed as autobuild.
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      # Perform GitHub Code Scanning.
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3

.github/workflows/docker.yml

@@ -3,6 +3,7 @@ name: Docker images
 
 # Run this Build for all pushes to 'main' or maintenance branches, or tagged releases.
 # Also run for PRs to ensure PR doesn't break Docker build process
+# NOTE: uses "reusable-docker-build.yml" to actually build each of the Docker images.
 on:
   push:
     branches:
@@ -12,158 +13,249 @@ on:
       - 'dspace-**'
   pull_request:
 
+permissions:
+  contents: read  #  to fetch code (actions/checkout)
+  packages: write #  to write images to GitHub Container Registry (GHCR)
+
 jobs:
-  docker:
+  ####################################################
+  # Build/Push the 'dspace/dspace-dependencies' image.
+  # This image is used by all other DSpace build jobs.
+  ####################################################
+  dspace-dependencies:
+    # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace'
+    if: github.repository == 'dspace/dspace'
+    uses: ./.github/workflows/reusable-docker-build.yml
+    with:
+      build_id: dspace-dependencies
+      image_name: dspace/dspace-dependencies
+      dockerfile_path: ./Dockerfile.dependencies
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+
+  #######################################
+  # Build/Push the 'dspace/dspace' image
+  #######################################
+  dspace:
+    # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace'
+    if: github.repository == 'dspace/dspace'
+    # Must run after 'dspace-dependencies' job above
+    needs: dspace-dependencies
+    uses: ./.github/workflows/reusable-docker-build.yml
+    with:
+      build_id: dspace-prod
+      image_name: dspace/dspace
+      dockerfile_path: ./Dockerfile
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+      # Enable redeploy of sandbox & demo if the branch for this image matches the deployment branch of
+      # these sites as specified in reusable-docker-build.xml
+      REDEPLOY_SANDBOX_URL: ${{ secrets.REDEPLOY_SANDBOX_URL }}
+      REDEPLOY_DEMO_URL: ${{ secrets.REDEPLOY_DEMO_URL }}
+
+  #############################################################
+  # Build/Push the 'dspace/dspace' image ('-test' tag)
+  #############################################################
+  dspace-test:
+    # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace'
+    if: github.repository == 'dspace/dspace'
+    # Must run after 'dspace-dependencies' job above
+    needs: dspace-dependencies
+    uses: ./.github/workflows/reusable-docker-build.yml
+    with:
+      build_id: dspace-test
+      image_name: dspace/dspace
+      dockerfile_path: ./Dockerfile.test
+      # As this is a test/development image, its tags are all suffixed with "-test". Otherwise, it uses the same
+      # tagging logic as the primary 'dspace/dspace' image above.
+      tags_flavor: suffix=-test
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+
+  ###########################################
+  # Build/Push the 'dspace/dspace-cli' image
+  ###########################################
+  dspace-cli:
+    # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace'
+    if: github.repository == 'dspace/dspace'
+    # Must run after 'dspace-dependencies' job above
+    needs: dspace-dependencies
+    uses: ./.github/workflows/reusable-docker-build.yml
+    with:
+      build_id: dspace-cli
+      image_name: dspace/dspace-cli
+      dockerfile_path: ./Dockerfile.cli
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+
+  ###########################################
+  # Build/Push the 'dspace/dspace-solr' image
+  ###########################################
+  dspace-solr:
+    # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace'
+    if: github.repository == 'dspace/dspace'
+    uses: ./.github/workflows/reusable-docker-build.yml
+    with:
+      build_id: dspace-solr
+      image_name: dspace/dspace-solr
+      dockerfile_path: ./dspace/src/main/docker/dspace-solr/Dockerfile
+      # Must pass solrconfigs to the Dockerfile so that it can find the required Solr config files
+      dockerfile_additional_contexts: 'solrconfigs=./dspace/solr/'
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+      # Enable redeploy of sandbox & demo SOLR instance whenever dspace-solr image changes for deployed branch.
+      # These URLs MUST use different secrets than 'dspace/dspace' image build above as they are deployed separately.
+      REDEPLOY_SANDBOX_URL: ${{ secrets.REDEPLOY_SANDBOX_SOLR_URL }}
+      REDEPLOY_DEMO_URL: ${{ secrets.REDEPLOY_DEMO_SOLR_URL }}
+
+  ###########################################################
+  # Build/Push the 'dspace/dspace-postgres-pgcrypto' image
+  ###########################################################
+  dspace-postgres-pgcrypto:
+    # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace'
+    if: github.repository == 'dspace/dspace'
+    uses: ./.github/workflows/reusable-docker-build.yml
+    with:
+      build_id: dspace-postgres-pgcrypto-prod
+      image_name: dspace/dspace-postgres-pgcrypto
+      # Must build out of subdirectory to have access to install script for pgcrypto.
+      # NOTE: this context will build the image based on the Dockerfile in the specified directory
+      dockerfile_context: ./dspace/src/main/docker/dspace-postgres-pgcrypto/
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+
+  ########################################################################
+  # Build/Push the 'dspace/dspace-postgres-pgcrypto' image (-loadsql tag)
+  ########################################################################
+  dspace-postgres-pgcrypto-loadsql:
+    # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace'
+    if: github.repository == 'dspace/dspace'
+    uses: ./.github/workflows/reusable-docker-build.yml
+    with:
+      build_id: dspace-postgres-pgcrypto-loadsql
+      image_name: dspace/dspace-postgres-pgcrypto
+      # Must build out of subdirectory to have access to install script for pgcrypto.
+      # NOTE: this context will build the image based on the Dockerfile in the specified directory
+      dockerfile_context: ./dspace/src/main/docker/dspace-postgres-pgcrypto-curl/
+      # Suffix all tags with "-loadsql". Otherwise, it uses the same
+      # tagging logic as the primary 'dspace/dspace-postgres-pgcrypto' image above.
+      tags_flavor: suffix=-loadsql
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+
+  #################################################################################
+  # Test Deployment via Docker to ensure newly built images are working properly
+  #################################################################################
+  docker-deploy:
     # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace'
     if: github.repository == 'dspace/dspace'
     runs-on: ubuntu-latest
+    # Must run after all major images are built
+    needs: [dspace, dspace-test, dspace-cli, dspace-postgres-pgcrypto, dspace-solr]
     env:
-      # Define tags to use for Docker images based on Git tags/branches (for docker/metadata-action)
-      # For a new commit on default branch (main), use the literal tag 'dspace-7_x' on Docker image.
-      # For a new commit on other branches, use the branch name as the tag for Docker image.
-      # For a new tag, copy that tag name as the tag for Docker image.
-      IMAGE_TAGS: |
-        type=raw,value=dspace-7_x,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }}
-        type=ref,event=branch,enable=${{ !endsWith(github.ref, github.event.repository.default_branch) }}
-        type=ref,event=tag
-      # Define default tag "flavor" for docker/metadata-action per
-      # https://github.com/docker/metadata-action#flavor-input
-      # We turn off 'latest' tag by default.
-      TAGS_FLAVOR: |
-        latest=false
-      # Architectures / Platforms for which we will build Docker images
-      # If this is a PR, we ONLY build for AMD64. For PRs we only do a sanity check test to ensure Docker builds work.
-      # If this is NOT a PR (e.g. a tag or merge commit), also build for ARM64. NOTE: The ARM64 build takes MUCH
-      # longer (around 45mins or so) which is why we only run it when pushing a new Docker image.
-      PLATFORMS: linux/amd64${{ github.event_name != 'pull_request' && ', linux/arm64' || '' }}
-
+      # Override defaults dspace.server.url because backend starts at http://127.0.0.1:8080
+      dspace__P__server__P__url: http://127.0.0.1:8080/server
+      # Enable all optional modules / controllers for this test deployment.
+      # This helps check for errors in deploying these modules via Spring Boot
+      iiif__P__enabled: true
+      oai__P__enabled: true
+      rdf__P__enabled: true
+      signposting__P__enabled: true
+      sword__D__server__P__enabled: true
+      swordv2__D__server__P__enabled: true
+      # If this is a PR against main (default branch), use "latest".
+      # Else if this is a PR against a different branch, used the base branch name.
+      # Else if this is a commit on main (default branch), use the "latest" tag.
+      # Else, just use the branch name.
+      # NOTE: DSPACE_VER is used because our docker compose scripts default to using the "-test" image.
+      DSPACE_VER: ${{ (github.event_name == 'pull_request' && github.event.pull_request.base.ref == github.event.repository.default_branch && 'latest') || (github.event_name == 'pull_request' && github.event.pull_request.base.ref) || (github.ref_name == github.event.repository.default_branch && 'latest') || github.ref_name }}
+      # Docker Registry to use for Docker compose scripts below.
+      # We use GitHub's Container Registry to avoid aggressive rate limits at DockerHub.
+      DOCKER_REGISTRY: ghcr.io
     steps:
-      # https://github.com/actions/checkout
+      # Checkout our codebase (to get access to Docker Compose scripts)
       - name: Checkout codebase
-        uses: actions/checkout@v2
-
-      # https://github.com/docker/setup-buildx-action
-      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v1
-
-      # https://github.com/docker/setup-qemu-action
-      - name: Set up QEMU emulation to build for multiple architectures
-        uses: docker/setup-qemu-action@v2
-
-      # https://github.com/docker/login-action
-      - name: Login to DockerHub
-        # Only login if not a PR, as PRs only trigger a Docker build and not a push
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: actions/checkout@v4
+      # Download Docker image artifacts (which were just built by reusable-docker-build.yml)
+      - name: Download Docker image artifacts
+        uses: actions/download-artifact@v4
         with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
-
-      ####################################################
-      # Build/Push the 'dspace/dspace-dependencies' image
-      ####################################################
-      # https://github.com/docker/metadata-action
-      # Get Metadata for docker_build_deps step below
-      - name: Sync metadata (tags, labels) from GitHub to Docker for 'dspace-dependencies' image
-        id: meta_build_deps
-        uses: docker/metadata-action@v3
-        with:
-          images: dspace/dspace-dependencies
-          tags: ${{ env.IMAGE_TAGS }}
-          flavor: ${{ env.TAGS_FLAVOR }}
-
-      # https://github.com/docker/build-push-action
-      - name: Build and push 'dspace-dependencies' image
-        id: docker_build_deps
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          file: ./Dockerfile.dependencies
-          platforms: ${{ env.PLATFORMS }}
-          # For pull requests, we run the Docker build (to ensure no PR changes break the build),
-          # but we ONLY do an image push to DockerHub if it's NOT a PR
-          push: ${{ github.event_name != 'pull_request' }}
-          # Use tags / labels provided by 'docker/metadata-action' above
-          tags: ${{ steps.meta_build_deps.outputs.tags }}
-          labels: ${{ steps.meta_build_deps.outputs.labels }}
-
-      #######################################
-      # Build/Push the 'dspace/dspace' image
-      #######################################
-      # Get Metadata for docker_build step below
-      - name: Sync metadata (tags, labels) from GitHub to Docker for 'dspace' image
-        id: meta_build
-        uses: docker/metadata-action@v3
-        with:
-          images: dspace/dspace
-          tags: ${{ env.IMAGE_TAGS }}
-          flavor: ${{ env.TAGS_FLAVOR }}
-
-      - name: Build and push 'dspace' image
-        id: docker_build
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          file: ./Dockerfile
-          platforms: ${{ env.PLATFORMS }}
-          # For pull requests, we run the Docker build (to ensure no PR changes break the build),
-          # but we ONLY do an image push to DockerHub if it's NOT a PR
-          push: ${{ github.event_name != 'pull_request' }}
-          # Use tags / labels provided by 'docker/metadata-action' above
-          tags: ${{ steps.meta_build.outputs.tags }}
-          labels: ${{ steps.meta_build.outputs.labels }}
-
-      #####################################################
-      # Build/Push the 'dspace/dspace' image ('-test' tag)
-      #####################################################
-      # Get Metadata for docker_build_test step below
-      - name: Sync metadata (tags, labels) from GitHub to Docker for 'dspace-test' image
-        id: meta_build_test
-        uses: docker/metadata-action@v3
-        with:
-          images: dspace/dspace
-          tags: ${{ env.IMAGE_TAGS }}
-          # As this is a test/development image, its tags are all suffixed with "-test". Otherwise, it uses the same
-          # tagging logic as the primary 'dspace/dspace' image above.
-          flavor: ${{ env.TAGS_FLAVOR }}
-            suffix=-test
-
-      - name: Build and push 'dspace-test' image
-        id: docker_build_test
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          file: ./Dockerfile.test
-          platforms: ${{ env.PLATFORMS }}
-          # For pull requests, we run the Docker build (to ensure no PR changes break the build),
-          # but we ONLY do an image push to DockerHub if it's NOT a PR
-          push: ${{ github.event_name != 'pull_request' }}
-          # Use tags / labels provided by 'docker/metadata-action' above
-          tags: ${{ steps.meta_build_test.outputs.tags }}
-          labels: ${{ steps.meta_build_test.outputs.labels }}
-
-      ###########################################
-      # Build/Push the 'dspace/dspace-cli' image
-      ###########################################
-      # Get Metadata for docker_build_test step below
-      - name: Sync metadata (tags, labels) from GitHub to Docker for 'dspace-cli' image
-        id: meta_build_cli
-        uses: docker/metadata-action@v3
-        with:
-          images: dspace/dspace-cli
-          tags: ${{ env.IMAGE_TAGS }}
-          flavor: ${{ env.TAGS_FLAVOR }}
-
-      - name: Build and push 'dspace-cli' image
-        id: docker_build_cli
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          file: ./Dockerfile.cli
-          platforms: ${{ env.PLATFORMS }}
-          # For pull requests, we run the Docker build (to ensure no PR changes break the build),
-          # but we ONLY do an image push to DockerHub if it's NOT a PR
-          push: ${{ github.event_name != 'pull_request' }}
-          # Use tags / labels provided by 'docker/metadata-action' above
-          tags: ${{ steps.meta_build_cli.outputs.tags }}
-          labels: ${{ steps.meta_build_cli.outputs.labels }}
+          # Download all amd64 Docker images (TAR files) into the /tmp/docker directory
+          pattern: docker-image-*-linux-amd64
+          path: /tmp/docker
+          merge-multiple: true
+      # Load each of the images into Docker by calling "docker image load" for each.
+      # This ensures we are using the images just built & not any prior versions on DockerHub
+      - name: Load all downloaded Docker images
+        run: |
+          find /tmp/docker -type f -name "*.tar" -exec docker image load --input "{}" \;
+          docker image ls -a
+      # Start backend using our compose script in the codebase.
+      - name: Start backend in Docker
+        run: |
+          docker compose -f docker-compose.yml up -d
+          sleep 10
+          docker container ls
+      # Create a test admin account. Load test data from a simple set of AIPs as defined in cli.ingest.yml
+      - name: Load test data into Backend
+        run: |
+          docker compose -f docker-compose-cli.yml run --rm dspace-cli create-administrator -e test@test.edu -f admin -l user -p admin -c en
+          docker compose -f docker-compose-cli.yml -f dspace/src/main/docker-compose/cli.ingest.yml run --rm dspace-cli
+      # Verify backend started successfully.
+      # 1. Make sure root endpoint is responding (check for dspace.name defined in docker-compose.yml)
+      # 2. Also check /collections endpoint to ensure the test data loaded properly (check for a collection name in AIPs)
+      - name: Verify backend is responding properly
+        run: |
+          result=$(wget -O- -q http://127.0.0.1:8080/server/api)
+          echo "$result"
+          echo "$result" |  grep -oE "\"DSpace Started with Docker Compose\","
+          result=$(wget -O- -q http://127.0.0.1:8080/server/api/core/collections)
+          echo "$result"
+          echo "$result" |  grep -oE "\"Dog in Yard\","
+      # Verify basic backend logging is working.
+      # 1. Access the top communities list. Verify that the "Before request" INFO statement is logged
+      # 2. Access an invalid endpoint (and ignore 404 response). Verify that a "status:404" WARN statement is logged
+      - name: Verify backend is logging properly
+        run: |
+          wget -O/dev/null -q http://127.0.0.1:8080/server/api/core/communities/search/top
+          logs=$(docker compose -f docker-compose.yml logs -n 5 dspace)
+          echo "$logs"
+          echo "$logs" | grep -o "Before request \[GET /server/api/core/communities/search/top\]"
+          wget -O/dev/null -q http://127.0.0.1:8080/server/api/does/not/exist || true
+          logs=$(docker compose -f docker-compose.yml logs -n 5 dspace)
+          echo "$logs"
+          echo "$logs" | grep -o "status:404 exception: The repository type does.not was not found"
+      # Verify Handle Server can be stared and is working properly
+      # 1. First generate the "[dspace]/handle-server" folder with the sitebndl.zip
+      # 2. Start the Handle Server (and wait 20 seconds to let it start up)
+      # 3. Verify logs do NOT include "Exception" in the text (as that means an error occurred)
+      # 4. Check that Handle Proxy HTML page is responding on default port (8000)
+      - name: Verify Handle Server is working properly
+        run: |
+          docker exec -i dspace /dspace/bin/make-handle-config
+          echo "Starting Handle Server..."
+          docker exec -i dspace /dspace/bin/start-handle-server
+          sleep 20
+          echo "Checking for errors in error.log"
+          result=$(docker exec -i dspace sh -c "cat /dspace/handle-server/logs/error.log* || echo ''")
+          echo "$result"
+          echo "$result" | grep -vqz "Exception"
+          echo "Checking for errors in handle-server.log..."
+          result=$(docker exec -i dspace cat /dspace/log/handle-server.log)
+          echo "$result"
+          echo "$result" | grep -vqz "Exception"
+          echo "Checking to see if Handle Proxy webpage is available..."
+          result=$(wget -O- -q http://127.0.0.1:8000/)
+          echo "$result"
+          echo "$result" | grep -oE "Handle Proxy"
+      # Shutdown our containers
+      - name: Shutdown Docker containers
+        run: |
+          docker compose -f docker-compose.yml down

.github/workflows/issue_opened.yml

@@ -5,25 +5,22 @@ on:
   issues:
     types: [opened]
 
+permissions: {}
 jobs:
   automation:
     runs-on: ubuntu-latest
     steps:
     # Add the new issue to a project board, if it needs triage
-    # See https://github.com/marketplace/actions/create-project-card-action
-    - name: Add issue to project board
+    # See https://github.com/actions/add-to-project
+    - name: Add issue to triage board
       # Only add to project board if issue is flagged as "needs triage" or has no labels
       # NOTE: By default we flag new issues as "needs triage" in our issue template
       if: (contains(github.event.issue.labels.*.name, 'needs triage') || join(github.event.issue.labels.*.name) == '')
-      uses: technote-space/create-project-card-action@v1
+      uses: actions/add-to-project@v1.0.0
       # Note, the authentication token below is an ORG level Secret. 
-      # It must be created/recreated manually via a personal access token with "public_repo" and "admin:org" permissions
+      # It must be created/recreated manually via a personal access token with admin:org, project, public_repo permissions
       # See: https://docs.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token#permissions-for-the-github_token
       # This is necessary because the "DSpace Backlog" project is an org level project (i.e. not repo specific)
       with:
-        GITHUB_TOKEN: ${{ secrets.ORG_PROJECT_TOKEN }}
-        PROJECT: DSpace Backlog
-        COLUMN: Triage
-        CHECK_ORG_PROJECT: true
-      # Ignore errors.
-      continue-on-error: true
+        github-token: ${{ secrets.TRIAGE_PROJECT_TOKEN }}
+        project-url: https://github.com/orgs/DSpace/projects/24

.github/workflows/label_merge_conflicts.yml

@@ -1,25 +1,39 @@
 # This workflow checks open PRs for merge conflicts and labels them when conflicts are found
 name: Check for merge conflicts
 
-# Run whenever the "main" branch is updated
-# NOTE: This means merge conflicts are only checked for when a PR is merged to main.
+# Run this for all pushes (i.e. merges) to 'main' or maintenance branches
 on:
   push:
     branches:
       - main
+      - 'dspace-**'
+  # So that the `conflict_label_name` is removed if conflicts are resolved,
+  # we allow this to run for `pull_request_target` so that github secrets are available.
+  pull_request_target:
+    types: [ synchronize ]
+
+permissions: {}
 
 jobs:
   triage:
+    # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace'
+    if: github.repository == 'dspace/dspace'
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
     steps:
-      # See: https://github.com/mschilde/auto-label-merge-conflicts/
+      # See: https://github.com/prince-chrismc/label-merge-conflicts-action
       - name: Auto-label PRs with merge conflicts
-        uses: mschilde/auto-label-merge-conflicts@v2.0
+        uses: prince-chrismc/label-merge-conflicts-action@v3
+        # Ignore any failures -- may occur (randomly?) for older, outdated PRs.
+        continue-on-error: true
         # Add "merge conflict" label if a merge conflict is detected. Remove it when resolved.
         # Note, the authentication token is created automatically
         # See: https://docs.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token
         with:
-          CONFLICT_LABEL_NAME: 'merge conflict'
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        # Ignore errors
-        continue-on-error: true
+          conflict_label_name: 'merge conflict'
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          conflict_comment: |
+            Hi @${author},
+            Conflicts have been detected against the base branch.
+            Please [resolve these conflicts](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/addressing-merge-conflicts/about-merge-conflicts) as soon as you can. Thanks!

.github/workflows/port_merged_pull_request.yml

@@ -0,0 +1,46 @@
+# This workflow will attempt to port a merged pull request to
+# the branch specified in a "port to" label (if exists)
+name: Port merged Pull Request
+
+# Only run for merged PRs against the "main" or maintenance branches
+# We allow this to run for `pull_request_target` so that github secrets are available
+# (This is required when the PR comes from a forked repo)
+on:
+  pull_request_target:
+    types: [ closed ]
+    branches:
+      - main
+      - 'dspace-**'
+
+permissions:
+  contents: write      # so action can add comments
+  pull-requests: write # so action can create pull requests
+
+jobs:
+  port_pr:
+    runs-on: ubuntu-latest
+    # Don't run on closed *unmerged* pull requests
+    if: github.event.pull_request.merged
+    steps:
+      # Checkout code
+      - uses: actions/checkout@v4
+      # Port PR to other branch (ONLY if labeled with "port to")
+      # See https://github.com/korthout/backport-action
+      - name: Create backport pull requests
+        uses: korthout/backport-action@v2
+        with:
+          # Trigger based on a "port to [branch]" label on PR
+          # (This label must specify the branch name to port to)
+          label_pattern: '^port to ([^ ]+)$'
+          # Title to add to the (newly created) port PR
+          pull_title: '[Port ${target_branch}] ${pull_title}'
+          # Description to add to the (newly created) port PR
+          pull_description: 'Port of #${pull_number} by @${pull_author} to `${target_branch}`.'
+          # Copy all labels from original PR to (newly created) port PR
+          # NOTE: The labels matching 'label_pattern' are automatically excluded
+          copy_labels_pattern: '.*'
+          # Skip any merge commits in the ported PR. This means only non-merge commits are cherry-picked to the new PR
+          merge_commits: 'skip'
+          # Use a personal access token (PAT) to create PR as 'dspace-bot' user.
+          # A PAT is required in order for the new PR to trigger its own actions (for CI checks)
+          github_token: ${{ secrets.PR_PORT_TOKEN }}

.github/workflows/pull_request_opened.yml

@@ -0,0 +1,24 @@
+# This workflow runs whenever a new pull request is created
+name: Pull Request opened
+
+# Only run for newly opened PRs against the "main" or maintenance branches
+# We allow this to run for `pull_request_target` so that github secrets are available
+# (This is required to assign a PR back to the creator when the PR comes from a forked repo)
+on:
+  pull_request_target:
+    types: [ opened ]
+    branches:
+      - main
+      - 'dspace-**'
+
+permissions:
+  pull-requests: write
+
+jobs:
+  automation:
+    runs-on: ubuntu-latest
+    steps:
+    # Assign the PR to whomever created it. This is useful for visualizing assignments on project boards
+    # See https://github.com/toshimaru/auto-author-assign
+    - name: Assign PR to creator
+      uses: toshimaru/auto-author-assign@v2.1.0

.github/workflows/reusable-docker-build.yml

@@ -0,0 +1,354 @@
+#
+# DSpace's reusable Docker build/push workflow.
+#
+# This is used by docker.yml for all Docker image builds
+name: Reusable DSpace Docker Build
+
+on:
+  workflow_call:
+    # Possible Inputs to this reusable job
+    inputs:
+      # Build name/id for this Docker build. Used for digest storage to avoid digest overlap between builds.
+      build_id:
+        required: true
+        type: string
+      # Requires the image name to build (e.g dspace/dspace-test)
+      image_name:
+        required: true
+        type: string
+      # Optionally the path to the Dockerfile to use for the build. (Default is [dockerfile_context]/Dockerfile)
+      dockerfile_path:
+        required: false
+        type: string
+      # Optionally the context directory to build the Dockerfile within. Defaults to "." (current directory)
+      dockerfile_context:
+        required: false
+        type: string
+        default: '.'
+      # Optionally a list of "additional_contexts" to pass to Dockerfile. Defaults to empty
+      dockerfile_additional_contexts:
+        required: false
+        type: string
+        default: ''
+      # If Docker image should have additional tag flavor details (e.g. a suffix), it may be passed in.
+      tags_flavor:
+        required: false
+        type: string
+    secrets:
+      # Requires that Docker login info be passed in as secrets.
+      DOCKER_USERNAME:
+        required: true
+      DOCKER_ACCESS_TOKEN:
+        required: true
+      # These URL secrets are optional. When specified & branch checks match, the redeployment code below will trigger.
+      # Therefore builds which need to trigger redeployment MUST specify these URLs. All others should leave them empty.
+      REDEPLOY_SANDBOX_URL:
+        required: false
+      REDEPLOY_DEMO_URL:
+        required: false
+
+# Define shared default settings as environment variables
+env:
+  IMAGE_NAME: ${{ inputs.image_name }}
+  # Define tags to use for Docker images based on Git tags/branches (for docker/metadata-action)
+  # For a new commit on default branch (main), use the literal tag 'latest' on Docker image.
+  # For a new commit on other branches, use the branch name as the tag for Docker image.
+  # For a new tag, copy that tag name as the tag for Docker image.
+  # For a pull request, use the name of the base branch that the PR was created against or "latest" (for main).
+  #   e.g. PR against 'main' will use "latest". a PR against 'dspace-7_x' will use 'dspace-7_x'.
+  IMAGE_TAGS: |
+    type=raw,value=latest,enable=${{ github.ref_name == github.event.repository.default_branch }}
+    type=ref,event=branch,enable=${{ github.ref_name != github.event.repository.default_branch }}
+    type=ref,event=tag
+    type=raw,value=${{ (github.event.pull_request.base.ref == github.event.repository.default_branch && 'latest') || github.event.pull_request.base.ref }},enable=${{ github.event_name == 'pull_request' }}
+  # Define default tag "flavor" for docker/metadata-action per
+  # https://github.com/docker/metadata-action#flavor-input
+  # We manage the 'latest' tag ourselves to the 'main' branch (see settings above)
+  TAGS_FLAVOR: |
+    latest=false
+    ${{ inputs.tags_flavor }}
+  # When these URL variables are specified & required branch matches, then the sandbox or demo site will be redeployed.
+  # See "Redeploy" steps below for more details.
+  REDEPLOY_SANDBOX_URL: ${{ secrets.REDEPLOY_SANDBOX_URL }}
+  REDEPLOY_DEMO_URL: ${{ secrets.REDEPLOY_DEMO_URL }}
+  # Current DSpace maintenance branch (and architecture) which is deployed to demo.dspace.org / sandbox.dspace.org
+  # (NOTE: No deployment branch specified for sandbox.dspace.org as it uses the default_branch)
+  DEPLOY_DEMO_BRANCH: 'dspace-9_x'
+  DEPLOY_SANDBOX_BRANCH: 'main'
+  DEPLOY_ARCH: 'linux/amd64'
+  # Registry used during building of Docker images. (All images are later copied to docker.io registry)
+  # We use GitHub's Container Registry to avoid aggressive rate limits at DockerHub.
+  DOCKER_BUILD_REGISTRY: ghcr.io
+
+jobs:
+  docker-build:
+
+    strategy:
+      matrix:
+        # Architectures / Platforms for which we will build Docker images
+        arch: [ 'linux/amd64', 'linux/arm64' ]
+        isPr:
+          - ${{ github.event_name == 'pull_request' }}
+        # If this is a PR, we ONLY build for AMD64. For PRs we only do a sanity check test to ensure Docker builds work.
+        # The below exclude therefore ensures we do NOT build ARM64 for PRs.
+        exclude:
+          - isPr: true
+            arch: linux/arm64
+
+    # If ARM64, then use the Ubuntu ARM64 runner. Otherwise, use the Ubuntu AMD64 runner
+    runs-on: ${{ matrix.arch == 'linux/arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
+
+    steps:
+      # This step converts the slashes in the "arch" matrix values above into dashes & saves to env.ARCH_NAME
+      # E.g. "linux/amd64" becomes "linux-amd64"
+      # This is necessary because all upload artifacts CANNOT have special chars (like slashes)
+      # NOTE: The regex-like syntax below is Bash Parameter Substitution
+      - name: Prepare
+        run: |
+          platform=${{ matrix.arch }}
+          echo "ARCH_NAME=${platform//\//-}" >> $GITHUB_ENV
+
+      # https://github.com/actions/checkout
+      - name: Checkout codebase
+        uses: actions/checkout@v4
+
+      # https://github.com/docker/login-action
+      # NOTE: This login occurs for BOTH non-PRs or PRs. PRs *must* also login to access private images from GHCR
+      # during the build process
+      - name: Login to ${{ env.DOCKER_BUILD_REGISTRY }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.DOCKER_BUILD_REGISTRY }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # https://github.com/docker/setup-buildx-action
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # https://github.com/docker/metadata-action
+      # Extract metadata used for Docker images in all build steps below
+      - name: Extract metadata (tags, labels) from GitHub for Docker image
+        id: meta_build
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.DOCKER_BUILD_REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: ${{ env.IMAGE_TAGS }}
+          flavor: ${{ env.TAGS_FLAVOR }}
+
+      #--------------------------------------------------------------------
+      # First, for all branch commits (non-PRs) we build the image & upload
+      # to GitHub Container Registry (GHCR). After uploading the image
+      # to GHCR, we store the image digest in an artifact, so we can
+      # create a merged manifest later (see 'docker-build_manifest' job).
+      #
+      # NOTE: We use GHCR in order to avoid aggressive rate limits at DockerHub.
+      #--------------------------------------------------------------------
+      # https://github.com/docker/build-push-action
+      - name: Build and push image to ${{ env.DOCKER_BUILD_REGISTRY }}
+        if: ${{ ! matrix.isPr }}
+        id: docker_build
+        uses: docker/build-push-action@v5
+        with:
+          build-contexts: |
+            ${{ inputs.dockerfile_additional_contexts }}
+          context: ${{ inputs.dockerfile_context }}
+          file: ${{ inputs.dockerfile_path }}
+          # Tell DSpace's Docker files to use the build registry instead of DockerHub
+          build-args:
+            DOCKER_REGISTRY=${{ env.DOCKER_BUILD_REGISTRY }}
+          platforms: ${{ matrix.arch }}
+          push: true
+          # Use tags / labels provided by 'docker/metadata-action' above
+          tags: ${{ steps.meta_build.outputs.tags }}
+          labels: ${{ steps.meta_build.outputs.labels }}
+          # Use GitHub cache to load cached Docker images and cache the results of this build
+          # This decreases the number of images we need to fetch from DockerHub
+          cache-from: type=gha,scope=${{ inputs.build_id }}
+          cache-to: type=gha,scope=${{ inputs.build_id }},mode=min
+
+      # Export the digest of Docker build locally
+      - name: Export Docker build digest
+        if: ${{ ! matrix.isPr }}
+        run: |
+            mkdir -p /tmp/digests
+            digest="${{ steps.docker_build.outputs.digest }}"
+            touch "/tmp/digests/${digest#sha256:}"
+
+      # Upload digest to an artifact, so that it can be used in combined manifest below
+      # (The purpose of the combined manifest is to list both amd64 and arm64 builds under same tag)
+      - name: Upload Docker build digest to artifact
+        if: ${{ ! matrix.isPr }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ inputs.build_id }}-${{ env.ARCH_NAME }}
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+      #------------------------------------------------------------------------------
+      # Second, we build the image again in order to store it in a local TAR file.
+      # This TAR of the image is cached/saved as an artifact, so that it can be used
+      # by later jobs to install the brand-new images for automated testing.
+      # This TAR build is performed BOTH for PRs and for branch commits (non-PRs).
+      #
+      # (This approach has the advantage of avoiding having to download the newly built
+      # image from DockerHub or GHCR during automated testing.)
+      #
+      # See the 'docker-deploy' job in docker.yml as an example of where this TAR is used.
+      #-------------------------------------------------------------------------------
+      # Build local image (again) and store in a TAR file in /tmp directory
+      # This step is only done for AMD64, as that's the only image we use in our automated testing (at this time).
+      # NOTE: This step cannot be combined with the build above as it's a different type of output.
+      - name: Build and push image to local TAR file
+        if: ${{ matrix.arch == 'linux/amd64'}}
+        uses: docker/build-push-action@v5
+        with:
+          build-contexts: |
+            ${{ inputs.dockerfile_additional_contexts }}
+          context: ${{ inputs.dockerfile_context }}
+          file: ${{ inputs.dockerfile_path }}
+          # Tell DSpace's Docker files to use the build registry instead of DockerHub
+          build-args:
+            DOCKER_REGISTRY=${{ env.DOCKER_BUILD_REGISTRY }}
+          platforms: ${{ matrix.arch }}
+          tags: ${{ steps.meta_build.outputs.tags }}
+          labels: ${{ steps.meta_build.outputs.labels }}
+          # Use GitHub cache to load cached Docker images and cache the results of this build
+          # This decreases the number of images we need to fetch from DockerHub
+          cache-from: type=gha,scope=${{ inputs.build_id }}
+          cache-to: type=gha,scope=${{ inputs.build_id }},mode=min
+          # Export image to a local TAR file
+          outputs: type=docker,dest=/tmp/${{ inputs.build_id }}.tar
+
+      # Upload the local docker image (in TAR file) to a build Artifact
+      # This step is only done for AMD64, as that's the only image we use in our automated testing (at this time).
+      - name: Upload local image TAR to artifact
+        if: ${{ matrix.arch == 'linux/amd64'}}
+        uses: actions/upload-artifact@v4
+        with:
+          name: docker-image-${{ inputs.build_id }}-${{ env.ARCH_NAME }}
+          path: /tmp/${{ inputs.build_id }}.tar
+          if-no-files-found: error
+          retention-days: 1
+
+  ##########################################################################################
+  # Merge Docker digests (from various architectures) into a single manifest.
+  # This runs after all Docker builds complete above. The purpose is to include all builds
+  # under a single manifest for this tag.
+  # (e.g. both linux/amd64 and linux/arm64 should be listed under the same tagged Docker image)
+  ##########################################################################################
+  docker-build_manifest:
+    # Only run if this is NOT a PR
+    if: ${{ github.event_name != 'pull_request' }}
+    runs-on: ubuntu-latest
+    needs:
+      - docker-build
+    steps:
+      - name: Download Docker build digests
+        uses: actions/download-artifact@v4
+        with:
+          path: /tmp/digests
+          # Download digests for both AMD64 and ARM64 into same directory
+          pattern: digests-${{ inputs.build_id }}-*
+          merge-multiple: true
+
+      - name: Login to ${{ env.DOCKER_BUILD_REGISTRY }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.DOCKER_BUILD_REGISTRY }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Add Docker metadata for image
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.DOCKER_BUILD_REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: ${{ env.IMAGE_TAGS }}
+          flavor: ${{ env.TAGS_FLAVOR }}
+
+      - name: Create manifest list from digests and push to ${{ env.DOCKER_BUILD_REGISTRY }}
+        working-directory: /tmp/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+          $(printf '${{ env.DOCKER_BUILD_REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)
+
+      - name: Inspect manifest in ${{ env.DOCKER_BUILD_REGISTRY }}
+        run: |
+          docker buildx imagetools inspect ${{ env.DOCKER_BUILD_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
+
+  ##########################################################################################
+  # Copy images / manifest to DockerHub.
+  # This MUST run after *both* images (AMD64 and ARM64) are built and uploaded to GitHub
+  # Container Registry (GHCR). Attempting to run this in parallel to GHCR builds can result
+  # in a race condition...i.e. the copy to DockerHub may fail if GHCR image has been updated
+  # at the moment when the copy occurs.
+  ##########################################################################################
+  docker-copy_to_dockerhub:
+    # Only run if this is NOT a PR
+    if: ${{ github.event_name != 'pull_request' }}
+    runs-on: ubuntu-latest
+    needs:
+      - docker-build_manifest
+
+    steps:
+      # 'regctl' is used to more easily copy the image to DockerHub and obtain the digest from DockerHub
+      # See https://github.com/regclient/regclient/blob/main/docs/regctl.md
+      - name: Install regctl for Docker registry tools
+        uses: regclient/actions/regctl-installer@main
+        with:
+          release: 'v0.8.0'
+
+      # This recreates Docker tags for DockerHub
+      - name: Add Docker metadata for image
+        id: meta_dockerhub
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.IMAGE_NAME }}
+          tags: ${{ env.IMAGE_TAGS }}
+          flavor: ${{ env.TAGS_FLAVOR }}
+
+      # Login to source registry first, as this is where we are copying *from*
+      - name: Login to ${{ env.DOCKER_BUILD_REGISTRY }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.DOCKER_BUILD_REGISTRY }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Login to DockerHub, since this is where we are copying *to*
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+
+      # Copy the image from source to DockerHub
+      - name: Copy image from ${{ env.DOCKER_BUILD_REGISTRY }} to docker.io
+        run: |
+          regctl image copy ${{ env.DOCKER_BUILD_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta_dockerhub.outputs.version }} docker.io/${{ env.IMAGE_NAME }}:${{ steps.meta_dockerhub.outputs.version }}
+
+      #--------------------------------------------------------------------
+      # Finally, check whether demo.dspace.org or sandbox.dspace.org need
+      # to be redeployed based on these new DockerHub images.
+      #--------------------------------------------------------------------
+      # If this build is for the branch that Sandbox uses and passed in a REDEPLOY_SANDBOX_URL secret,
+      # Then redeploy https://sandbox.dspace.org
+      - name: Redeploy sandbox.dspace.org (based on main branch)
+        if: |
+          env.REDEPLOY_SANDBOX_URL != '' &&
+          github.ref_name == env.DEPLOY_SANDBOX_BRANCH
+        run: |
+          curl -X POST $REDEPLOY_SANDBOX_URL
+      # If this build is for the branch that Demo uses and passed in a REDEPLOY_DEMO_URL secret,
+      # Then redeploy https://demo.dspace.org
+      - name: Redeploy demo.dspace.org (based on maintenance branch)
+        if: |
+          env.REDEPLOY_DEMO_URL != '' &&
+          github.ref_name == env.DEPLOY_DEMO_BRANCH
+        run: |
+          curl -X POST $REDEPLOY_DEMO_URL

.gitignore

@@ -10,6 +10,7 @@ tags
 .project
 .classpath
 .checkstyle
+.factorypath
 
 ## Ignore project files created by IntelliJ IDEA
 *.iml

CONTRIBUTING.md

@@ -0,0 +1,45 @@
+# How to Contribute
+
+DSpace is a community built and supported project. We do not have a centralized development or support team, but have a dedicated group of volunteers who help us improve the software, documentation, resources, etc.
+
+* [Contribute new code via a Pull Request](#contribute-new-code-via-a-pull-request)
+* [Contribute documentation](#contribute-documentation)
+* [Help others on mailing lists or Slack](#help-others-on-mailing-lists-or-slack)
+* [Join a working or interest group](#join-a-working-or-interest-group)
+
+## Contribute new code via a Pull Request
+
+We accept [GitHub Pull Requests (PRs)](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) at any time from anyone.
+Contributors to each release are recognized in our [Release Notes](https://wiki.lyrasis.org/display/DSDOC7x/Release+Notes).
+
+Code Contribution Checklist
+- [ ] PRs _should_ be smaller in size (ideally less than 1,000 lines of code, not including comments & tests)
+- [ ] PRs **must** pass Checkstyle validation based on our [Code Style Guide](https://wiki.lyrasis.org/display/DSPACE/Code+Style+Guide).
+- [ ] PRs **must** include Javadoc for _all new/modified public methods and classes_. Larger private methods should also have Javadoc
+- [ ] PRs **must** pass all automated tests and include new/updated Unit or Integration tests based on our [Code Testing Guide](https://wiki.lyrasis.org/display/DSPACE/Code+Testing+Guide).
+- [ ] If a PR includes new libraries/dependencies (in any `pom.xml`), then their software licenses **must** align with the [DSpace BSD License](https://github.com/DSpace/DSpace/blob/main/LICENSE) based on the [Licensing of Contributions](https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines#CodeContributionGuidelines-LicensingofContributions) documentation.
+- [ ] Basic technical documentation _should_ be provided for any new features or changes to the REST API. REST API changes should be documented in our [Rest Contract](https://github.com/DSpace/RestContract).
+- [ ] If a PR fixes an issue ticket, please [link them together](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue).
+
+Additional details on the code contribution process can be found in our [Code Contribution Guidelines](https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines)
+
+## Contribute documentation
+
+DSpace Documentation is a collaborative effort in a shared Wiki. The latest documentation is at https://wiki.lyrasis.org/display/DSDOC7x 
+
+If you find areas of the DSpace Documentation which you wish to improve, please request a Wiki account by emailing wikihelp@lyrasis.org.
+Once you have an account setup, contact @tdonohue (via [Slack](https://wiki.lyrasis.org/display/DSPACE/Slack) or email) for access to edit our Documentation.
+
+## Help others on mailing lists or Slack
+
+DSpace has our own [Slack](https://wiki.lyrasis.org/display/DSPACE/Slack) community and [Mailing Lists](https://wiki.lyrasis.org/display/DSPACE/Mailing+Lists) where discussions take place and questions are answered.
+Anyone is welcome to join and help others. We just ask you to follow our [Code of Conduct](https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx) (adopted via LYRASIS).
+
+## Join a working or interest group
+
+Most of the work in building/improving DSpace comes via [Working Groups](https://wiki.lyrasis.org/display/DSPACE/DSpace+Working+Groups) or [Interest Groups](https://wiki.lyrasis.org/display/DSPACE/DSpace+Interest+Groups).
+
+All working/interest groups are open to anyone to join and participate.  A few key groups to be aware of include:
+
+* [DSpace 7 Working Group](https://wiki.lyrasis.org/display/DSPACE/DSpace+7+Working+Group) - This is the main (mostly volunteer) development team. We meet weekly to review our current development [project board](https://github.com/orgs/DSpace/projects), assigning tickets and/or PRs.
+* [DSpace Community Advisory Team (DCAT)](https://wiki.lyrasis.org/display/cmtygp/DSpace+Community+Advisory+Team) - This is an interest group for repository managers/administrators. We meet monthly to discuss DSpace, share tips & provide feedback back to developers.

Dockerfile

@@ -6,9 +6,14 @@
 # This Dockerfile uses JDK11 by default, but has also been tested with JDK17.
 # To build with JDK17, use "--build-arg JDK_VERSION=17"
 ARG JDK_VERSION=11
+# The Docker version tag to build from
+ARG DSPACE_VERSION=dspace-7_x
+# The Docker registry to use for DSpace images. Defaults to "docker.io"
+# NOTE: non-DSpace images are hardcoded to use "docker.io" and are not impacted by this build argument
+ARG DOCKER_REGISTRY=docker.io
 
 # Step 1 - Run Maven Build
-FROM dspace/dspace-dependencies:dspace-7_x as build
+FROM ${DOCKER_REGISTRY}/dspace/dspace-dependencies:${DSPACE_VERSION} AS build
 ARG TARGET_DIR=dspace-installer
 WORKDIR /app
 # The dspace-installer directory will be written to /install
@@ -20,40 +25,46 @@ USER dspace
 ADD --chown=dspace . /app/
 # Build DSpace (note: this build doesn't include the optional, deprecated "dspace-rest" webapp)
 # Copy the dspace-installer directory to /install.  Clean up the build to keep the docker image small
-RUN mvn --no-transfer-progress package && \
+# Maven flags here ensure that we skip building test environment and skip all code verification checks.
+# These flags speed up this compilation as much as reasonably possible.
+ENV MAVEN_FLAGS="-P-test-environment -Denforcer.skip=true -Dcheckstyle.skip=true -Dlicense.skip=true -Dxml.skip=true"
+RUN mvn --no-transfer-progress package ${MAVEN_FLAGS} && \
   mv /app/dspace/target/${TARGET_DIR}/* /install && \
   mvn clean
 
 # Step 2 - Run Ant Deploy
-FROM openjdk:${JDK_VERSION}-slim as ant_build
+FROM docker.io/eclipse-temurin:${JDK_VERSION} AS ant_build
 ARG TARGET_DIR=dspace-installer
 # COPY the /install directory from 'build' container to /dspace-src in this container
 COPY --from=build /install /dspace-src
 WORKDIR /dspace-src
 # Create the initial install deployment using ANT
-ENV ANT_VERSION 1.10.12
-ENV ANT_HOME /tmp/ant-$ANT_VERSION
-ENV PATH $ANT_HOME/bin:$PATH
-# Need wget to install ant
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends wget \
-    && apt-get purge -y --auto-remove \
-    && rm -rf /var/lib/apt/lists/*
+ENV ANT_VERSION=1.10.13
+ENV ANT_HOME=/tmp/ant-$ANT_VERSION
+ENV PATH=$ANT_HOME/bin:$PATH
 # Download and install 'ant'
 RUN mkdir $ANT_HOME && \
-    wget -qO- "https://archive.apache.org/dist/ant/binaries/apache-ant-$ANT_VERSION-bin.tar.gz" | tar -zx --strip-components=1 -C $ANT_HOME
+    curl --silent --show-error --location --fail --retry 5 --output /tmp/apache-ant.tar.gz \
+      https://archive.apache.org/dist/ant/binaries/apache-ant-${ANT_VERSION}-bin.tar.gz && \
+    tar -zx --strip-components=1 -f /tmp/apache-ant.tar.gz -C $ANT_HOME && \
+    rm /tmp/apache-ant.tar.gz
 # Run necessary 'ant' deploy scripts
 RUN ant init_installation update_configs update_code update_webapps
 
 # Step 3 - Run tomcat
 # Create a new tomcat image that does not retain the the build directory contents
-FROM tomcat:9-jdk${JDK_VERSION}
+FROM docker.io/tomcat:9-jdk${JDK_VERSION}
 # NOTE: DSPACE_INSTALL must align with the "dspace.dir" default configuration.
 ENV DSPACE_INSTALL=/dspace
-# Copy the /dspace directory from 'ant_build' containger to /dspace in this container
+# Copy the /dspace directory from 'ant_build' container to /dspace in this container
 COPY --from=ant_build /dspace $DSPACE_INSTALL
-# Expose Tomcat port and AJP port
-EXPOSE 8080 8009
+# Need host command for "[dspace]/bin/make-handle-config"
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends host \
+    && apt-get purge -y --auto-remove \
+    && rm -rf /var/lib/apt/lists/*
+# Expose Tomcat port (8080) and AJP port (8009) and Handle Server HTTP port (8000)
+EXPOSE 8080 8009 8000
 # Give java extra memory (2GB)
 ENV JAVA_OPTS=-Xmx2000m
 

Dockerfile.cli

@@ -6,9 +6,14 @@
 # This Dockerfile uses JDK11 by default, but has also been tested with JDK17.
 # To build with JDK17, use "--build-arg JDK_VERSION=17"
 ARG JDK_VERSION=11
+# The Docker version tag to build from
+ARG DSPACE_VERSION=dspace-7_x
+# The Docker registry to use for DSpace images. Defaults to "docker.io"
+# NOTE: non-DSpace images are hardcoded to use "docker.io" and are not impacted by this build argument
+ARG DOCKER_REGISTRY=docker.io
 
 # Step 1 - Run Maven Build
-FROM dspace/dspace-dependencies:dspace-7_x as build
+FROM ${DOCKER_REGISTRY}/dspace/dspace-dependencies:${DSPACE_VERSION} AS build
 ARG TARGET_DIR=dspace-installer
 WORKDIR /app
 # The dspace-installer directory will be written to /install
@@ -24,31 +29,34 @@ RUN mvn --no-transfer-progress package && \
   mvn clean
 
 # Step 2 - Run Ant Deploy
-FROM openjdk:${JDK_VERSION}-slim as ant_build
+FROM docker.io/eclipse-temurin:${JDK_VERSION} AS ant_build
 ARG TARGET_DIR=dspace-installer
 # COPY the /install directory from 'build' container to /dspace-src in this container
 COPY --from=build /install /dspace-src
 WORKDIR /dspace-src
 # Create the initial install deployment using ANT
-ENV ANT_VERSION 1.10.12
-ENV ANT_HOME /tmp/ant-$ANT_VERSION
-ENV PATH $ANT_HOME/bin:$PATH
-# Need wget to install ant
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends wget \
-    && apt-get purge -y --auto-remove \
-    && rm -rf /var/lib/apt/lists/*
+ENV ANT_VERSION=1.10.13
+ENV ANT_HOME=/tmp/ant-$ANT_VERSION
+ENV PATH=$ANT_HOME/bin:$PATH
 # Download and install 'ant'
 RUN mkdir $ANT_HOME && \
-    wget -qO- "https://archive.apache.org/dist/ant/binaries/apache-ant-$ANT_VERSION-bin.tar.gz" | tar -zx --strip-components=1 -C $ANT_HOME
+    curl --silent --show-error --location --fail --retry 5 --output /tmp/apache-ant.tar.gz \
+      https://archive.apache.org/dist/ant/binaries/apache-ant-${ANT_VERSION}-bin.tar.gz && \
+    tar -zx --strip-components=1 -f /tmp/apache-ant.tar.gz -C $ANT_HOME && \
+    rm /tmp/apache-ant.tar.gz
 # Run necessary 'ant' deploy scripts
 RUN ant init_installation update_configs update_code
 
 # Step 3 - Run jdk
-FROM openjdk:${JDK_VERSION}
+FROM docker.io/eclipse-temurin:${JDK_VERSION}
 # NOTE: DSPACE_INSTALL must align with the "dspace.dir" default configuration.
 ENV DSPACE_INSTALL=/dspace
 # Copy the /dspace directory from 'ant_build' container to /dspace in this container
 COPY --from=ant_build /dspace $DSPACE_INSTALL
 # Give java extra memory (1GB)
 ENV JAVA_OPTS=-Xmx1000m
+# Install unzip for AIPs
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends unzip \
+    && apt-get purge -y --auto-remove \
+    && rm -rf /var/lib/apt/lists/*

Dockerfile.dependencies

@@ -6,8 +6,8 @@
 # To build with JDK17, use "--build-arg JDK_VERSION=17"
 ARG JDK_VERSION=11
 
-# Step 1 - Run Maven Build
-FROM maven:3-openjdk-${JDK_VERSION}-slim as build
+# Step 1 - Download all Dependencies
+FROM docker.io/maven:3-eclipse-temurin-${JDK_VERSION} AS build
 ARG TARGET_DIR=dspace-installer
 WORKDIR /app
 # Create the 'dspace' user account & home directory
@@ -15,22 +15,64 @@ RUN useradd dspace \
     && mkdir -p /home/dspace \
     && chown -Rv dspace: /home/dspace
 RUN chown -Rv dspace: /app
-# Need git to support buildnumber-maven-plugin, which lets us know what version of DSpace is being run.
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends git \
-    && apt-get purge -y --auto-remove \
-    && rm -rf /var/lib/apt/lists/*
 
 # Switch to dspace user & run below commands as that user
 USER dspace
 
-# Copy the DSpace source code (from local machine) into the workdir (excluding .dockerignore contents)
-ADD --chown=dspace . /app/
+# This next part may look odd, but it speeds up the build of this image *significantly*.
+# Copy ONLY the POMs to this image (from local machine). This will allow us to download all dependencies *without*
+# performing any code compilation steps.
+
+# Parent POM
+ADD --chown=dspace pom.xml /app/
+RUN mkdir -p /app/dspace
+
+# 'dspace' module POM. Includes 'additions' ONLY, as it's the only submodule that is required to exist.
+ADD --chown=dspace dspace/pom.xml /app/dspace/
+RUN mkdir -p /app/dspace/modules/
+ADD --chown=dspace dspace/modules/pom.xml /app/dspace/modules/
+RUN mkdir -p /app/dspace/modules/additions
+ADD --chown=dspace dspace/modules/additions/pom.xml /app/dspace/modules/additions/
+
+# 'dspace-api' module POM
+RUN mkdir -p /app/dspace-api
+ADD --chown=dspace dspace-api/pom.xml /app/dspace-api/
+
+# 'dspace-iiif' module POM
+RUN mkdir -p /app/dspace-iiif
+ADD --chown=dspace dspace-iiif/pom.xml /app/dspace-iiif/
+
+# 'dspace-oai' module POM
+RUN mkdir -p /app/dspace-oai
+ADD --chown=dspace dspace-oai/pom.xml /app/dspace-oai/
+
+# 'dspace-rdf' module POM
+RUN mkdir -p /app/dspace-rdf
+ADD --chown=dspace dspace-rdf/pom.xml /app/dspace-rdf/
+
+# 'dspace-server-webapp' module POM
+RUN mkdir -p /app/dspace-server-webapp
+ADD --chown=dspace dspace-server-webapp/pom.xml /app/dspace-server-webapp/
+
+# 'dspace-services' module POM
+RUN mkdir -p /app/dspace-services
+ADD --chown=dspace dspace-services/pom.xml /app/dspace-services/
+
+# 'dspace-sword' module POM
+RUN mkdir -p /app/dspace-sword
+ADD --chown=dspace dspace-sword/pom.xml /app/dspace-sword/
+
+# 'dspace-swordv2' module POM
+RUN mkdir -p /app/dspace-swordv2
+ADD --chown=dspace dspace-swordv2/pom.xml /app/dspace-swordv2/
 
 # Trigger the installation of all maven dependencies (hide download progress messages)
-RUN mvn --no-transfer-progress package
+# Maven flags here ensure that we skip final assembly, skip building test environment and skip all code verification checks.
+# These flags speed up this installation and skip tasks we cannot perform as we don't have the full source code.
+ENV MAVEN_FLAGS="-P-assembly -P-test-environment -Denforcer.skip=true -Dcheckstyle.skip=true -Dlicense.skip=true -Dxjc.skip=true -Dxml.skip=true"
+RUN mvn --no-transfer-progress verify ${MAVEN_FLAGS}
 
-# Clear the contents of the /app directory (including all maven builds), so no artifacts remain.
+# Clear the contents of the /app directory (including all maven target folders), so no artifacts remain.
 # This ensures when dspace:dspace is built, it will use the Maven local cache (~/.m2) for dependencies
 USER root
 RUN rm -rf /app/*

Dockerfile.test

@@ -8,9 +8,14 @@
 # This Dockerfile uses JDK11 by default, but has also been tested with JDK17.
 # To build with JDK17, use "--build-arg JDK_VERSION=17"
 ARG JDK_VERSION=11
+# The Docker version tag to build from
+ARG DSPACE_VERSION=dspace-7_x
+# The Docker registry to use for DSpace images. Defaults to "docker.io"
+# NOTE: non-DSpace images are hardcoded to use "docker.io" and are not impacted by this build argument
+ARG DOCKER_REGISTRY=docker.io
 
 # Step 1 - Run Maven Build
-FROM dspace/dspace-dependencies:dspace-7_x as build
+FROM ${DOCKER_REGISTRY}/dspace/dspace-dependencies:${DSPACE_VERSION} AS build
 ARG TARGET_DIR=dspace-installer
 WORKDIR /app
 # The dspace-installer directory will be written to /install
@@ -27,40 +32,45 @@ RUN mvn --no-transfer-progress package -Pdspace-rest && \
   mvn clean
 
 # Step 2 - Run Ant Deploy
-FROM openjdk:${JDK_VERSION}-slim as ant_build
+FROM docker.io/eclipse-temurin:${JDK_VERSION} AS ant_build
 ARG TARGET_DIR=dspace-installer
 # COPY the /install directory from 'build' container to /dspace-src in this container
 COPY --from=build /install /dspace-src
 WORKDIR /dspace-src
 # Create the initial install deployment using ANT
-ENV ANT_VERSION 1.10.12
-ENV ANT_HOME /tmp/ant-$ANT_VERSION
-ENV PATH $ANT_HOME/bin:$PATH
-# Need wget to install ant
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends wget \
-    && apt-get purge -y --auto-remove \
-    && rm -rf /var/lib/apt/lists/*
+ENV ANT_VERSION=1.10.12
+ENV ANT_HOME=/tmp/ant-$ANT_VERSION
+ENV PATH=$ANT_HOME/bin:$PATH
 # Download and install 'ant'
 RUN mkdir $ANT_HOME && \
-    wget -qO- "https://archive.apache.org/dist/ant/binaries/apache-ant-$ANT_VERSION-bin.tar.gz" | tar -zx --strip-components=1 -C $ANT_HOME
+    curl --silent --show-error --location --fail --retry 5 --output /tmp/apache-ant.tar.gz \
+      https://archive.apache.org/dist/ant/binaries/apache-ant-${ANT_VERSION}-bin.tar.gz && \
+    tar -zx --strip-components=1 -f /tmp/apache-ant.tar.gz -C $ANT_HOME && \
+    rm /tmp/apache-ant.tar.gz
 # Run necessary 'ant' deploy scripts
 RUN ant init_installation update_configs update_code update_webapps
 
 # Step 3 - Run tomcat
 # Create a new tomcat image that does not retain the the build directory contents
-FROM tomcat:9-jdk${JDK_VERSION}
+FROM docker.io/tomcat:9-jdk${JDK_VERSION}
 ENV DSPACE_INSTALL=/dspace
 ENV TOMCAT_INSTALL=/usr/local/tomcat
 # Copy the /dspace directory from 'ant_build' containger to /dspace in this container
 COPY --from=ant_build /dspace $DSPACE_INSTALL
+# Need host command for "[dspace]/bin/make-handle-config"
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends host \
+    && apt-get purge -y --auto-remove \
+    && rm -rf /var/lib/apt/lists/*
 # Enable the AJP connector in Tomcat's server.xml
 # NOTE: secretRequired="false" should only be used when AJP is NOT accessible from an external network. But, secretRequired="true" isn't supported by mod_proxy_ajp until Apache 2.5
 RUN sed -i '/Service name="Catalina".*/a \\n    <Connector protocol="AJP/1.3" port="8009" address="0.0.0.0" redirectPort="8443" URIEncoding="UTF-8" secretRequired="false" />' $TOMCAT_INSTALL/conf/server.xml
 # Expose Tomcat port and AJP port
-EXPOSE 8080 8009
+EXPOSE 8080 8009 8000
 # Give java extra memory (2GB)
 ENV JAVA_OPTS=-Xmx2000m
+# Set up debugging
+ENV CATALINA_OPTS=-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=*:8000
 
 # Link the DSpace 'server' webapp into Tomcat's webapps directory.
 # This ensures that when we start Tomcat, it runs from /server path (e.g. http://localhost:8080/server/)

README.md

@@ -48,18 +48,7 @@ See [Running DSpace 7 with Docker Compose](dspace/src/main/docker-compose/README
 
 ## Contributing
 
-DSpace is a community built and supported project. We do not have a centralized development or support team,
-but have a dedicated group of volunteers who help us improve the software, documentation, resources, etc.
-
-We welcome contributions of any type. Here's a few basic guides that provide suggestions for contributing to DSpace:
-* [How to Contribute to DSpace](https://wiki.lyrasis.org/display/DSPACE/How+to+Contribute+to+DSpace): How to contribute in general (via code, documentation, bug reports, expertise, etc)
-* [Code Contribution Guidelines](https://wiki.lyrasis.org/display/DSPACE/Code+Contribution+Guidelines): How to give back code or contribute features, bug fixes, etc.
-* [DSpace Community Advisory Team (DCAT)](https://wiki.lyrasis.org/display/cmtygp/DSpace+Community+Advisory+Team): If you are not a developer, we also have an interest group specifically for repository managers. The DCAT group meets virtually, once a month, and sends open invitations to join their meetings via the [DCAT mailing list](https://groups.google.com/d/forum/DSpaceCommunityAdvisoryTeam).
-
-We also encourage GitHub Pull Requests (PRs) at any time. Please see our [Development with Git](https://wiki.lyrasis.org/display/DSPACE/Development+with+Git) guide for more info.
-
-In addition, a listing of all known contributors to DSpace software can be
-found online at: https://wiki.lyrasis.org/display/DSPACE/DSpaceContributors
+See [Contributing documentation](CONTRIBUTING.md)
 
 ## Getting Help
 

checkstyle-suppressions.xml

@@ -7,4 +7,5 @@
     <!-- TODO: We should have these turned on. But, currently there's a known bug with indentation checks
          on JMockIt Expectations blocks and similar. See https://github.com/checkstyle/checkstyle/issues/3739 -->
     <suppress checks="Indentation" files="src[/\\]test[/\\]java"/>
+    <suppress checks="Regexp" files="DSpaceHttpClientFactory\.java"/>
 </suppressions>

checkstyle.xml

@@ -92,9 +92,7 @@ For more information on CheckStyle configurations below, see: http://checkstyle.
         <!-- Requirements for Javadocs for methods -->
         <module name="JavadocMethod">
             <!-- All public methods MUST HAVE Javadocs -->
-            <!-- <property name="scope" value="public"/> -->
-            <!-- TODO: Above rule has been disabled because of large amount of missing public method Javadocs -->
-            <property name="scope" value="nothing"/>
+            <property name="accessModifiers" value="public"/>
             <!-- Allow params, throws and return tags to be optional -->
             <property name="allowMissingParamTags" value="true"/>
             <property name="allowMissingReturnTag" value="true"/>
@@ -138,5 +136,22 @@ For more information on CheckStyle configurations below, see: http://checkstyle.
         <module name="OneStatementPerLine"/>
         <!-- Require that "catch" statements are not empty (must at least contain a comment) -->
         <module name="EmptyCatchBlock"/>
+
+        <!-- Require to use DSpaceHttpClientFactory.getClient() statement instead of creating directly the client -->
+        <module name="Regexp">
+            <property name="format" value="HttpClientBuilder\.create\s*\(\s*\)" />
+            <property name="message" value="Use DSpaceHttpClientFactory.getClient() instead of HttpClientBuilder.create()" />
+            <property name="illegalPattern" value="true"/>
+            <property name="ignoreComments" value="true"/>
+        </module>
+        <!-- Require to use DSpaceHttpClientFactory.getClient() statement instead of creating directly the client -->
+        <module name="Regexp">
+            <property name="format" value="HttpClients\.createDefault\s*\(\s*\)" />
+            <property name="message" value="Use DSpaceHttpClientFactory.getClient() instead of HttpClients.createDefault()" />
+            <property name="illegalPattern" value="true"/>
+            <property name="ignoreComments" value="true"/>
+        </module>
+
+
     </module>
 </module>

docker-compose-cli.yml

@@ -1,8 +1,12 @@
-version: "3.7"
-
+networks:
+  # Default to using network named 'dspacenet' from docker-compose.yml.
+  # Its full name will be prepended with the project name (e.g. "-p d7" means it will be named "d7_dspacenet")
+  default:
+    name: ${COMPOSE_PROJECT_NAME}_dspacenet
+    external: true
 services:
   dspace-cli:
-    image: "${DOCKER_OWNER:-dspace}/dspace-cli:${DSPACE_VER:-dspace-7_x}"
+    image: "${DOCKER_REGISTRY:-docker.io}/${DOCKER_OWNER:-dspace}/dspace-cli:${DSPACE_VER:-dspace-7_x}"
     container_name: dspace-cli
     build:
       context: .
@@ -26,13 +30,8 @@ services:
     - ./dspace/config:/dspace/config
     entrypoint: /dspace/bin/dspace
     command: help
-    networks:
-      - dspacenet
     tty: true
     stdin_open: true
 
 volumes:
   assetstore:
-
-networks:
-  dspacenet:

docker-compose.yml

@@ -1,4 +1,3 @@
-version: '3.7'
 networks:
   dspacenet:
     ipam:
@@ -28,19 +27,22 @@ services:
       # proxies.trusted.ipranges: This setting is required for a REST API running in Docker to trust requests
       # from the host machine. This IP range MUST correspond to the 'dspacenet' subnet defined above.
       proxies__P__trusted__P__ipranges: '172.23.0'
-    image: "${DOCKER_OWNER:-dspace}/dspace:${DSPACE_VER:-dspace-7_x-test}"
+      LOGGING_CONFIG: /dspace/config/log4j2-container.xml
+    image: "${DOCKER_REGISTRY:-docker.io}/${DOCKER_OWNER:-dspace}/dspace:${DSPACE_VER:-dspace-7_x-test}"
     build:
       context: .
       dockerfile: Dockerfile.test
     depends_on:
     - dspacedb
     networks:
-      dspacenet:
+      - dspacenet
     ports:
     - published: 8080
       target: 8080
     - published: 8009
       target: 8009
+    - published: 8000
+      target: 8000
     stdin_open: true
     tty: true
     volumes:
@@ -60,13 +62,17 @@ services:
       while (!</dev/tcp/dspacedb/5432) > /dev/null 2>&1; do sleep 1; done;
       /dspace/bin/dspace database migrate
       catalina.sh run
-  # DSpace database container
+  # DSpace PostgreSQL database container
   dspacedb:
     container_name: dspacedb
+    # Uses a custom Postgres image with pgcrypto installed
+    image: "${DOCKER_REGISTRY:-docker.io}/${DOCKER_OWNER:-dspace}/dspace-postgres-pgcrypto:${DSPACE_VER:-dspace-7_x}"
+    build:
+      # Must build out of subdirectory to have access to install script for pgcrypto
+      context: ./dspace/src/main/docker/dspace-postgres-pgcrypto/
     environment:
       PGDATA: /pgdata
-    # Uses a custom Postgres image with pgcrypto installed
-    image: dspace/dspace-postgres-pgcrypto
+      POSTGRES_PASSWORD: dspace
     networks:
       dspacenet:
     ports:
@@ -75,12 +81,19 @@ services:
     stdin_open: true
     tty: true
     volumes:
+    # Keep Postgres data directory between reboots
     - pgdata:/pgdata
   # DSpace Solr container
   dspacesolr:
     container_name: dspacesolr
-    # Uses official Solr image at https://hub.docker.com/_/solr/
-    image: solr:8.11-slim
+    image: "${DOCKER_REGISTRY:-docker.io}/${DOCKER_OWNER:-dspace}/dspace-solr:${DSPACE_VER:-dspace-7_x}"
+    build:
+      context: ./dspace/src/main/docker/dspace-solr/
+      # Provide path to Solr configs necessary to build Docker image
+      additional_contexts:
+        solrconfigs: ./dspace/solr/
+      args:
+        SOLR_VERSION: "${SOLR_VER:-8.11}"
     networks:
       dspacenet:
     ports:
@@ -90,30 +103,25 @@ services:
     tty: true
     working_dir: /var/solr/data
     volumes:
-    # Mount our local Solr core configs so that they are available as Solr configsets on container
-    - ./dspace/solr/authority:/opt/solr/server/solr/configsets/authority
-    - ./dspace/solr/oai:/opt/solr/server/solr/configsets/oai
-    - ./dspace/solr/search:/opt/solr/server/solr/configsets/search
-    - ./dspace/solr/statistics:/opt/solr/server/solr/configsets/statistics
     # Keep Solr data directory between reboots
     - solr_data:/var/solr/data
-    # Initialize all DSpace Solr cores using the mounted local configsets (see above), then start Solr
+    # Initialize all DSpace Solr cores then start Solr:
     # * First, run precreate-core to create the core (if it doesn't yet exist). If exists already, this is a no-op
-    # * Second, copy updated configs from mounted configsets to this core. If it already existed, this updates core
-    #   to the latest configs. If it's a newly created core, this is a no-op.
+    # * Second, copy configsets to this core:
+    #   Updates to Solr configs require the container to be rebuilt/restarted: `docker compose -p d7 up -d --build dspacesolr`
     entrypoint:
     - /bin/bash
     - '-c'
     - |
       init-var-solr
       precreate-core authority /opt/solr/server/solr/configsets/authority
-      cp -r -u /opt/solr/server/solr/configsets/authority/* authority
+      cp -r /opt/solr/server/solr/configsets/authority/* authority
       precreate-core oai /opt/solr/server/solr/configsets/oai
-      cp -r -u /opt/solr/server/solr/configsets/oai/* oai
+      cp -r /opt/solr/server/solr/configsets/oai/* oai
       precreate-core search /opt/solr/server/solr/configsets/search
-      cp -r -u /opt/solr/server/solr/configsets/search/* search
+      cp -r /opt/solr/server/solr/configsets/search/* search
       precreate-core statistics /opt/solr/server/solr/configsets/statistics
-      cp -r -u /opt/solr/server/solr/configsets/statistics/* statistics
+      cp -r /opt/solr/server/solr/configsets/statistics/* statistics
       exec solr -f
 volumes:
   assetstore:

dspace-api/pom.xml

@@ -12,7 +12,7 @@
     <parent>
         <groupId>org.dspace</groupId>
         <artifactId>dspace-parent</artifactId>
-        <version>7.3</version>
+        <version>7.6.6-SNAPSHOT</version>
         <relativePath>..</relativePath>
     </parent>
 
@@ -99,24 +99,13 @@
                 </executions>
             </plugin>
 
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>build-helper-maven-plugin</artifactId>
-                <version>3.0.0</version>
-                <executions>
-                    <execution>
-                        <phase>validate</phase>
-                        <goals>
-                            <goal>maven-version</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>buildnumber-maven-plugin</artifactId>
-                <version>1.4</version>
+                <version>3.2.1</version>
+                <configuration>
+                    <revisionOnScmFailure>UNKNOWN_REVISION</revisionOnScmFailure>
+                </configuration>
                 <executions>
                     <execution>
                         <phase>validate</phase>
@@ -393,6 +382,13 @@
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-orm</artifactId>
+            <exclusions>
+                <!-- Spring JCL is unnecessary and conflicts with commons-logging when both are on classpath -->
+                <exclusion>
+                    <groupId>org.springframework</groupId>
+                    <artifactId>spring-jcl</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
@@ -417,38 +413,15 @@
                     <groupId>org.bouncycastle</groupId>
                     <artifactId>bcprov-jdk15on</artifactId>
                 </exclusion>
-                <!-- Newer version of Jetty in our parent POM & via Solr -->
+                <!-- Excluded BouncyCastle dependencies because we use a later version of BouncyCastle.
+                     Having two versions of BouncyCastle in the classpath can cause Handle Server to throw errors. -->
                 <exclusion>
-                    <groupId>org.eclipse.jetty</groupId>
-                    <artifactId>jetty-alpn-java-server</artifactId>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcpkix-jdk15on</artifactId>
                 </exclusion>
                 <exclusion>
-                    <groupId>org.eclipse.jetty</groupId>
-                    <artifactId>jetty-deploy</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.eclipse.jetty</groupId>
-                    <artifactId>jetty-servlet</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.eclipse.jetty</groupId>
-                    <artifactId>jetty-servlets</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.eclipse.jetty</groupId>
-                    <artifactId>jetty-webapp</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.eclipse.jetty</groupId>
-                    <artifactId>jetty-xml</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.eclipse.jetty.http2</groupId>
-                    <artifactId>http2-common</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.eclipse.jetty.http2</groupId>
-                    <artifactId>http2-server</artifactId>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcprov-jdk15on</artifactId>
                 </exclusion>
             </exclusions>
         </dependency>
@@ -488,10 +461,6 @@
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-dbcp2</artifactId>
         </dependency>
-        <dependency>
-            <groupId>commons-fileupload</groupId>
-            <artifactId>commons-fileupload</artifactId>
-        </dependency>
 
         <dependency>
             <groupId>commons-io</groupId>
@@ -525,12 +494,6 @@
         <dependency>
             <groupId>jaxen</groupId>
             <artifactId>jaxen</artifactId>
-            <exclusions>
-                <exclusion>
-                    <artifactId>xom</artifactId>
-                    <groupId>xom</groupId>
-                </exclusion>
-            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.jdom</groupId>
@@ -548,17 +511,11 @@
             <groupId>com.ibm.icu</groupId>
             <artifactId>icu4j</artifactId>
         </dependency>
-        <!-- Codebase at https://github.com/OCLC-Research/oaiharvester2/ -->
+        <!-- Codebase at https://github.com/DSpace/oclc-harvester2 -->
         <dependency>
             <groupId>org.dspace</groupId>
             <artifactId>oclc-harvester2</artifactId>
         </dependency>
-        <!-- Xalan is REQUIRED by 'oclc-harvester2' listed above (OAI harvesting fails without it).
-             Please do NOT use Xalan in DSpace codebase as it is not well maintained. -->
-        <dependency>
-            <groupId>xalan</groupId>
-            <artifactId>xalan</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.dspace</groupId>
             <artifactId>dspace-services</artifactId>
@@ -570,7 +527,7 @@
         </dependency>
         <dependency>
             <groupId>org.hamcrest</groupId>
-            <artifactId>hamcrest-all</artifactId>
+            <artifactId>hamcrest</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -600,7 +557,7 @@
         <dependency>
             <groupId>org.jbibtex</groupId>
             <artifactId>jbibtex</artifactId>
-            <version>1.0.10</version>
+            <version>1.0.20</version>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
@@ -628,26 +585,6 @@
             <artifactId>solr-core</artifactId>
             <scope>test</scope>
             <version>${solr.client.version}</version>
-            <exclusions>
-                <!-- Newer version brought in by opencsv -->
-                <exclusion>
-                    <groupId>org.apache.commons</groupId>
-                    <artifactId>commons-text</artifactId>
-                </exclusion>
-                <!-- Newer Jetty version brought in via Parent POM -->
-                <exclusion>
-                    <groupId>org.eclipse.jetty</groupId>
-                    <artifactId>jetty-http</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.eclipse.jetty</groupId>
-                    <artifactId>jetty-io</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.eclipse.jetty</groupId>
-                    <artifactId>jetty-util</artifactId>
-                </exclusion>
-            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.apache.lucene</groupId>
@@ -682,7 +619,7 @@
         <dependency>
             <groupId>com.maxmind.geoip2</groupId>
             <artifactId>geoip2</artifactId>
-            <version>2.11.0</version>
+            <version>2.17.0</version>
         </dependency>
         <dependency>
             <groupId>org.apache.ant</groupId>
@@ -691,7 +628,7 @@
         <dependency>
             <groupId>dnsjava</groupId>
             <artifactId>dnsjava</artifactId>
-            <version>2.1.7</version>
+            <version>3.6.3</version>
         </dependency>
 
         <dependency>
@@ -727,7 +664,7 @@
         <dependency>
             <groupId>org.flywaydb</groupId>
             <artifactId>flyway-core</artifactId>
-            <version>8.4.4</version>
+            <version>8.5.13</version>
         </dependency>
 
         <!-- Google Analytics -->
@@ -801,7 +738,7 @@
         <dependency>
             <groupId>com.amazonaws</groupId>
             <artifactId>aws-java-sdk-s3</artifactId>
-            <version>1.12.116</version>
+            <version>1.12.792</version>
         </dependency>
 
         <dependency>
@@ -835,7 +772,7 @@
         <dependency>
             <groupId>org.json</groupId>
             <artifactId>json</artifactId>
-            <version>20180130</version>
+            <version>20231013</version>
         </dependency>
 
         <!-- Useful for testing command-line tools -->
@@ -850,7 +787,7 @@
         <dependency>
             <groupId>com.opencsv</groupId>
             <artifactId>opencsv</artifactId>
-            <version>5.2</version>
+            <version>5.12.0</version>
         </dependency>
 
         <!-- Email templating -->
@@ -865,10 +802,11 @@
             <scope>test</scope>
         </dependency>
 
-       <dependency>
+        <dependency>
             <groupId>org.apache.bcel</groupId>
             <artifactId>bcel</artifactId>
-            <version>6.4.0</version>
+            <version>6.10.0</version>
+            <scope>test</scope>
         </dependency>
 
         <!-- required for openaire api integration -->
@@ -876,12 +814,19 @@
             <groupId>eu.openaire</groupId>
             <artifactId>funders-model</artifactId>
             <version>2.0.0</version>
+            <exclusions>
+                <!-- Newer version pulled in via Jersey below -->
+                <exclusion>
+                    <groupId>org.javassist</groupId>
+                    <artifactId>javassist</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
             <groupId>org.mock-server</groupId>
             <artifactId>mockserver-junit-rule</artifactId>
-            <version>5.11.2</version>
+            <version>5.15.0</version>
             <scope>test</scope>
             <exclusions>
                 <!-- Exclude snakeyaml to avoid conflicts with: spring-boot-starter-cache -->
@@ -891,52 +836,76 @@
             	</exclusion>
             </exclusions>
         </dependency>
+        
+        <dependency>
+            <groupId>io.findify</groupId>
+            <artifactId>s3mock_2.13</artifactId>
+            <version>0.2.6</version>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.amazonawsl</groupId>
+                    <artifactId>aws-java-sdk-s3</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.amazonaws</groupId>
+                    <artifactId>aws-java-sdk-s3</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <dependency>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>mockwebserver</artifactId>
+            <scope>test</scope>
+        </dependency>
+    
     </dependencies>
 
     <dependencyManagement>
         <dependencies>
           <!-- for mockserver -->
-          <!-- Solve dependency convergence issues related to
+          <!-- Solve dependency convergence issues related to Solr and
                'mockserver-junit-rule' by selecting the versions we want to use. -->
-          <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-text</artifactId>
-            <version>1.9</version>
-          </dependency>
           <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-buffer</artifactId>
-            <version>4.1.68.Final</version>
+            <version>4.2.6.Final</version>
           </dependency>
           <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-transport</artifactId>
-            <version>4.1.68.Final</version>
+            <version>4.2.6.Final</version>
           </dependency>
+          <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-transport-native-unix-common</artifactId>
+            <version>4.2.6.Final</version>
+           </dependency>
           <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-common</artifactId>
-            <version>4.1.68.Final</version>
+            <version>4.2.6.Final</version>
           </dependency>
           <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-handler</artifactId>
-            <version>4.1.68.Final</version>
+            <version>4.2.6.Final</version>
           </dependency>
           <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-codec</artifactId>
-            <version>4.1.68.Final</version>
+            <version>4.2.6.Final</version>
           </dependency>
           <dependency>
             <groupId>org.apache.velocity</groupId>
             <artifactId>velocity-engine-core</artifactId>
-            <version>2.3</version>
+            <version>2.4.1</version>
           </dependency>
           <dependency>
               <groupId>org.xmlunit</groupId>
               <artifactId>xmlunit-core</artifactId>
-              <version>2.8.0</version>
+              <version>2.10.4</version>
               <scope>test</scope>
           </dependency>
           <dependency>
@@ -955,9 +924,10 @@
             <version>2.0.1.Final</version>
           </dependency>
           <dependency>
-            <groupId>io.swagger</groupId>
-            <artifactId>swagger-core</artifactId>
-            <version>1.6.2</version>
+            <groupId>org.scala-lang</groupId>
+            <artifactId>scala-library</artifactId>
+            <version>2.13.16</version>
+            <scope>test</scope>
           </dependency>
         </dependencies>
     </dependencyManagement>

dspace-api/src/main/java/org/dspace/access/status/AccessStatusHelper.java

@@ -22,9 +22,21 @@ public interface AccessStatusHelper {
      *
      * @param context the DSpace context
      * @param item    the item
+     * @param threshold the embargo threshold date
      * @return an access status value
      * @throws SQLException An exception that provides information on a database access error or other errors.
      */
     public String getAccessStatusFromItem(Context context, Item item, Date threshold)
         throws SQLException;
+
+    /**
+     * Retrieve embargo information for the item
+     *
+     * @param context the DSpace context
+     * @param item the item to check for embargo information
+     * @param threshold the embargo threshold date
+     * @return an embargo date
+     * @throws SQLException An exception that provides information on a database access error or other errors.
+     */
+    public String getEmbargoFromItem(Context context, Item item, Date threshold) throws SQLException;
 }

dspace-api/src/main/java/org/dspace/access/status/AccessStatusServiceImpl.java

@@ -63,4 +63,9 @@ public class AccessStatusServiceImpl implements AccessStatusService {
     public String getAccessStatus(Context context, Item item) throws SQLException {
         return helper.getAccessStatusFromItem(context, item, forever_date);
     }
+
+    @Override
+    public String getEmbargoFromItem(Context context, Item item) throws SQLException {
+        return helper.getEmbargoFromItem(context, item, forever_date);
+    }
 }

dspace-api/src/main/java/org/dspace/access/status/DefaultAccessStatusHelper.java

@@ -26,6 +26,7 @@ import org.dspace.content.service.ItemService;
 import org.dspace.core.Constants;
 import org.dspace.core.Context;
 import org.dspace.eperson.Group;
+import org.joda.time.LocalDate;
 
 /**
  * Default plugin implementation of the access status helper.
@@ -33,6 +34,11 @@ import org.dspace.eperson.Group;
  * calculate the access status of an item based on the policies of
  * the primary or the first bitstream in the original bundle.
  * Users can override this method for enhanced functionality.
+ *
+ * The getEmbargoInformationFromItem method provides a simple logic to
+ *  * retrieve embargo information of bitstreams from an item based on the policies of
+ *  * the primary or the first bitstream in the original bundle.
+ *  * Users can override this method for enhanced functionality.
  */
 public class DefaultAccessStatusHelper implements AccessStatusHelper {
     public static final String EMBARGO = "embargo";
@@ -54,12 +60,12 @@ public class DefaultAccessStatusHelper implements AccessStatusHelper {
 
     /**
      * Look at the item's policies to determine an access status value.
-     * It is also considering a date threshold for embargos and restrictions.
+     * It is also considering a date threshold for embargoes and restrictions.
      *
      * If the item is null, simply returns the "unknown" value.
      *
      * @param context     the DSpace context
-     * @param item        the item to embargo
+     * @param item        the item to check for embargoes
      * @param threshold   the embargo threshold date
      * @return an access status value
      */
@@ -86,7 +92,7 @@ public class DefaultAccessStatusHelper implements AccessStatusHelper {
                 .findFirst()
                 .orElse(null);
         }
-        return caculateAccessStatusForDso(context, bitstream, threshold);
+        return calculateAccessStatusForDso(context, bitstream, threshold);
     }
 
     /**
@@ -104,7 +110,7 @@ public class DefaultAccessStatusHelper implements AccessStatusHelper {
      * @param threshold   the embargo threshold date
      * @return an access status value
      */
-    private String caculateAccessStatusForDso(Context context, DSpaceObject dso, Date threshold)
+    private String calculateAccessStatusForDso(Context context, DSpaceObject dso, Date threshold)
             throws SQLException {
         if (dso == null) {
             return METADATA_ONLY;
@@ -156,4 +162,87 @@ public class DefaultAccessStatusHelper implements AccessStatusHelper {
         }
         return RESTRICTED;
     }
+
+    /**
+     * Look at the policies of the primary (or first) bitstream of the item to retrieve its embargo.
+     *
+     * If the item is null, simply returns an empty map with no embargo information.
+     *
+     * @param context     the DSpace context
+     * @param item        the item to embargo
+     * @return an access status value
+     */
+    @Override
+    public String getEmbargoFromItem(Context context, Item item, Date threshold)
+            throws SQLException {
+        Date embargoDate;
+
+        // If Item status is not "embargo" then return a null embargo date.
+        String accessStatus = getAccessStatusFromItem(context, item, threshold);
+
+        if (item == null || !accessStatus.equals(EMBARGO)) {
+            return null;
+        }
+        // Consider only the original bundles.
+        List<Bundle> bundles = item.getBundles(Constants.DEFAULT_BUNDLE_NAME);
+        // Check for primary bitstreams first.
+        Bitstream bitstream = bundles.stream()
+                .map(bundle -> bundle.getPrimaryBitstream())
+                .filter(Objects::nonNull)
+                .findFirst()
+                .orElse(null);
+        if (bitstream == null) {
+            // If there is no primary bitstream,
+            // take the first bitstream in the bundles.
+            bitstream = bundles.stream()
+                    .map(bundle -> bundle.getBitstreams())
+                    .flatMap(List::stream)
+                    .findFirst()
+                    .orElse(null);
+        }
+
+        if (bitstream == null) {
+            return null;
+        }
+
+        embargoDate = this.retrieveShortestEmbargo(context, bitstream);
+
+        return embargoDate != null ? embargoDate.toString() : null;
+    }
+
+    /**
+     *
+     */
+    private Date retrieveShortestEmbargo(Context context, Bitstream bitstream) throws SQLException {
+        Date embargoDate = null;
+        // Only consider read policies.
+        List<ResourcePolicy> policies = authorizeService
+                .getPoliciesActionFilter(context, bitstream, Constants.READ);
+
+        // Looks at all read policies.
+        for (ResourcePolicy policy : policies) {
+            boolean isValid = resourcePolicyService.isDateValid(policy);
+            Group group = policy.getGroup();
+
+            if (group != null && StringUtils.equals(group.getName(), Group.ANONYMOUS)) {
+                // Only calculate the status for the anonymous group.
+                if (!isValid) {
+                    // If the policy is not valid there is an active embargo
+                    Date startDate = policy.getStartDate();
+
+                    if (startDate != null && !startDate.before(LocalDate.now().toDate())) {
+                        // There is an active embargo: aim to take the shortest embargo (account for rare cases where
+                        // more than one resource policy exists)
+                        if (embargoDate == null) {
+                            embargoDate = startDate;
+                        } else {
+                            embargoDate = startDate.before(embargoDate) ? startDate : embargoDate;
+                        }
+                    }
+                }
+            }
+        }
+
+        return embargoDate;
+    }
 }

dspace-api/src/main/java/org/dspace/access/status/service/AccessStatusService.java

@@ -40,7 +40,18 @@ public interface AccessStatusService {
      *
      * @param context the DSpace context
      * @param item    the item
+     * @return an access status value
      * @throws SQLException An exception that provides information on a database access error or other errors.
      */
     public String getAccessStatus(Context context, Item item) throws SQLException;
+
+    /**
+     * Retrieve embargo information for the item
+     *
+     * @param context the DSpace context
+     * @param item the item to check for embargo information
+     * @return an embargo date
+     * @throws SQLException An exception that provides information on a database access error or other errors.
+     */
+    public String getEmbargoFromItem(Context context, Item item) throws SQLException;
 }

dspace-api/src/main/java/org/dspace/administer/CreateAdministrator.java

@@ -14,6 +14,7 @@ import java.util.Locale;
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.CommandLineParser;
 import org.apache.commons.cli.DefaultParser;
+import org.apache.commons.cli.HelpFormatter;
 import org.apache.commons.cli.Options;
 import org.apache.commons.lang3.StringUtils;
 import org.dspace.core.Context;
@@ -54,14 +55,14 @@ public final class CreateAdministrator {
     protected GroupService groupService;
 
     /**
-     * For invoking via the command line.  If called with no command line arguments,
+     * For invoking via the command line. If called with no command line arguments,
      * it will negotiate with the user for the administrator details
      *
      * @param argv the command line arguments given
      * @throws Exception if error
      */
     public static void main(String[] argv)
-        throws Exception {
+            throws Exception {
         CommandLineParser parser = new DefaultParser();
         Options options = new Options();
 
@@ -69,19 +70,41 @@ public final class CreateAdministrator {
 
         options.addOption("e", "email", true, "administrator email address");
         options.addOption("f", "first", true, "administrator first name");
+        options.addOption("h", "help", false, "explain create-administrator options");
         options.addOption("l", "last", true, "administrator last name");
         options.addOption("c", "language", true, "administrator language");
         options.addOption("p", "password", true, "administrator password");
 
-        CommandLine line = parser.parse(options, argv);
+        CommandLine line = null;
+
+        try {
+
+            line = parser.parse(options, argv);
+
+        } catch (Exception e) {
+
+            System.out.println(e.getMessage() + "\nTry \"dspace create-administrator -h\" to print help information.");
+            System.exit(1);
+
+        }
 
         if (line.hasOption("e") && line.hasOption("f") && line.hasOption("l") &&
-            line.hasOption("c") && line.hasOption("p")) {
+                line.hasOption("c") && line.hasOption("p")) {
             ca.createAdministrator(line.getOptionValue("e"),
-                                   line.getOptionValue("f"), line.getOptionValue("l"),
-                                   line.getOptionValue("c"), line.getOptionValue("p"));
+                    line.getOptionValue("f"), line.getOptionValue("l"),
+                    line.getOptionValue("c"), line.getOptionValue("p"));
+        } else if (line.hasOption("h")) {
+            String header = "\nA command-line tool for creating an initial administrator for setting up a" +
+                    " DSpace site. Unless all the required parameters are passed it will" +
+                    " prompt for an e-mail address, last name, first name and password from" +
+                    " standard input.. An administrator group is then created and the data passed" +
+                    "  in used to create an e-person in that group.\n\n";
+            String footer = "\n";
+            HelpFormatter formatter = new HelpFormatter();
+            formatter.printHelp("dspace create-administrator", header, options, footer, true);
+            return;
         } else {
-            ca.negotiateAdministratorDetails();
+            ca.negotiateAdministratorDetails(line);
         }
     }
 
@@ -91,8 +114,19 @@ public final class CreateAdministrator {
      * @throws Exception if error
      */
     protected CreateAdministrator()
-        throws Exception {
+            throws Exception {
         context = new Context();
+        try {
+            context.getDBConfig();
+        } catch (NullPointerException npr) {
+            // if database is null, there is no point in continuing. Prior to this exception and catch,
+            // NullPointerException was thrown, that wasn't very helpful.
+            throw new IllegalStateException("Problem connecting to database. This " +
+                    "indicates issue with either network or version (or possibly some other). " +
+                    "If you are running this in docker-compose, please make sure dspace-cli was " +
+                    "built from the same sources as running dspace container AND that they are in " +
+                    "the same project/network.");
+        }
         groupService = EPersonServiceFactory.getInstance().getGroupService();
         ePersonService = EPersonServiceFactory.getInstance().getEPersonService();
     }
@@ -103,20 +137,20 @@ public final class CreateAdministrator {
      *
      * @throws Exception if error
      */
-    protected void negotiateAdministratorDetails()
-        throws Exception {
+    protected void negotiateAdministratorDetails(CommandLine line)
+            throws Exception {
         Console console = System.console();
 
         System.out.println("Creating an initial administrator account");
 
-        boolean dataOK = false;
-
-        String email = null;
-        String firstName = null;
-        String lastName = null;
-        char[] password1 = null;
-        char[] password2 = null;
+        String email = line.getOptionValue('e');
+        String firstName = line.getOptionValue('f');
+        String lastName = line.getOptionValue('l');
         String language = I18nUtil.getDefaultLocale().getLanguage();
+        ConfigurationService cfg = DSpaceServicesFactory.getInstance().getConfigurationService();
+        boolean flag = line.hasOption('p');
+        char[] password = null;
+        boolean dataOK = line.hasOption('f') && line.hasOption('e') && line.hasOption('l');
 
         while (!dataOK) {
             System.out.print("E-mail address: ");
@@ -147,8 +181,6 @@ public final class CreateAdministrator {
             if (lastName != null) {
                 lastName = lastName.trim();
             }
-
-            ConfigurationService cfg = DSpaceServicesFactory.getInstance().getConfigurationService();
             if (cfg.hasProperty("webui.supported.locales")) {
                 System.out.println("Select one of the following languages: "
                         + cfg.getProperty("webui.supported.locales"));
@@ -163,46 +195,59 @@ public final class CreateAdministrator {
                 }
             }
 
-            System.out.println("Password will not display on screen.");
-            System.out.print("Password: ");
+            System.out.print("Is the above data correct? (y or n): ");
             System.out.flush();
 
-            password1 = console.readPassword();
+            String s = console.readLine();
 
-            System.out.print("Again to confirm: ");
-            System.out.flush();
-
-            password2 = console.readPassword();
-
-            //TODO real password validation
-            if (password1.length > 1 && Arrays.equals(password1, password2)) {
-                // password OK
-                System.out.print("Is the above data correct? (y or n): ");
-                System.out.flush();
-
-                String s = console.readLine();
-
-                if (s != null) {
-                    s = s.trim();
-                    if (s.toLowerCase().startsWith("y")) {
-                        dataOK = true;
-                    }
+            if (s != null) {
+                s = s.trim();
+                if (s.toLowerCase().startsWith("y")) {
+                    dataOK = true;
                 }
-            } else {
-                System.out.println("Passwords don't match");
             }
+
+        }
+        if (!flag) {
+            password = getPassword(console);
+            if (password == null) {
+                return;
+            }
+        } else {
+            password = line.getOptionValue("p").toCharArray();
         }
-
         // if we make it to here, we are ready to create an administrator
-        createAdministrator(email, firstName, lastName, language, String.valueOf(password1));
+        createAdministrator(email, firstName, lastName, language, String.valueOf(password));
 
-        //Cleaning arrays that held password
-        Arrays.fill(password1, ' ');
-        Arrays.fill(password2, ' ');
+    }
+
+    private char[] getPassword(Console console) {
+        char[] password1 = null;
+        char[] password2 = null;
+        System.out.println("Password will not display on screen.");
+        System.out.print("Password: ");
+        System.out.flush();
+
+        password1 = console.readPassword();
+
+        System.out.print("Again to confirm: ");
+        System.out.flush();
+
+        password2 = console.readPassword();
+
+        // TODO real password validation
+        if (password1.length > 1 && Arrays.equals(password1, password2)) {
+            // password OK
+            Arrays.fill(password2, ' ');
+            return password1;
+        } else {
+            System.out.println("Passwords don't match");
+            return null;
+        }
     }
 
     /**
-     * Create the administrator with the given details.  If the user
+     * Create the administrator with the given details. If the user
      * already exists then they are simply upped to administrator status
      *
      * @param email    the email for the user
@@ -213,8 +258,8 @@ public final class CreateAdministrator {
      * @throws Exception if error
      */
     protected void createAdministrator(String email, String first, String last,
-                                       String language, String pw)
-        throws Exception {
+            String language, String pw)
+            throws Exception {
         // Of course we aren't an administrator yet so we need to
         // circumvent authorisation
         context.turnOffAuthorisationSystem();

dspace-api/src/main/java/org/dspace/administer/ProcessCleaner.java

@@ -0,0 +1,140 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.administer;
+
+import java.io.IOException;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import org.apache.commons.cli.ParseException;
+import org.apache.commons.lang.time.DateUtils;
+import org.dspace.authorize.AuthorizeException;
+import org.dspace.content.ProcessStatus;
+import org.dspace.core.Context;
+import org.dspace.scripts.DSpaceRunnable;
+import org.dspace.scripts.Process;
+import org.dspace.scripts.factory.ScriptServiceFactory;
+import org.dspace.scripts.service.ProcessService;
+import org.dspace.services.ConfigurationService;
+import org.dspace.services.factory.DSpaceServicesFactory;
+import org.dspace.utils.DSpace;
+
+/**
+ * Script to cleanup the old processes in the specified state.
+ *
+ * @author Luca Giamminonni (luca.giamminonni at 4science.it)
+ *
+ */
+public class ProcessCleaner extends DSpaceRunnable<ProcessCleanerConfiguration<ProcessCleaner>> {
+
+    private ConfigurationService configurationService;
+
+    private ProcessService processService;
+
+
+    private boolean cleanCompleted = false;
+
+    private boolean cleanFailed = false;
+
+    private boolean cleanRunning = false;
+
+    private boolean help = false;
+
+    private Integer days;
+
+
+    @Override
+    public void setup() throws ParseException {
+
+        this.configurationService = DSpaceServicesFactory.getInstance().getConfigurationService();
+        this.processService = ScriptServiceFactory.getInstance().getProcessService();
+
+        this.help = commandLine.hasOption('h');
+        this.cleanFailed = commandLine.hasOption('f');
+        this.cleanRunning = commandLine.hasOption('r');
+        this.cleanCompleted = commandLine.hasOption('c') || (!cleanFailed && !cleanRunning);
+
+        this.days = configurationService.getIntProperty("process-cleaner.days", 14);
+
+        if (this.days <= 0) {
+            throw new IllegalStateException("The number of days must be a positive integer.");
+        }
+
+    }
+
+    @Override
+    public void internalRun() throws Exception {
+
+        if (help) {
+            printHelp();
+            return;
+        }
+
+        Context context = new Context();
+
+        try {
+            context.turnOffAuthorisationSystem();
+            performDeletion(context);
+        } finally {
+            context.restoreAuthSystemState();
+            context.complete();
+        }
+
+    }
+
+    /**
+     * Delete the processes based on the specified statuses and the configured days
+     * from their creation.
+     */
+    private void performDeletion(Context context) throws SQLException, IOException, AuthorizeException {
+
+        List<ProcessStatus> statuses = getProcessToDeleteStatuses();
+        Date creationDate = calculateCreationDate();
+
+        handler.logInfo("Searching for processes with status: " + statuses);
+        List<Process> processes = processService.findByStatusAndCreationTimeOlderThan(context, statuses, creationDate);
+        handler.logInfo("Found " + processes.size() + " processes to be deleted");
+        for (Process process : processes) {
+            processService.delete(context, process);
+        }
+
+        handler.logInfo("Process cleanup completed");
+
+    }
+
+    /**
+     * Returns the list of Process statuses do be deleted.
+     */
+    private List<ProcessStatus> getProcessToDeleteStatuses() {
+        List<ProcessStatus> statuses = new ArrayList<ProcessStatus>();
+        if (cleanCompleted) {
+            statuses.add(ProcessStatus.COMPLETED);
+        }
+        if (cleanFailed) {
+            statuses.add(ProcessStatus.FAILED);
+        }
+        if (cleanRunning) {
+            statuses.add(ProcessStatus.RUNNING);
+        }
+        return statuses;
+    }
+
+    private Date calculateCreationDate() {
+        return DateUtils.addDays(new Date(), -days);
+    }
+
+    @Override
+    @SuppressWarnings("unchecked")
+    public ProcessCleanerConfiguration<ProcessCleaner> getScriptConfiguration() {
+        return new DSpace().getServiceManager()
+            .getServiceByName("process-cleaner", ProcessCleanerConfiguration.class);
+    }
+
+}

dspace-api/src/main/java/org/dspace/administer/ProcessCleanerCli.java

@@ -0,0 +1,18 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.administer;
+
+/**
+ * The {@link ProcessCleaner} for CLI.
+ *
+ * @author Luca Giamminonni (luca.giamminonni at 4science.it)
+ *
+ */
+public class ProcessCleanerCli extends ProcessCleaner {
+
+}

dspace-api/src/main/java/org/dspace/administer/ProcessCleanerCliConfiguration.java

@@ -0,0 +1,18 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.administer;
+
+/**
+ * The {@link ProcessCleanerConfiguration} for CLI.
+ *
+ * @author Luca Giamminonni (luca.giamminonni at 4science.it)
+ *
+ */
+public class ProcessCleanerCliConfiguration extends ProcessCleanerConfiguration<ProcessCleanerCli> {
+
+}

dspace-api/src/main/java/org/dspace/administer/ProcessCleanerConfiguration.java

@@ -0,0 +1,53 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.administer;
+
+import org.apache.commons.cli.Options;
+import org.dspace.scripts.configuration.ScriptConfiguration;
+
+/**
+ * The {@link ScriptConfiguration} for the {@link ProcessCleaner} script.
+ */
+public class ProcessCleanerConfiguration<T extends ProcessCleaner> extends ScriptConfiguration<T> {
+
+    private Class<T> dspaceRunnableClass;
+
+    @Override
+    public Options getOptions() {
+        if (options == null) {
+
+            Options options = new Options();
+
+            options.addOption("h", "help", false, "help");
+
+            options.addOption("r", "running", false, "delete the process with RUNNING status");
+            options.getOption("r").setType(boolean.class);
+
+            options.addOption("f", "failed", false, "delete the process with FAILED status");
+            options.getOption("f").setType(boolean.class);
+
+            options.addOption("c", "completed", false,
+                "delete the process with COMPLETED status (default if no statuses are specified)");
+            options.getOption("c").setType(boolean.class);
+
+            super.options = options;
+        }
+        return options;
+    }
+
+    @Override
+    public Class<T> getDspaceRunnableClass() {
+        return dspaceRunnableClass;
+    }
+
+    @Override
+    public void setDspaceRunnableClass(Class<T> dspaceRunnableClass) {
+        this.dspaceRunnableClass = dspaceRunnableClass;
+    }
+
+}

dspace-api/src/main/java/org/dspace/administer/RegistryImporter.java

@@ -10,7 +10,6 @@ package org.dspace.administer;
 import java.io.File;
 import java.io.IOException;
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.TransformerException;
 import javax.xml.xpath.XPath;
@@ -18,6 +17,7 @@ import javax.xml.xpath.XPathConstants;
 import javax.xml.xpath.XPathExpressionException;
 import javax.xml.xpath.XPathFactory;
 
+import org.dspace.app.util.XMLUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
@@ -49,8 +49,9 @@ public class RegistryImporter {
      */
     public static Document loadXML(String filename)
         throws IOException, ParserConfigurationException, SAXException {
-        DocumentBuilder builder = DocumentBuilderFactory.newInstance()
-                                                        .newDocumentBuilder();
+        // This XML builder will *not* disable external entities as XML
+        // registries are considered trusted content
+        DocumentBuilder builder = XMLUtils.getTrustedDocumentBuilder();
 
         Document document = builder.parse(new File(filename));
 

dspace-api/src/main/java/org/dspace/administer/RegistryLoader.java

@@ -13,7 +13,6 @@ import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.TransformerException;
 import javax.xml.xpath.XPath;
@@ -21,7 +20,15 @@ import javax.xml.xpath.XPathConstants;
 import javax.xml.xpath.XPathExpressionException;
 import javax.xml.xpath.XPathFactory;
 
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.CommandLineParser;
+import org.apache.commons.cli.DefaultParser;
+import org.apache.commons.cli.HelpFormatter;
+import org.apache.commons.cli.Options;
+import org.apache.commons.cli.ParseException;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.Logger;
+import org.dspace.app.util.XMLUtils;
 import org.dspace.authorize.AuthorizeException;
 import org.dspace.content.BitstreamFormat;
 import org.dspace.content.factory.ContentServiceFactory;
@@ -41,7 +48,7 @@ import org.xml.sax.SAXException;
  * <P>
  * <code>RegistryLoader -bitstream bitstream-formats.xml</code>
  * <P>
- * <code>RegistryLoader -dc dc-types.xml</code>
+ * <code>RegistryLoader -metadata dc-types.xml</code>
  *
  * @author Robert Tansley
  * @version $Revision$
@@ -50,7 +57,7 @@ public class RegistryLoader {
     /**
      * log4j category
      */
-    private static Logger log = org.apache.logging.log4j.LogManager.getLogger(RegistryLoader.class);
+    private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(RegistryLoader.class);
 
     protected static BitstreamFormatService bitstreamFormatService = ContentServiceFactory.getInstance()
                                                                                           .getBitstreamFormatService();
@@ -67,50 +74,99 @@ public class RegistryLoader {
      * @throws Exception if error
      */
     public static void main(String[] argv) throws Exception {
-        String usage = "Usage: " + RegistryLoader.class.getName()
-            + " (-bitstream | -metadata) registry-file.xml";
-
-        Context context = null;
+        // Set up command-line options and parse arguments
+        CommandLineParser parser = new DefaultParser();
+        Options options = createCommandLineOptions();
 
         try {
-            context = new Context();
+            CommandLine line = parser.parse(options, argv);
+
+            // Check if help option was entered or no options provided
+            if (line.hasOption('h') || line.getOptions().length == 0) {
+                printHelp(options);
+                System.exit(0);
+            }
+
+            Context context = new Context();
 
             // Can't update registries anonymously, so we need to turn off
             // authorisation
             context.turnOffAuthorisationSystem();
 
-            // Work out what we're loading
-            if (argv[0].equalsIgnoreCase("-bitstream")) {
-                RegistryLoader.loadBitstreamFormats(context, argv[1]);
-            } else if (argv[0].equalsIgnoreCase("-metadata")) {
-                // Call MetadataImporter, as it handles Metadata schema updates
-                MetadataImporter.loadRegistry(argv[1], true);
-            } else {
-                System.err.println(usage);
+            try {
+                // Work out what we're loading
+                if (line.hasOption('b')) {
+                    String filename = line.getOptionValue('b');
+                    if (StringUtils.isEmpty(filename)) {
+                        System.err.println("No file path provided for bitstream format registry");
+                        printHelp(options);
+                        System.exit(1);
+                    }
+                    RegistryLoader.loadBitstreamFormats(context, filename);
+                } else if (line.hasOption('m')) {
+                    String filename = line.getOptionValue('m');
+                    if (StringUtils.isEmpty(filename)) {
+                        System.err.println("No file path provided for metadata registry");
+                        printHelp(options);
+                        System.exit(1);
+                    }
+                    // Call MetadataImporter, as it handles Metadata schema updates
+                    MetadataImporter.loadRegistry(filename, true);
+                } else {
+                    System.err.println("No registry type specified");
+                    printHelp(options);
+                    System.exit(1);
+                }
+
+                // Commit changes and close Context
+                context.complete();
+                System.exit(0);
+            } catch (Exception e) {
+                log.fatal(LogHelper.getHeader(context, "error_loading_registries", ""), e);
+                System.err.println("Error: \n - " + e.getMessage());
+                System.exit(1);
+            } finally {
+                // Clean up our context, if it still exists & it was never completed
+                if (context != null && context.isValid()) {
+                    context.abort();
+                }
             }
-
-            // Commit changes and close Context
-            context.complete();
-
-            System.exit(0);
-        } catch (ArrayIndexOutOfBoundsException ae) {
-            System.err.println(usage);
-
+        } catch (ParseException e) {
+            System.err.println("Error parsing command-line arguments: " + e.getMessage());
+            printHelp(options);
             System.exit(1);
-        } catch (Exception e) {
-            log.fatal(LogHelper.getHeader(context, "error_loading_registries",
-                                           ""), e);
-
-            System.err.println("Error: \n - " + e.getMessage());
-            System.exit(1);
-        } finally {
-            // Clean up our context, if it still exists & it was never completed
-            if (context != null && context.isValid()) {
-                context.abort();
-            }
         }
     }
 
+    /**
+     * Create the command-line options
+     * @return the command-line options
+     */
+    private static Options createCommandLineOptions() {
+        Options options = new Options();
+
+        options.addOption("b", "bitstream", true, "load bitstream format registry from specified file");
+        options.addOption("m", "metadata", true, "load metadata registry from specified file");
+        options.addOption("h", "help", false, "print this help message");
+
+        return options;
+    }
+
+    /**
+     * Print the help message
+     * @param options the command-line options
+     */
+    private static void printHelp(Options options) {
+        HelpFormatter formatter = new HelpFormatter();
+        formatter.printHelp("RegistryLoader",
+                            "Load bitstream format or metadata registries into the database\n",
+                            options,
+                            "\nExamples:\n" +
+                            " RegistryLoader -b bitstream-formats.xml\n" +
+                            " RegistryLoader -m dc-types.xml",
+                            true);
+    }
+
     /**
      * Load Bitstream Format metadata
      *
@@ -210,8 +266,9 @@ public class RegistryLoader {
      */
     private static Document loadXML(String filename) throws IOException,
         ParserConfigurationException, SAXException {
-        DocumentBuilder builder = DocumentBuilderFactory.newInstance()
-                                                        .newDocumentBuilder();
+        // This XML builder will *not* disable external entities as XML
+        // registries are considered trusted content
+        DocumentBuilder builder = XMLUtils.getTrustedDocumentBuilder();
 
         return builder.parse(new File(filename));
     }
@@ -221,7 +278,7 @@ public class RegistryLoader {
      * contains:
      * <P>
      * <code>
-     * &lt;foo&gt;&lt;mimetype&gt;application/pdf&lt;/mimetype&gt;&lt;/foo&gt;
+     * <foo><mimetype>application/pdf</mimetype></foo>
      * </code>
      * passing this the <code>foo</code> node and <code>mimetype</code> will
      * return <code>application/pdf</code>.
@@ -262,10 +319,10 @@ public class RegistryLoader {
      * document contains:
      * <P>
      * <code>
-     * &lt;foo&gt;
-     * &lt;bar&gt;val1&lt;/bar&gt;
-     * &lt;bar&gt;val2&lt;/bar&gt;
-     * &lt;/foo&gt;
+     * <foo>
+     * <bar>val1</bar>
+     * <bar>val2</bar>
+     * </foo>
      * </code>
      * passing this the <code>foo</code> node and <code>bar</code> will
      * return <code>val1</code> and <code>val2</code>.

dspace-api/src/main/java/org/dspace/administer/StructBuilder.java

@@ -27,7 +27,6 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.TransformerException;
 import javax.xml.xpath.XPath;
@@ -42,6 +41,8 @@ import org.apache.commons.cli.HelpFormatter;
 import org.apache.commons.cli.Option;
 import org.apache.commons.cli.Options;
 import org.apache.commons.cli.ParseException;
+import org.apache.commons.lang3.StringUtils;
+import org.dspace.app.util.XMLUtils;
 import org.dspace.authorize.AuthorizeException;
 import org.dspace.content.Collection;
 import org.dspace.content.Community;
@@ -55,6 +56,8 @@ import org.dspace.content.service.CommunityService;
 import org.dspace.core.Context;
 import org.dspace.eperson.factory.EPersonServiceFactory;
 import org.dspace.eperson.service.EPersonService;
+import org.dspace.handle.factory.HandleServiceFactory;
+import org.dspace.handle.service.HandleService;
 import org.jdom2.Element;
 import org.jdom2.output.Format;
 import org.jdom2.output.XMLOutputter;
@@ -79,6 +82,7 @@ import org.xml.sax.SAXException;
  *   </community>
  * </import_structure>
  * }</pre>
+ *
  * <p>
  * It can be arbitrarily deep, and supports all the metadata elements
  * that make up the community and collection metadata.  See the system
@@ -107,12 +111,14 @@ public class StructBuilder {
      */
     private static final Map<String, MetadataFieldName> communityMap = new HashMap<>();
 
-    protected static CommunityService communityService
+    protected static final CommunityService communityService
             = ContentServiceFactory.getInstance().getCommunityService();
-    protected static CollectionService collectionService
+    protected static final CollectionService collectionService
             = ContentServiceFactory.getInstance().getCollectionService();
-    protected static EPersonService ePersonService
+    protected static final EPersonService ePersonService
             = EPersonServiceFactory.getInstance().getEPersonService();
+    protected static final HandleService handleService
+            = HandleServiceFactory.getInstance().getHandleService();
 
     /**
      * Default constructor
@@ -138,6 +144,7 @@ public class StructBuilder {
      * @throws SQLException passed through.
      * @throws FileNotFoundException if input or output could not be opened.
      * @throws TransformerException if the input document is invalid.
+     * @throws XPathExpressionException passed through.
      */
     public static void main(String[] argv)
         throws ParserConfigurationException, SQLException,
@@ -148,6 +155,7 @@ public class StructBuilder {
         options.addOption("h", "help", false, "Print this help message.");
         options.addOption("?", "help");
         options.addOption("x", "export", false, "Export the current structure as XML.");
+        options.addOption("k", "keep-handles", false, "Apply Handles from input document.");
 
         options.addOption(Option.builder("e").longOpt("eperson")
                 .desc("User who is manipulating the repository's structure.")
@@ -209,6 +217,7 @@ public class StructBuilder {
         // Export? Import?
         if (line.hasOption('x')) { // export
             exportStructure(context, outputStream);
+            outputStream.close();
         } else { // Must be import
             String input = line.getOptionValue('f');
             if (null == input) {
@@ -223,7 +232,12 @@ public class StructBuilder {
                 inputStream = new FileInputStream(input);
             }
 
-            importStructure(context, inputStream, outputStream);
+            boolean keepHandles = options.hasOption("k");
+            importStructure(context, inputStream, outputStream, keepHandles);
+
+            inputStream.close();
+            outputStream.close();
+
             // save changes from import
             context.complete();
         }
@@ -236,14 +250,17 @@ public class StructBuilder {
      * @param context
      * @param input XML which describes the new communities and collections.
      * @param output input, annotated with the new objects' identifiers.
+     * @param keepHandles true if Handles should be set from input.
      * @throws IOException
      * @throws ParserConfigurationException
      * @throws SAXException
      * @throws TransformerException
      * @throws SQLException
      */
-    static void importStructure(Context context, InputStream input, OutputStream output)
-        throws IOException, ParserConfigurationException, SQLException, TransformerException, XPathExpressionException {
+    static void importStructure(Context context, InputStream input,
+            OutputStream output, boolean keepHandles)
+            throws IOException, ParserConfigurationException, SQLException,
+            TransformerException, XPathExpressionException {
 
         // load the XML
         Document document = null;
@@ -271,7 +288,19 @@ public class StructBuilder {
         NodeList identifierNodes = (NodeList) xPath.compile("//*[@identifier]")
                                                    .evaluate(document, XPathConstants.NODESET);
         if (identifierNodes.getLength() > 0) {
-            System.err.println("The input document has 'identifier' attributes, which will be ignored.");
+            if (!keepHandles) {
+                System.err.println("The input document has 'identifier' attributes, which will be ignored.");
+            } else {
+                for (int i = 0; i < identifierNodes.getLength() ; i++) {
+                    String identifier = identifierNodes.item(i).getAttributes().item(0).getTextContent();
+                    if (handleService.resolveToURL(context, identifier) != null) {
+                        System.err.printf("The input document contains handle %s,"
+                                + " which is in use already. Aborting...%n",
+                                identifier);
+                        System.exit(1);
+                    }
+                }
+            }
         }
 
         // load the mappings into the member variable hashmaps
@@ -296,7 +325,7 @@ public class StructBuilder {
                                              .evaluate(document, XPathConstants.NODESET);
 
             // run the import starting with the top level communities
-            elements = handleCommunities(context, first, null);
+            elements = handleCommunities(context, first, null, keepHandles);
         } catch (TransformerException ex) {
             System.err.format("Input content not understood:  %s%n", ex.getMessage());
             System.exit(1);
@@ -584,8 +613,8 @@ public class StructBuilder {
      */
     private static org.w3c.dom.Document loadXML(InputStream input)
         throws IOException, ParserConfigurationException, SAXException {
-        DocumentBuilder builder = DocumentBuilderFactory.newInstance()
-                                                        .newDocumentBuilder();
+        // This builder factory does not disable external DTD, entities, etc.
+        DocumentBuilder builder = XMLUtils.getTrustedDocumentBuilder();
 
         org.w3c.dom.Document document = builder.parse(input);
 
@@ -619,23 +648,29 @@ public class StructBuilder {
      * @param context     the context of the request
      * @param communities a nodelist of communities to create along with their sub-structures
      * @param parent      the parent community of the nodelist of communities to create
+     * @param keepHandles use Handles from input.
      * @return an element array containing additional information regarding the
      * created communities (e.g. the handles they have been assigned)
      */
-    private static Element[] handleCommunities(Context context, NodeList communities, Community parent)
-        throws TransformerException, SQLException, AuthorizeException, XPathExpressionException {
+    private static Element[] handleCommunities(Context context, NodeList communities,
+            Community parent, boolean keepHandles)
+        throws TransformerException, SQLException, AuthorizeException,
+            XPathExpressionException {
         Element[] elements = new Element[communities.getLength()];
         XPath xPath = XPathFactory.newInstance().newXPath();
 
         for (int i = 0; i < communities.getLength(); i++) {
-            Community community;
-            Element element = new Element("community");
+            Node tn = communities.item(i);
+            Node identifier = tn.getAttributes().getNamedItem("identifier");
 
             // create the community or sub community
-            if (parent != null) {
+            Community community;
+            if (null == identifier
+                    || StringUtils.isBlank(identifier.getNodeValue())
+                    || !keepHandles) {
                 community = communityService.create(parent, context);
             } else {
-                community = communityService.create(null, context);
+                community = communityService.create(parent, context, identifier.getNodeValue());
             }
 
             // default the short description to be an empty string
@@ -643,7 +678,6 @@ public class StructBuilder {
                     MD_SHORT_DESCRIPTION, null, " ");
 
             // now update the metadata
-            Node tn = communities.item(i);
             for (Map.Entry<String, MetadataFieldName> entry : communityMap.entrySet()) {
                 NodeList nl = (NodeList) xPath.compile(entry.getKey()).evaluate(tn, XPathConstants.NODESET);
                 if (nl.getLength() == 1) {
@@ -669,6 +703,7 @@ public class StructBuilder {
             // but it's here to keep it separate from the create process in
             // case
             // we want to move it or make it switchable later
+            Element element = new Element("community");
             element.setAttribute("identifier", community.getHandle());
 
             Element nameElement = new Element("name");
@@ -711,12 +746,16 @@ public class StructBuilder {
             }
 
             // handle sub communities
-            NodeList subCommunities = (NodeList) xPath.compile("community").evaluate(tn, XPathConstants.NODESET);
-            Element[] subCommunityElements = handleCommunities(context, subCommunities, community);
+            NodeList subCommunities = (NodeList) xPath.compile("community")
+                    .evaluate(tn, XPathConstants.NODESET);
+            Element[] subCommunityElements = handleCommunities(context,
+                    subCommunities, community, keepHandles);
 
             // handle collections
-            NodeList collections = (NodeList) xPath.compile("collection").evaluate(tn, XPathConstants.NODESET);
-            Element[] collectionElements = handleCollections(context, collections, community);
+            NodeList collections = (NodeList) xPath.compile("collection")
+                    .evaluate(tn, XPathConstants.NODESET);
+            Element[] collectionElements = handleCollections(context,
+                    collections, community, keepHandles);
 
             int j;
             for (j = 0; j < subCommunityElements.length; j++) {
@@ -741,21 +780,31 @@ public class StructBuilder {
      * @return an Element array containing additional information about the
      * created collections (e.g. the handle)
      */
-    private static Element[] handleCollections(Context context, NodeList collections, Community parent)
+    private static Element[] handleCollections(Context context,
+            NodeList collections, Community parent, boolean keepHandles)
         throws SQLException, AuthorizeException, XPathExpressionException {
         Element[] elements = new Element[collections.getLength()];
         XPath xPath = XPathFactory.newInstance().newXPath();
 
         for (int i = 0; i < collections.getLength(); i++) {
-            Element element = new Element("collection");
-            Collection collection = collectionService.create(context, parent);
+            Node tn = collections.item(i);
+            Node identifier = tn.getAttributes().getNamedItem("identifier");
+
+            // Create the Collection.
+            Collection collection;
+            if (null == identifier
+                    || StringUtils.isBlank(identifier.getNodeValue())
+                    || !keepHandles) {
+                collection = collectionService.create(context, parent);
+            } else {
+                collection = collectionService.create(context, parent, identifier.getNodeValue());
+            }
 
             // default the short description to the empty string
             collectionService.setMetadataSingleValue(context, collection,
-                    MD_SHORT_DESCRIPTION, Item.ANY, " ");
+                    MD_SHORT_DESCRIPTION, null, " ");
 
             // import the rest of the metadata
-            Node tn = collections.item(i);
             for (Map.Entry<String, MetadataFieldName> entry : collectionMap.entrySet()) {
                 NodeList nl = (NodeList) xPath.compile(entry.getKey()).evaluate(tn, XPathConstants.NODESET);
                 if (nl.getLength() == 1) {
@@ -766,6 +815,7 @@ public class StructBuilder {
 
             collectionService.update(context, collection);
 
+            Element element = new Element("collection");
             element.setAttribute("identifier", collection.getHandle());
 
             Element nameElement = new Element("name");

dspace-api/src/main/java/org/dspace/alerts/AllowSessionsEnum.java

@@ -0,0 +1,54 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.alerts;
+
+/**
+ * Enum representing the options for allowing sessions:
+ *  ALLOW_ALL_SESSIONS -    Will allow all users to log in and continue their sessions
+ *  ALLOW_CURRENT_SESSIONS_ONLY -   Will prevent non admin users from logging in, however logged-in users
+ *                                  will remain logged in
+ *  ALLOW_ADMIN_SESSIONS_ONLY - Only admin users can log in, non admin sessions will be interrupted
+ *
+ *  NOTE: This functionality can be stored in the database, but no support is present right now to interrupt and prevent
+ *  sessions.
+ */
+public enum AllowSessionsEnum {
+    ALLOW_ALL_SESSIONS("all"),
+    ALLOW_CURRENT_SESSIONS_ONLY("current"),
+    ALLOW_ADMIN_SESSIONS_ONLY("admin");
+
+    private String allowSessionsType;
+
+    AllowSessionsEnum(String allowSessionsType) {
+        this.allowSessionsType = allowSessionsType;
+    }
+
+    public String getValue() {
+        return allowSessionsType;
+    }
+
+    public static AllowSessionsEnum fromString(String alertAllowSessionType) {
+        if (alertAllowSessionType == null) {
+            return AllowSessionsEnum.ALLOW_ALL_SESSIONS;
+        }
+
+        switch (alertAllowSessionType) {
+            case "all":
+                return AllowSessionsEnum.ALLOW_ALL_SESSIONS;
+            case "current":
+                return AllowSessionsEnum.ALLOW_CURRENT_SESSIONS_ONLY;
+            case "admin" :
+                return AllowSessionsEnum.ALLOW_ADMIN_SESSIONS_ONLY;
+            default:
+                throw new IllegalArgumentException("No corresponding enum value for provided string: "
+                                                           + alertAllowSessionType);
+        }
+    }
+
+
+}

dspace-api/src/main/java/org/dspace/alerts/SystemWideAlert.java

@@ -0,0 +1,179 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.alerts;
+
+import java.util.Date;
+import javax.persistence.Cacheable;
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.SequenceGenerator;
+import javax.persistence.Table;
+import javax.persistence.Temporal;
+import javax.persistence.TemporalType;
+
+import org.apache.commons.lang3.builder.EqualsBuilder;
+import org.apache.commons.lang3.builder.HashCodeBuilder;
+import org.dspace.core.ReloadableEntity;
+import org.hibernate.annotations.CacheConcurrencyStrategy;
+
+/**
+ * Database object representing system-wide alerts
+ */
+@Entity
+@Cacheable
+@org.hibernate.annotations.Cache(usage = CacheConcurrencyStrategy.NONSTRICT_READ_WRITE, include = "non-lazy")
+@Table(name = "systemwidealert")
+public class SystemWideAlert implements ReloadableEntity<Integer> {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.SEQUENCE, generator = "alert_id_seq")
+    @SequenceGenerator(name = "alert_id_seq", sequenceName = "alert_id_seq", allocationSize = 1)
+    @Column(name = "alert_id", unique = true, nullable = false)
+    private Integer alertId;
+
+    @Column(name = "message", nullable = false)
+    private String message;
+
+    @Column(name = "allow_sessions")
+    private String allowSessions;
+
+    @Column(name = "countdown_to")
+    @Temporal(TemporalType.TIMESTAMP)
+    private Date countdownTo;
+
+    @Column(name = "active")
+    private boolean active;
+
+    protected SystemWideAlert() {
+    }
+
+    /**
+     * This method returns the ID that the system-wide alert holds within the database
+     *
+     * @return The ID that the system-wide alert holds within the database
+     */
+    @Override
+    public Integer getID() {
+        return alertId;
+    }
+
+    /**
+     * Set the ID for the system-wide alert
+     *
+     * @param alertID The ID to set
+     */
+    public void setID(final Integer alertID) {
+        this.alertId = alertID;
+    }
+
+    /**
+     * Retrieve the message of the system-wide alert
+     *
+     * @return the message of the system-wide alert
+     */
+    public String getMessage() {
+        return message;
+    }
+
+    /**
+     * Set the message of the system-wide alert
+     *
+     * @param message The message to set
+     */
+    public void setMessage(final String message) {
+        this.message = message;
+    }
+
+    /**
+     * Retrieve what kind of sessions are allowed while the system-wide alert is active
+     *
+     * @return what kind of sessions are allowed while the system-wide alert is active
+     */
+    public AllowSessionsEnum getAllowSessions() {
+        return AllowSessionsEnum.fromString(allowSessions);
+    }
+
+    /**
+     * Set what kind of sessions are allowed while the system-wide alert is active
+     *
+     * @param allowSessions Integer representing what kind of sessions are allowed
+     */
+    public void setAllowSessions(AllowSessionsEnum allowSessions) {
+        this.allowSessions = allowSessions.getValue();
+    }
+
+    /**
+     * Retrieve the date to which will be count down when the system-wide alert is active
+     *
+     * @return the date to which will be count down when the system-wide alert is active
+     */
+    public Date getCountdownTo() {
+        return countdownTo;
+    }
+
+    /**
+     * Set the date to which will be count down when the system-wide alert is active
+     *
+     * @param countdownTo The date to which will be count down
+     */
+    public void setCountdownTo(final Date countdownTo) {
+        this.countdownTo = countdownTo;
+    }
+
+    /**
+     * Retrieve whether the system-wide alert is active
+     *
+     * @return whether the system-wide alert is active
+     */
+    public boolean isActive() {
+        return active;
+    }
+
+    /**
+     * Set whether the system-wide alert is active
+     *
+     * @param active    Whether the system-wide alert is active
+     */
+    public void setActive(final boolean active) {
+        this.active = active;
+    }
+
+    /**
+     * Return <code>true</code> if <code>other</code> is the same SystemWideAlert
+     * as this object, <code>false</code> otherwise
+     *
+     * @param other object to compare to
+     * @return <code>true</code> if object passed in represents the same
+     * system-wide alert as this object
+     */
+    @Override
+    public boolean equals(Object other) {
+        return (other instanceof SystemWideAlert &&
+                new EqualsBuilder().append(this.getID(), ((SystemWideAlert) other).getID())
+                                   .append(this.getMessage(), ((SystemWideAlert) other).getMessage())
+                                   .append(this.getAllowSessions(), ((SystemWideAlert) other).getAllowSessions())
+                                   .append(this.getCountdownTo(), ((SystemWideAlert) other).getCountdownTo())
+                                   .append(this.isActive(), ((SystemWideAlert) other).isActive())
+                                   .isEquals());
+    }
+
+    @Override
+    public int hashCode() {
+        return new HashCodeBuilder(17, 37)
+                .append(this.getID())
+                .append(this.getMessage())
+                .append(this.getAllowSessions())
+                .append(this.getCountdownTo())
+                .append(this.isActive())
+                .toHashCode();
+    }
+
+}

dspace-api/src/main/java/org/dspace/alerts/SystemWideAlertServiceImpl.java

@@ -0,0 +1,129 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.alerts;
+
+import java.io.IOException;
+import java.sql.SQLException;
+import java.util.Date;
+import java.util.List;
+
+import org.apache.logging.log4j.Logger;
+import org.dspace.alerts.dao.SystemWideAlertDAO;
+import org.dspace.alerts.service.SystemWideAlertService;
+import org.dspace.authorize.AuthorizeException;
+import org.dspace.authorize.service.AuthorizeService;
+import org.dspace.core.Context;
+import org.dspace.core.LogHelper;
+import org.dspace.eperson.EPerson;
+import org.springframework.beans.factory.annotation.Autowired;
+
+/**
+ * The implementation for the {@link SystemWideAlertService} class
+ */
+public class SystemWideAlertServiceImpl implements SystemWideAlertService {
+
+    private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(SystemWideAlertService.class);
+
+
+    @Autowired
+    private SystemWideAlertDAO systemWideAlertDAO;
+
+    @Autowired
+    private AuthorizeService authorizeService;
+
+    @Override
+    public SystemWideAlert create(final Context context, final String message,
+                                  final AllowSessionsEnum allowSessionsType,
+                                  final Date countdownTo, final boolean active) throws SQLException,
+            AuthorizeException {
+        if (!authorizeService.isAdmin(context)) {
+            throw new AuthorizeException(
+                    "Only administrators can create a system-wide alert");
+        }
+        SystemWideAlert systemWideAlert = new SystemWideAlert();
+        systemWideAlert.setMessage(message);
+        systemWideAlert.setAllowSessions(allowSessionsType);
+        systemWideAlert.setCountdownTo(countdownTo);
+        systemWideAlert.setActive(active);
+
+        SystemWideAlert createdAlert = systemWideAlertDAO.create(context, systemWideAlert);
+        log.info(LogHelper.getHeader(context, "system_wide_alert_create",
+                                     "System Wide Alert has been created with message: '" + message + "' and ID "
+                                             + createdAlert.getID() + " and allowSessionsType " + allowSessionsType +
+                                             " and active set to " + active));
+
+
+        return createdAlert;
+    }
+
+    @Override
+    public SystemWideAlert find(final Context context, final int alertId) throws SQLException {
+        return systemWideAlertDAO.findByID(context, SystemWideAlert.class, alertId);
+    }
+
+    @Override
+    public List<SystemWideAlert> findAll(final Context context) throws SQLException {
+        return systemWideAlertDAO.findAll(context, SystemWideAlert.class);
+    }
+
+    @Override
+    public List<SystemWideAlert> findAll(final Context context, final int limit, final int offset) throws SQLException {
+        return systemWideAlertDAO.findAll(context, limit, offset);
+    }
+
+    @Override
+    public List<SystemWideAlert> findAllActive(final Context context, final int limit, final int offset)
+            throws SQLException {
+        return systemWideAlertDAO.findAllActive(context, limit, offset);
+    }
+
+    @Override
+    public void delete(final Context context, final SystemWideAlert systemWideAlert)
+            throws SQLException, IOException, AuthorizeException {
+        if (!authorizeService.isAdmin(context)) {
+            throw new AuthorizeException(
+                    "Only administrators can create a system-wide alert");
+        }
+        systemWideAlertDAO.delete(context, systemWideAlert);
+        log.info(LogHelper.getHeader(context, "system_wide_alert_create",
+                                     "System Wide Alert with ID " + systemWideAlert.getID() + " has been deleted"));
+
+    }
+
+    @Override
+    public void update(final Context context, final SystemWideAlert systemWideAlert)
+            throws SQLException, AuthorizeException {
+        if (!authorizeService.isAdmin(context)) {
+            throw new AuthorizeException(
+                    "Only administrators can create a system-wide alert");
+        }
+        systemWideAlertDAO.save(context, systemWideAlert);
+
+    }
+
+    @Override
+    public boolean canNonAdminUserLogin(Context context) throws SQLException {
+        List<SystemWideAlert> active = findAllActive(context, 1, 0);
+        if (active == null || active.isEmpty()) {
+            return true;
+        }
+        return active.get(0).getAllowSessions() == AllowSessionsEnum.ALLOW_ALL_SESSIONS;
+    }
+
+    @Override
+    public boolean canUserMaintainSession(Context context, EPerson ePerson) throws SQLException {
+        if (authorizeService.isAdmin(context, ePerson)) {
+            return true;
+        }
+        List<SystemWideAlert> active = findAllActive(context, 1, 0);
+        if (active == null || active.isEmpty()) {
+            return true;
+        }
+        return active.get(0).getAllowSessions() != AllowSessionsEnum.ALLOW_ADMIN_SESSIONS_ONLY;
+    }
+}

dspace-api/src/main/java/org/dspace/alerts/dao/SystemWideAlertDAO.java

@@ -0,0 +1,45 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.alerts.dao;
+
+import java.sql.SQLException;
+import java.util.List;
+
+import org.dspace.alerts.SystemWideAlert;
+import org.dspace.core.Context;
+import org.dspace.core.GenericDAO;
+
+/**
+ * This is the Data Access Object for the {@link SystemWideAlert} object
+ */
+public interface SystemWideAlertDAO extends GenericDAO<SystemWideAlert> {
+
+    /**
+     * Returns a list of all SystemWideAlert objects in the database
+     *
+     * @param context The relevant DSpace context
+     * @param limit   The limit for the amount of SystemWideAlerts returned
+     * @param offset  The offset for the Processes to be returned
+     * @return The list of all SystemWideAlert objects in the Database
+     * @throws SQLException If something goes wrong
+     */
+    List<SystemWideAlert> findAll(Context context, int limit, int offset) throws SQLException;
+
+    /**
+     * Returns a list of all active SystemWideAlert objects in the database
+     *
+     * @param context The relevant DSpace context
+     * @param limit   The limit for the amount of SystemWideAlerts returned
+     * @param offset  The offset for the Processes to be returned
+     * @return The list of all SystemWideAlert objects in the Database
+     * @throws SQLException If something goes wrong
+     */
+    List<SystemWideAlert> findAllActive(Context context, int limit, int offset) throws SQLException;
+
+
+}

dspace-api/src/main/java/org/dspace/alerts/dao/impl/SystemWideAlertDAOImpl.java

@@ -0,0 +1,48 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.alerts.dao.impl;
+
+import java.sql.SQLException;
+import java.util.List;
+import javax.persistence.criteria.CriteriaBuilder;
+import javax.persistence.criteria.CriteriaQuery;
+import javax.persistence.criteria.Root;
+
+import org.dspace.alerts.SystemWideAlert;
+import org.dspace.alerts.SystemWideAlert_;
+import org.dspace.alerts.dao.SystemWideAlertDAO;
+import org.dspace.core.AbstractHibernateDAO;
+import org.dspace.core.Context;
+
+/**
+ * Implementation class for the {@link SystemWideAlertDAO}
+ */
+public class SystemWideAlertDAOImpl extends AbstractHibernateDAO<SystemWideAlert> implements SystemWideAlertDAO {
+
+    public List<SystemWideAlert> findAll(final Context context, final int limit, final int offset) throws SQLException {
+        CriteriaBuilder criteriaBuilder = getCriteriaBuilder(context);
+        CriteriaQuery criteriaQuery = getCriteriaQuery(criteriaBuilder, SystemWideAlert.class);
+        Root<SystemWideAlert> alertRoot = criteriaQuery.from(SystemWideAlert.class);
+        criteriaQuery.select(alertRoot);
+
+        return list(context, criteriaQuery, false, SystemWideAlert.class, limit, offset);
+    }
+
+    public List<SystemWideAlert> findAllActive(final Context context, final int limit, final int offset)
+            throws SQLException {
+        CriteriaBuilder criteriaBuilder = getCriteriaBuilder(context);
+        CriteriaQuery criteriaQuery = getCriteriaQuery(criteriaBuilder, SystemWideAlert.class);
+        Root<SystemWideAlert> alertRoot = criteriaQuery.from(SystemWideAlert.class);
+        criteriaQuery.select(alertRoot);
+        criteriaQuery.where(criteriaBuilder.equal(alertRoot.get(SystemWideAlert_.active), true));
+
+        return list(context, criteriaQuery, false, SystemWideAlert.class, limit, offset);
+    }
+
+
+}

dspace-api/src/main/java/org/dspace/alerts/service/SystemWideAlertService.java

@@ -0,0 +1,118 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.alerts.service;
+
+import java.io.IOException;
+import java.sql.SQLException;
+import java.util.Date;
+import java.util.List;
+
+import org.dspace.alerts.AllowSessionsEnum;
+import org.dspace.alerts.SystemWideAlert;
+import org.dspace.authorize.AuthorizeException;
+import org.dspace.core.Context;
+import org.dspace.eperson.EPerson;
+
+/**
+ * An interface for the SystemWideAlertService with methods regarding the SystemWideAlert workload
+ */
+public interface SystemWideAlertService {
+
+    /**
+     * This method will create a SystemWideAlert object in the database
+     *
+     * @param context           The relevant DSpace context
+     * @param message           The message of the system-wide alert
+     * @param allowSessionsType Which sessions need to be allowed for the system-wide alert
+     * @param countdownTo       The date to which to count down to when the system-wide alert is active
+     * @param active            Whether the system-wide alert os active
+     * @return The created SystemWideAlert object
+     * @throws SQLException If something goes wrong
+     */
+    SystemWideAlert create(Context context, String message, AllowSessionsEnum allowSessionsType,
+                           Date countdownTo, boolean active
+    ) throws SQLException, AuthorizeException;
+
+    /**
+     * This method will retrieve a SystemWideAlert object from the Database with the given ID
+     *
+     * @param context The relevant DSpace context
+     * @param alertId The alert id on which we'll search for in the database
+     * @return The system-wide alert that holds the given alert id
+     * @throws SQLException If something goes wrong
+     */
+    SystemWideAlert find(Context context, int alertId) throws SQLException;
+
+    /**
+     * Returns a list of all SystemWideAlert objects in the database
+     *
+     * @param context The relevant DSpace context
+     * @return The list of all SystemWideAlert objects in the Database
+     * @throws SQLException If something goes wrong
+     */
+    List<SystemWideAlert> findAll(Context context) throws SQLException;
+
+    /**
+     * Returns a list of all SystemWideAlert objects in the database
+     *
+     * @param context The relevant DSpace context
+     * @param limit   The limit for the amount of system-wide alerts returned
+     * @param offset  The offset for the system-wide alerts to be returned
+     * @return The list of all SystemWideAlert objects in the Database
+     * @throws SQLException If something goes wrong
+     */
+    List<SystemWideAlert> findAll(Context context, int limit, int offset) throws SQLException;
+
+
+    /**
+     * Returns a list of all active SystemWideAlert objects in the database
+     *
+     * @param context The relevant DSpace context
+     * @return The list of all active SystemWideAlert objects in the database
+     * @throws SQLException If something goes wrong
+     */
+    List<SystemWideAlert> findAllActive(Context context, int limit, int offset) throws SQLException;
+
+    /**
+     * This method will delete the given SystemWideAlert object from the database
+     *
+     * @param context         The relevant DSpace context
+     * @param systemWideAlert The SystemWideAlert object to be deleted
+     * @throws SQLException If something goes wrong
+     */
+    void delete(Context context, SystemWideAlert systemWideAlert)
+            throws SQLException, IOException, AuthorizeException;
+
+
+    /**
+     * This method will be used to update the given SystemWideAlert object in the database
+     *
+     * @param context         The relevant DSpace context
+     * @param systemWideAlert The SystemWideAlert object to be updated
+     * @throws SQLException If something goes wrong
+     */
+    void update(Context context, SystemWideAlert systemWideAlert) throws SQLException, AuthorizeException;
+
+
+    /**
+     * Verifies if the user connected to the current context can retain its session
+     *
+     * @param context The relevant DSpace context
+     * @return if the user connected to the current context can retain its session
+     */
+    boolean canUserMaintainSession(Context context, EPerson ePerson) throws SQLException;
+
+
+    /**
+     * Verifies if a non admin user can log in
+     *
+     * @param context The relevant DSpace context
+     * @return if a non admin user can log in
+     */
+    boolean canNonAdminUserLogin(Context context) throws SQLException;
+}

dspace-api/src/main/java/org/dspace/app/bulkaccesscontrol/BulkAccessControl.java

@@ -0,0 +1,690 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.bulkaccesscontrol;
+
+import static org.apache.commons.collections4.CollectionUtils.isEmpty;
+import static org.apache.commons.collections4.CollectionUtils.isNotEmpty;
+import static org.dspace.authorize.ResourcePolicy.TYPE_CUSTOM;
+import static org.dspace.authorize.ResourcePolicy.TYPE_INHERITED;
+import static org.dspace.core.Constants.CONTENT_BUNDLE_NAME;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.sql.SQLException;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.time.ZoneOffset;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.TimeZone;
+import java.util.UUID;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.commons.cli.ParseException;
+import org.apache.commons.lang3.StringUtils;
+import org.dspace.app.bulkaccesscontrol.exception.BulkAccessControlException;
+import org.dspace.app.bulkaccesscontrol.model.AccessCondition;
+import org.dspace.app.bulkaccesscontrol.model.AccessConditionBitstream;
+import org.dspace.app.bulkaccesscontrol.model.AccessConditionItem;
+import org.dspace.app.bulkaccesscontrol.model.BulkAccessConditionConfiguration;
+import org.dspace.app.bulkaccesscontrol.model.BulkAccessControlInput;
+import org.dspace.app.bulkaccesscontrol.service.BulkAccessConditionConfigurationService;
+import org.dspace.app.mediafilter.factory.MediaFilterServiceFactory;
+import org.dspace.app.mediafilter.service.MediaFilterService;
+import org.dspace.app.util.DSpaceObjectUtilsImpl;
+import org.dspace.app.util.service.DSpaceObjectUtils;
+import org.dspace.authorize.AuthorizeException;
+import org.dspace.authorize.factory.AuthorizeServiceFactory;
+import org.dspace.authorize.service.ResourcePolicyService;
+import org.dspace.content.Bitstream;
+import org.dspace.content.Collection;
+import org.dspace.content.DSpaceObject;
+import org.dspace.content.Item;
+import org.dspace.content.factory.ContentServiceFactory;
+import org.dspace.content.service.ItemService;
+import org.dspace.core.Constants;
+import org.dspace.core.Context;
+import org.dspace.discovery.DiscoverQuery;
+import org.dspace.discovery.SearchService;
+import org.dspace.discovery.SearchServiceException;
+import org.dspace.discovery.SearchUtils;
+import org.dspace.discovery.indexobject.IndexableItem;
+import org.dspace.eperson.EPerson;
+import org.dspace.eperson.factory.EPersonServiceFactory;
+import org.dspace.eperson.service.EPersonService;
+import org.dspace.scripts.DSpaceRunnable;
+import org.dspace.services.ConfigurationService;
+import org.dspace.services.factory.DSpaceServicesFactory;
+import org.dspace.submit.model.AccessConditionOption;
+import org.dspace.utils.DSpace;
+
+/**
+ * Implementation of {@link DSpaceRunnable} to perform a bulk access control via json file.
+ *
+ * @author Mohamed Eskander (mohamed.eskander at 4science.it)
+ *
+ */
+public class BulkAccessControl extends DSpaceRunnable<BulkAccessControlScriptConfiguration<BulkAccessControl>> {
+
+    private DSpaceObjectUtils dSpaceObjectUtils;
+
+    private SearchService searchService;
+
+    private ItemService itemService;
+
+    private String filename;
+
+    private List<String> uuids;
+
+    private Context context;
+
+    private BulkAccessConditionConfigurationService bulkAccessConditionConfigurationService;
+
+    private ResourcePolicyService resourcePolicyService;
+
+    protected EPersonService epersonService;
+
+    private ConfigurationService configurationService;
+
+    private MediaFilterService mediaFilterService;
+
+    private Map<String, AccessConditionOption> itemAccessConditions;
+
+    private Map<String, AccessConditionOption> uploadAccessConditions;
+
+    private final String ADD_MODE = "add";
+
+    private final String REPLACE_MODE = "replace";
+
+    private boolean help = false;
+
+    protected String eperson = null;
+
+    @Override
+    @SuppressWarnings("unchecked")
+    public void setup() throws ParseException {
+
+        this.searchService = SearchUtils.getSearchService();
+        this.itemService = ContentServiceFactory.getInstance().getItemService();
+        this.resourcePolicyService = AuthorizeServiceFactory.getInstance().getResourcePolicyService();
+        this.epersonService = EPersonServiceFactory.getInstance().getEPersonService();
+        this.configurationService = DSpaceServicesFactory.getInstance().getConfigurationService();
+        mediaFilterService = MediaFilterServiceFactory.getInstance().getMediaFilterService();
+        mediaFilterService.setLogHandler(handler);
+        this.bulkAccessConditionConfigurationService = new DSpace().getServiceManager().getServiceByName(
+            "bulkAccessConditionConfigurationService", BulkAccessConditionConfigurationService.class);
+        this.dSpaceObjectUtils = new DSpace().getServiceManager().getServiceByName(
+            DSpaceObjectUtilsImpl.class.getName(), DSpaceObjectUtilsImpl.class);
+
+        BulkAccessConditionConfiguration bulkAccessConditionConfiguration =
+            bulkAccessConditionConfigurationService.getBulkAccessConditionConfiguration("default");
+
+        itemAccessConditions = bulkAccessConditionConfiguration
+            .getItemAccessConditionOptions()
+            .stream()
+            .collect(Collectors.toMap(AccessConditionOption::getName, Function.identity()));
+
+        uploadAccessConditions = bulkAccessConditionConfiguration
+            .getBitstreamAccessConditionOptions()
+            .stream()
+            .collect(Collectors.toMap(AccessConditionOption::getName, Function.identity()));
+
+        help = commandLine.hasOption('h');
+        filename = commandLine.getOptionValue('f');
+        uuids = commandLine.hasOption('u') ? Arrays.asList(commandLine.getOptionValues('u')) : null;
+    }
+
+    @Override
+    public void internalRun() throws Exception {
+
+        if (help) {
+            printHelp();
+            return;
+        }
+
+        ObjectMapper mapper = new ObjectMapper();
+        mapper.setTimeZone(TimeZone.getTimeZone(ZoneOffset.UTC));
+        BulkAccessControlInput accessControl;
+        context = new Context(Context.Mode.BATCH_EDIT);
+        setEPerson(context);
+
+        if (!isAuthorized(context)) {
+            handler.logError("Current user is not eligible to execute script bulk-access-control");
+            throw new AuthorizeException("Current user is not eligible to execute script bulk-access-control");
+        }
+
+        if (uuids == null || uuids.size() == 0) {
+            handler.logError("A target uuid must be provided with at least on uuid (run with -h flag for details)");
+            throw new IllegalArgumentException("At least one target uuid must be provided");
+        }
+
+        InputStream inputStream = handler.getFileStream(context, filename)
+            .orElseThrow(() -> new IllegalArgumentException("Error reading file, the file couldn't be "
+                + "found for filename: " + filename));
+
+        try {
+            accessControl = mapper.readValue(inputStream, BulkAccessControlInput.class);
+        } catch (IOException e) {
+            handler.logError("Error parsing json file " + e.getMessage());
+            throw new IllegalArgumentException("Error parsing json file", e);
+        }
+        try {
+            validate(accessControl);
+            updateItemsAndBitstreamsPolices(accessControl);
+            context.complete();
+        } catch (Exception e) {
+            handler.handleException(e);
+            context.abort();
+        }
+    }
+
+    /**
+     * check the validation of mapped json data, it must
+     * provide item or bitstream information or both of them
+     * and check the validation of item node if provided,
+     * and check the validation of bitstream node if provided.
+     *
+     * @param accessControl mapped json data
+     * @throws SQLException if something goes wrong in the database
+     * @throws BulkAccessControlException if accessControl is invalid
+     */
+    private void validate(BulkAccessControlInput accessControl) throws SQLException {
+
+        AccessConditionItem item = accessControl.getItem();
+        AccessConditionBitstream bitstream = accessControl.getBitstream();
+
+        if (Objects.isNull(item) && Objects.isNull(bitstream)) {
+            handler.logError("item or bitstream node must be provided");
+            throw new BulkAccessControlException("item or bitstream node must be provided");
+        }
+
+        if (Objects.nonNull(item)) {
+            validateItemNode(item);
+        }
+
+        if (Objects.nonNull(bitstream)) {
+            validateBitstreamNode(bitstream);
+        }
+    }
+
+    /**
+     * check the validation of item node, the item mode
+     * must be provided with value 'add' or 'replace'
+     * if mode equals to add so the information
+     * of accessCondition must be provided,
+     * also checking that accessConditions information are valid.
+     *
+     * @param item the item node
+     * @throws BulkAccessControlException if item node is invalid
+     */
+    private void validateItemNode(AccessConditionItem item) {
+        String mode = item.getMode();
+        List<AccessCondition> accessConditions = item.getAccessConditions();
+
+        if (StringUtils.isEmpty(mode)) {
+            handler.logError("item mode node must be provided");
+            throw new BulkAccessControlException("item mode node must be provided");
+        } else if (!(StringUtils.equalsAny(mode, ADD_MODE, REPLACE_MODE))) {
+            handler.logError("wrong value for item mode<" + mode + ">");
+            throw new BulkAccessControlException("wrong value for item mode<" + mode + ">");
+        } else if (ADD_MODE.equals(mode) && isEmpty(accessConditions)) {
+            handler.logError("accessConditions of item must be provided with mode<" + ADD_MODE + ">");
+            throw new BulkAccessControlException(
+                "accessConditions of item must be provided with mode<" + ADD_MODE + ">");
+        }
+
+        for (AccessCondition accessCondition : accessConditions) {
+            validateAccessCondition(accessCondition);
+        }
+    }
+
+    /**
+     * check the validation of bitstream node, the bitstream mode
+     * must be provided with value 'add' or 'replace'
+     * if mode equals to add so the information of accessConditions
+     * must be provided,
+     * also checking that constraint information is valid,
+     * also checking that accessConditions information are valid.
+     *
+     * @param bitstream the bitstream node
+     * @throws SQLException if something goes wrong in the database
+     * @throws BulkAccessControlException if bitstream node is invalid
+     */
+    private void validateBitstreamNode(AccessConditionBitstream bitstream) throws SQLException {
+        String mode = bitstream.getMode();
+        List<AccessCondition> accessConditions = bitstream.getAccessConditions();
+
+        if (StringUtils.isEmpty(mode)) {
+            handler.logError("bitstream mode node must be provided");
+            throw new BulkAccessControlException("bitstream mode node must be provided");
+        } else if (!(StringUtils.equalsAny(mode, ADD_MODE, REPLACE_MODE))) {
+            handler.logError("wrong value for bitstream mode<" + mode + ">");
+            throw new BulkAccessControlException("wrong value for bitstream mode<" + mode + ">");
+        } else if (ADD_MODE.equals(mode) && isEmpty(accessConditions)) {
+            handler.logError("accessConditions of bitstream must be provided with mode<" + ADD_MODE + ">");
+            throw new BulkAccessControlException(
+                "accessConditions of bitstream must be provided with mode<" + ADD_MODE + ">");
+        }
+
+        validateConstraint(bitstream);
+
+        for (AccessCondition accessCondition : bitstream.getAccessConditions()) {
+            validateAccessCondition(accessCondition);
+        }
+    }
+
+    /**
+     * check the validation of constraint node if provided,
+     * constraint isn't supported when multiple uuids are provided
+     * or when uuid isn't an Item
+     *
+     * @param bitstream the bitstream node
+     * @throws SQLException if something goes wrong in the database
+     * @throws BulkAccessControlException if constraint node is invalid
+     */
+    private void validateConstraint(AccessConditionBitstream bitstream) throws SQLException {
+        if (uuids.size() > 1  && containsConstraints(bitstream)) {
+            handler.logError("constraint isn't supported when multiple uuids are provided");
+            throw new BulkAccessControlException("constraint isn't supported when multiple uuids are provided");
+        } else if (uuids.size() == 1 && containsConstraints(bitstream)) {
+            DSpaceObject dso =
+                dSpaceObjectUtils.findDSpaceObject(context, UUID.fromString(uuids.get(0)));
+
+            if (Objects.nonNull(dso) && dso.getType() != Constants.ITEM) {
+                handler.logError("constraint is not supported when uuid isn't an Item");
+                throw new BulkAccessControlException("constraint is not supported when uuid isn't an Item");
+            }
+        }
+    }
+
+    /**
+     * check the validation of access condition,
+     * the access condition name must equal to one of configured access conditions,
+     * then call {@link AccessConditionOption#validateResourcePolicy(
+     * Context, String, Date, Date)} if exception happens so, it's invalid.
+     *
+     * @param accessCondition the accessCondition
+     * @throws BulkAccessControlException if the accessCondition is invalid
+     */
+    private void validateAccessCondition(AccessCondition accessCondition) {
+
+        if (!itemAccessConditions.containsKey(accessCondition.getName())) {
+            handler.logError("wrong access condition <" + accessCondition.getName() + ">");
+            throw new BulkAccessControlException("wrong access condition <" + accessCondition.getName() + ">");
+        }
+
+        try {
+            itemAccessConditions.get(accessCondition.getName()).validateResourcePolicy(
+                context, accessCondition.getName(), accessCondition.getStartDate(), accessCondition.getEndDate());
+        } catch (Exception e) {
+            handler.logError("invalid access condition, " + e.getMessage());
+            handler.handleException(e);
+        }
+    }
+
+    /**
+     * find all items of provided {@link #uuids} from solr,
+     * then update the resource policies of items
+     * or bitstreams of items (only bitstreams of ORIGINAL bundles)
+     * and derivative bitstreams, or both of them.
+     *
+     * @param accessControl the access control input
+     * @throws SQLException if something goes wrong in the database
+     * @throws SearchServiceException if a search error occurs
+     * @throws AuthorizeException if an authorization error occurs
+     */
+    private void updateItemsAndBitstreamsPolices(BulkAccessControlInput accessControl)
+        throws SQLException, SearchServiceException, AuthorizeException {
+
+        int counter = 0;
+        int start = 0;
+        int limit = 20;
+
+        String query = buildSolrQuery(uuids);
+
+        Iterator<Item> itemIterator = findItems(query, start, limit);
+
+        while (itemIterator.hasNext()) {
+
+            Item item = context.reloadEntity(itemIterator.next());
+
+            if (Objects.nonNull(accessControl.getItem())) {
+                updateItemPolicies(item, accessControl);
+            }
+
+            if (Objects.nonNull(accessControl.getBitstream())) {
+                updateBitstreamsPolicies(item, accessControl);
+            }
+
+            context.commit();
+            context.uncacheEntity(item);
+            counter++;
+
+            if (counter == limit) {
+                counter = 0;
+                start += limit;
+                itemIterator = findItems(query, start, limit);
+            }
+        }
+    }
+
+    private String buildSolrQuery(List<String> uuids) throws SQLException {
+        String [] query = new String[uuids.size()];
+
+        for (int i = 0 ; i < query.length ; i++) {
+            DSpaceObject dso = dSpaceObjectUtils.findDSpaceObject(context, UUID.fromString(uuids.get(i)));
+
+            if (dso.getType() == Constants.COMMUNITY) {
+                query[i] = "location.comm:" + dso.getID();
+            } else if (dso.getType() == Constants.COLLECTION) {
+                query[i] = "location.coll:" + dso.getID();
+            } else if (dso.getType() == Constants.ITEM) {
+                query[i] = "search.resourceid:" + dso.getID();
+            }
+        }
+        return StringUtils.joinWith(" OR ", query);
+    }
+
+    private Iterator<Item> findItems(String query, int start, int limit)
+        throws SearchServiceException {
+
+        DiscoverQuery discoverQuery = buildDiscoveryQuery(query, start, limit);
+
+        return searchService.search(context, discoverQuery)
+                            .getIndexableObjects()
+                            .stream()
+                            .map(indexableObject ->
+                                ((IndexableItem) indexableObject).getIndexedObject())
+                            .collect(Collectors.toList())
+                            .iterator();
+    }
+
+    private DiscoverQuery buildDiscoveryQuery(String query, int start, int limit) {
+        DiscoverQuery discoverQuery = new DiscoverQuery();
+        discoverQuery.setDSpaceObjectFilter(IndexableItem.TYPE);
+        discoverQuery.setQuery(query);
+        discoverQuery.setStart(start);
+        discoverQuery.setMaxResults(limit);
+        discoverQuery.setSortField("search.resourceid", DiscoverQuery.SORT_ORDER.asc);
+        return discoverQuery;
+    }
+
+    /**
+     * update the item resource policies,
+     * when mode equals to 'replace' will remove
+     * all current resource polices of types 'TYPE_CUSTOM'
+     * and 'TYPE_INHERITED' then, set the new resource policies.
+     *
+     * @param item the item
+     * @param accessControl the access control input
+     * @throws SQLException if something goes wrong in the database
+     * @throws AuthorizeException if an authorization error occurs
+     */
+    private void updateItemPolicies(Item item, BulkAccessControlInput accessControl)
+        throws SQLException, AuthorizeException {
+
+        AccessConditionItem acItem = accessControl.getItem();
+
+        if (REPLACE_MODE.equals(acItem.getMode())) {
+            removeReadPolicies(item, TYPE_CUSTOM);
+            removeReadPolicies(item, TYPE_INHERITED);
+        }
+
+        setItemPolicies(item, accessControl);
+        logInfo(acItem.getAccessConditions(), acItem.getMode(), item);
+    }
+
+    /**
+     * create the new resource policies of item.
+     * then, call {@link ItemService#adjustItemPolicies(
+     * Context, Item, Collection)} to adjust item's default policies.
+     *
+     * @param item the item
+     * @param accessControl the access control input
+     * @throws SQLException if something goes wrong in the database
+     * @throws AuthorizeException if an authorization error occurs
+     */
+    private void setItemPolicies(Item item, BulkAccessControlInput accessControl)
+        throws SQLException, AuthorizeException {
+
+        accessControl
+            .getItem()
+            .getAccessConditions()
+            .forEach(accessCondition -> createResourcePolicy(item, accessCondition,
+                itemAccessConditions.get(accessCondition.getName())));
+
+        itemService.adjustItemPolicies(context, item, item.getOwningCollection(), false);
+    }
+
+    /**
+     * update the resource policies of all item's bitstreams
+     * or bitstreams specified into constraint node,
+     * and derivative bitstreams.
+     *
+     * <strong>NOTE:</strong> only bitstreams of ORIGINAL bundles
+     *
+     * @param item the item contains bitstreams
+     * @param accessControl the access control input
+     */
+    private void updateBitstreamsPolicies(Item item, BulkAccessControlInput accessControl) {
+        AccessConditionBitstream.Constraint constraints = accessControl.getBitstream().getConstraints();
+
+        // look over all the bundles and force initialization of bitstreams collection
+        // to avoid lazy initialization exception
+        long count = item.getBundles()
+                         .stream()
+                         .flatMap(bundle ->
+                             bundle.getBitstreams().stream())
+                         .count();
+
+        item.getBundles(CONTENT_BUNDLE_NAME).stream()
+            .flatMap(bundle -> bundle.getBitstreams().stream())
+            .filter(bitstream -> constraints == null ||
+                constraints.getUuid() == null ||
+                constraints.getUuid().size() == 0 ||
+                constraints.getUuid().contains(bitstream.getID().toString()))
+            .forEach(bitstream -> updateBitstreamPolicies(bitstream, item, accessControl));
+    }
+
+    /**
+     * check that the bitstream node is existed,
+     * and contains constraint node,
+     * and constraint contains uuids.
+     *
+     * @param bitstream the bitstream node
+     * @return true when uuids of constraint of bitstream is not empty,
+     * otherwise false
+     */
+    private boolean containsConstraints(AccessConditionBitstream bitstream) {
+        return Objects.nonNull(bitstream) &&
+            Objects.nonNull(bitstream.getConstraints()) &&
+            isNotEmpty(bitstream.getConstraints().getUuid());
+    }
+
+    /**
+     * update the bitstream resource policies,
+     * when mode equals to replace will remove
+     * all current resource polices of types 'TYPE_CUSTOM'
+     * and 'TYPE_INHERITED' then, set the new resource policies.
+     *
+     * @param bitstream the bitstream
+     * @param item the item of bitstream
+     * @param accessControl the access control input
+     * @throws RuntimeException if something goes wrong in the database
+     * or an authorization error occurs
+     */
+    private void updateBitstreamPolicies(Bitstream bitstream, Item item, BulkAccessControlInput accessControl) {
+
+        AccessConditionBitstream acBitstream = accessControl.getBitstream();
+
+        if (REPLACE_MODE.equals(acBitstream.getMode())) {
+            removeReadPolicies(bitstream, TYPE_CUSTOM);
+            removeReadPolicies(bitstream, TYPE_INHERITED);
+        }
+
+        try {
+            setBitstreamPolicies(bitstream, item, accessControl);
+            logInfo(acBitstream.getAccessConditions(), acBitstream.getMode(), bitstream);
+        } catch (SQLException | AuthorizeException e) {
+            throw new RuntimeException(e);
+        }
+
+    }
+
+    /**
+     * remove dspace object's read policies.
+     *
+     * @param dso the dspace object
+     * @param type resource policy type
+     * @throws BulkAccessControlException if something goes wrong
+     * in the database or an authorization error occurs
+     */
+    private void removeReadPolicies(DSpaceObject dso, String type) {
+        try {
+            resourcePolicyService.removePolicies(context, dso, type, Constants.READ);
+        } catch (SQLException | AuthorizeException e) {
+            throw new BulkAccessControlException(e);
+        }
+    }
+
+    /**
+     * create the new resource policies of bitstream.
+     * then, call {@link ItemService#adjustItemPolicies(
+     * Context, Item, Collection)} to adjust bitstream's default policies.
+     * and also update the resource policies of its derivative bitstreams.
+     *
+     * @param bitstream the bitstream
+     * @param item the item of bitstream
+     * @param accessControl the access control input
+     * @throws SQLException if something goes wrong in the database
+     * @throws AuthorizeException if an authorization error occurs
+     */
+    private void setBitstreamPolicies(Bitstream bitstream, Item item, BulkAccessControlInput accessControl)
+        throws SQLException, AuthorizeException {
+
+        accessControl.getBitstream()
+                     .getAccessConditions()
+                     .forEach(accessCondition -> createResourcePolicy(bitstream, accessCondition,
+                         uploadAccessConditions.get(accessCondition.getName())));
+
+        itemService.adjustBitstreamPolicies(context, item, item.getOwningCollection(), bitstream);
+        mediaFilterService.updatePoliciesOfDerivativeBitstreams(context, item, bitstream);
+    }
+
+    /**
+     * create the resource policy from the information
+     * comes from the access condition.
+     *
+     * @param obj the dspace object
+     * @param accessCondition the access condition
+     * @param accessConditionOption the access condition option
+     * @throws BulkAccessControlException if an exception occurs
+     */
+    private void createResourcePolicy(DSpaceObject obj, AccessCondition accessCondition,
+                                      AccessConditionOption accessConditionOption) {
+
+        String name = accessCondition.getName();
+        String description = accessCondition.getDescription();
+        Date startDate = accessCondition.getStartDate();
+        Date endDate = accessCondition.getEndDate();
+
+        try {
+            accessConditionOption.createResourcePolicy(context, obj, name, description, startDate, endDate);
+        } catch (Exception e) {
+            throw new BulkAccessControlException(e);
+        }
+    }
+
+    /**
+     * Set the eperson in the context
+     *
+     * @param context the context
+     * @throws SQLException if database error
+     */
+    protected void setEPerson(Context context) throws SQLException {
+        EPerson myEPerson = epersonService.find(context, this.getEpersonIdentifier());
+
+        if (myEPerson == null) {
+            handler.logError("EPerson cannot be found: " + this.getEpersonIdentifier());
+            throw new UnsupportedOperationException("EPerson cannot be found: " + this.getEpersonIdentifier());
+        }
+
+        context.setCurrentUser(myEPerson);
+    }
+
+    private void logInfo(List<AccessCondition> accessConditions, String mode, DSpaceObject dso) {
+        String type = dso.getClass().getSimpleName();
+
+        if (REPLACE_MODE.equals(mode) && isEmpty(accessConditions)) {
+            handler.logInfo("Cleaning " + type + " {" + dso.getID() + "} policies");
+            handler.logInfo("Inheriting policies from owning Collection in " + type + " {" + dso.getID() + "}");
+            return;
+        }
+
+        StringBuilder message = new StringBuilder();
+        message.append(mode.equals(ADD_MODE) ? "Adding " : "Replacing ")
+               .append(type)
+               .append(" {")
+               .append(dso.getID())
+               .append("} policy")
+               .append(mode.equals(ADD_MODE) ? " with " : " to ")
+               .append("access conditions:");
+
+        AppendAccessConditionsInfo(message, accessConditions);
+
+        handler.logInfo(message.toString());
+
+        if (REPLACE_MODE.equals(mode) && isAppendModeEnabled()) {
+            handler.logInfo("Inheriting policies from owning Collection in " + type + " {" + dso.getID() + "}");
+        }
+    }
+
+    private void AppendAccessConditionsInfo(StringBuilder message, List<AccessCondition> accessConditions) {
+        DateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd");
+        message.append("{");
+
+        for (int i = 0; i <  accessConditions.size(); i++) {
+            message.append(accessConditions.get(i).getName());
+
+            Optional.ofNullable(accessConditions.get(i).getStartDate())
+                    .ifPresent(date -> message.append(", start_date=" + dateFormat.format(date)));
+
+            Optional.ofNullable(accessConditions.get(i).getEndDate())
+                    .ifPresent(date -> message.append(", end_date=" + dateFormat.format(date)));
+
+            if (i != accessConditions.size() - 1) {
+                message.append(", ");
+            }
+        }
+
+        message.append("}");
+    }
+
+    private boolean isAppendModeEnabled() {
+        return configurationService.getBooleanProperty("core.authorization.installitem.inheritance-read.append-mode");
+    }
+
+    protected boolean isAuthorized(Context context) {
+        return true;
+    }
+
+    @Override
+    @SuppressWarnings("unchecked")
+    public BulkAccessControlScriptConfiguration<BulkAccessControl> getScriptConfiguration() {
+        return new DSpace().getServiceManager()
+                           .getServiceByName("bulk-access-control", BulkAccessControlScriptConfiguration.class);
+    }
+
+}

dspace-api/src/main/java/org/dspace/app/bulkaccesscontrol/BulkAccessControlCli.java

@@ -0,0 +1,66 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.bulkaccesscontrol;
+
+import java.sql.SQLException;
+import java.util.Arrays;
+import java.util.UUID;
+import java.util.stream.Collectors;
+
+import org.apache.commons.lang3.StringUtils;
+import org.dspace.core.Context;
+import org.dspace.eperson.EPerson;
+import org.dspace.scripts.DSpaceCommandLineParameter;
+
+/**
+ * Extension of {@link BulkAccessControl} for CLI.
+ *
+ * @author Mohamed Eskander (mohamed.eskander at 4science.it)
+ *
+ */
+public class BulkAccessControlCli extends BulkAccessControl {
+
+    @Override
+    protected void setEPerson(Context context) throws SQLException {
+        EPerson myEPerson;
+        eperson = commandLine.getOptionValue('e');
+
+        if (eperson == null) {
+            handler.logError("An eperson to do the the Bulk Access Control must be specified " +
+                "(run with -h flag for details)");
+            throw new UnsupportedOperationException("An eperson to do the Bulk Access Control must be specified");
+        }
+
+        if (StringUtils.contains(eperson, '@')) {
+            myEPerson = epersonService.findByEmail(context, eperson);
+        } else {
+            myEPerson = epersonService.find(context, UUID.fromString(eperson));
+        }
+
+        if (myEPerson == null) {
+            handler.logError("EPerson cannot be found: " + eperson + " (run with -h flag for details)");
+            throw new UnsupportedOperationException("EPerson cannot be found: " + eperson);
+        }
+
+        context.setCurrentUser(myEPerson);
+    }
+
+    @Override
+    protected boolean isAuthorized(Context context) {
+
+        if (context.getCurrentUser() == null) {
+            return false;
+        }
+
+        return getScriptConfiguration().isAllowedToExecute(context,
+            Arrays.stream(commandLine.getOptions())
+                  .map(option ->
+                      new DSpaceCommandLineParameter("-" + option.getOpt(), option.getValue()))
+                  .collect(Collectors.toList()));
+    }
+}

dspace-api/src/main/java/org/dspace/app/bulkaccesscontrol/BulkAccessControlCliScriptConfiguration.java

@@ -0,0 +1,42 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.bulkaccesscontrol;
+
+import java.io.InputStream;
+
+import org.apache.commons.cli.Options;
+
+/**
+ * Extension of {@link BulkAccessControlScriptConfiguration} for CLI.
+ *
+ * @author Mohamed Eskander (mohamed.eskander at 4science.it)
+ *
+ */
+public class BulkAccessControlCliScriptConfiguration<T extends BulkAccessControlCli>
+    extends BulkAccessControlScriptConfiguration<T> {
+
+    @Override
+    public Options getOptions() {
+        Options options = new Options();
+
+        options.addOption("u", "uuid", true, "target uuids of communities/collections/items");
+        options.getOption("u").setType(String.class);
+        options.getOption("u").setRequired(true);
+
+        options.addOption("f", "file", true, "source json file");
+        options.getOption("f").setType(InputStream.class);
+        options.getOption("f").setRequired(true);
+
+        options.addOption("e", "eperson", true, "email of EPerson used to perform actions");
+        options.getOption("e").setRequired(true);
+
+        options.addOption("h", "help", false, "help");
+
+        return options;
+    }
+}

dspace-api/src/main/java/org/dspace/app/bulkaccesscontrol/BulkAccessControlScriptConfiguration.java

@@ -0,0 +1,110 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.bulkaccesscontrol;
+
+import java.io.InputStream;
+import java.sql.SQLException;
+import java.util.List;
+import java.util.Objects;
+import java.util.UUID;
+import java.util.stream.Collectors;
+
+import org.apache.commons.cli.Options;
+import org.dspace.app.util.DSpaceObjectUtilsImpl;
+import org.dspace.app.util.service.DSpaceObjectUtils;
+import org.dspace.content.DSpaceObject;
+import org.dspace.core.Context;
+import org.dspace.scripts.DSpaceCommandLineParameter;
+import org.dspace.scripts.configuration.ScriptConfiguration;
+import org.dspace.utils.DSpace;
+
+/**
+ * Script configuration for {@link BulkAccessControl}.
+ *
+ * @author Mohamed Eskander (mohamed.eskander at 4science.it)
+ *
+ * @param  <T> the {@link BulkAccessControl} type
+ */
+public class BulkAccessControlScriptConfiguration<T extends BulkAccessControl> extends ScriptConfiguration<T> {
+
+    private Class<T> dspaceRunnableClass;
+
+    @Override
+    public boolean isAllowedToExecute(Context context, List<DSpaceCommandLineParameter> commandLineParameters) {
+
+        try {
+            if (Objects.isNull(commandLineParameters)) {
+                return authorizeService.isAdmin(context) || authorizeService.isComColAdmin(context)
+                    || authorizeService.isItemAdmin(context);
+            } else {
+                List<String> dspaceObjectIDs =
+                    commandLineParameters.stream()
+                                         .filter(parameter -> "-u".equals(parameter.getName()))
+                                         .map(DSpaceCommandLineParameter::getValue)
+                                         .collect(Collectors.toList());
+
+                DSpaceObjectUtils dSpaceObjectUtils = new DSpace().getServiceManager().getServiceByName(
+                    DSpaceObjectUtilsImpl.class.getName(), DSpaceObjectUtilsImpl.class);
+
+                for (String dspaceObjectID : dspaceObjectIDs) {
+
+                    DSpaceObject dso = dSpaceObjectUtils.findDSpaceObject(context, UUID.fromString(dspaceObjectID));
+
+                    if (Objects.isNull(dso)) {
+                        throw new IllegalArgumentException();
+                    }
+
+                    if (!authorizeService.isAdmin(context, dso)) {
+                        return false;
+                    }
+                }
+            }
+        } catch (SQLException e) {
+            throw new RuntimeException(e);
+        }
+
+        return true;
+    }
+
+    @Override
+    public Options getOptions() {
+        if (options == null) {
+            Options options = new Options();
+
+            options.addOption("u", "uuid", true, "target uuids of communities/collections/items");
+            options.getOption("u").setType(String.class);
+            options.getOption("u").setRequired(true);
+
+            options.addOption("f", "file", true, "source json file");
+            options.getOption("f").setType(InputStream.class);
+            options.getOption("f").setRequired(true);
+
+            options.addOption("h", "help", false, "help");
+
+            super.options = options;
+        }
+        return options;
+    }
+
+    @Override
+    public Class<T> getDspaceRunnableClass() {
+        return dspaceRunnableClass;
+    }
+
+    /**
+     * Generic setter for the dspaceRunnableClass
+     *
+     * @param dspaceRunnableClass The dspaceRunnableClass to be set on this
+     *                            BulkImportScriptConfiguration
+     */
+    @Override
+    public void setDspaceRunnableClass(Class<T> dspaceRunnableClass) {
+        this.dspaceRunnableClass = dspaceRunnableClass;
+    }
+
+}

dspace-api/src/main/java/org/dspace/app/bulkaccesscontrol/exception/BulkAccessControlException.java

@@ -0,0 +1,48 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.bulkaccesscontrol.exception;
+
+/**
+ * Exception for errors that occurs during the bulk access control
+ *
+ * @author Mohamed Eskander (mohamed.eskander at 4science.it)
+ *
+ */
+public class BulkAccessControlException extends RuntimeException {
+
+    private static final long serialVersionUID = -74730626862418515L;
+
+    /**
+     * Constructor with error message and cause.
+     *
+     * @param message the error message
+     * @param cause   the error cause
+     */
+    public BulkAccessControlException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    /**
+     * Constructor with error message.
+     *
+     * @param message the error message
+     */
+    public BulkAccessControlException(String message) {
+        super(message);
+    }
+
+    /**
+     * Constructor with error cause.
+     *
+     * @param cause the error cause
+     */
+    public BulkAccessControlException(Throwable cause) {
+        super(cause);
+    }
+
+}

dspace-api/src/main/java/org/dspace/app/bulkaccesscontrol/model/AccessCondition.java

@@ -0,0 +1,59 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.bulkaccesscontrol.model;
+
+import java.util.Date;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import org.dspace.app.bulkaccesscontrol.BulkAccessControl;
+import org.dspace.util.MultiFormatDateDeserializer;
+
+/**
+ * Class that model the values of an Access Condition as expressed in the {@link BulkAccessControl} input file
+ *
+ * @author Mohamed Eskander (mohamed.eskander at 4science.it)
+ */
+public class AccessCondition {
+
+    private  String name;
+
+    private  String description;
+
+    @JsonDeserialize(using = MultiFormatDateDeserializer.class)
+    private  Date startDate;
+
+    @JsonDeserialize(using = MultiFormatDateDeserializer.class)
+    private  Date endDate;
+
+    public AccessCondition() {
+    }
+
+    public AccessCondition(String name, String description, Date startDate, Date endDate) {
+        this.name = name;
+        this.description = description;
+        this.startDate = startDate;
+        this.endDate = endDate;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public Date getStartDate() {
+        return startDate;
+    }
+
+    public Date getEndDate() {
+        return endDate;
+    }
+
+}

dspace-api/src/main/java/org/dspace/app/bulkaccesscontrol/model/AccessConditionBitstream.java

@@ -0,0 +1,69 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.bulkaccesscontrol.model;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.dspace.app.bulkaccesscontrol.BulkAccessControl;
+
+/**
+ * Class that model the value of bitstream node
+ * from json file of the {@link BulkAccessControl}
+ *
+ * @author Mohamed Eskander (mohamed.eskander at 4science.it)
+ */
+public class AccessConditionBitstream {
+
+    private String mode;
+
+    private Constraint constraints;
+
+    private List<AccessCondition> accessConditions;
+
+    public String getMode() {
+        return mode;
+    }
+
+    public void setMode(String mode) {
+        this.mode = mode;
+    }
+
+    public Constraint getConstraints() {
+        return constraints;
+    }
+
+    public void setConstraints(Constraint constraints) {
+        this.constraints = constraints;
+    }
+
+    public List<AccessCondition> getAccessConditions() {
+        if (accessConditions == null) {
+            return new ArrayList<>();
+        }
+        return accessConditions;
+    }
+
+    public void setAccessConditions(List<AccessCondition> accessConditions) {
+        this.accessConditions = accessConditions;
+    }
+
+    public class Constraint {
+
+        private List<String> uuid;
+
+        public List<String> getUuid() {
+            return uuid;
+        }
+
+        public void setUuid(List<String> uuid) {
+            this.uuid = uuid;
+        }
+    }
+
+}

dspace-api/src/main/java/org/dspace/app/bulkaccesscontrol/model/AccessConditionItem.java

@@ -0,0 +1,45 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.bulkaccesscontrol.model;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.dspace.app.bulkaccesscontrol.BulkAccessControl;
+
+/**
+ * Class that model the value of item node
+ * from json file of the {@link BulkAccessControl}
+ *
+ * @author Mohamed Eskander (mohamed.eskander at 4science.it)
+ */
+public class AccessConditionItem {
+
+    String mode;
+
+    List<AccessCondition> accessConditions;
+
+    public String getMode() {
+        return mode;
+    }
+
+    public void setMode(String mode) {
+        this.mode = mode;
+    }
+
+    public List<AccessCondition> getAccessConditions() {
+        if (accessConditions == null) {
+            return new ArrayList<>();
+        }
+        return accessConditions;
+    }
+
+    public void setAccessConditions(List<AccessCondition> accessConditions) {
+        this.accessConditions = accessConditions;
+    }
+}

dspace-api/src/main/java/org/dspace/app/bulkaccesscontrol/model/BulkAccessConditionConfiguration.java

@@ -0,0 +1,50 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.bulkaccesscontrol.model;
+
+import java.util.List;
+
+import org.dspace.submit.model.AccessConditionOption;
+
+/**
+ * A collection of conditions to be met when bulk access condition.
+ *
+ * @author Mohamed Eskander (mohamed.eskander at 4science.it)
+ */
+public class BulkAccessConditionConfiguration {
+
+    private String name;
+    private List<AccessConditionOption> itemAccessConditionOptions;
+    private List<AccessConditionOption> bitstreamAccessConditionOptions;
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public List<AccessConditionOption> getItemAccessConditionOptions() {
+        return itemAccessConditionOptions;
+    }
+
+    public void setItemAccessConditionOptions(
+        List<AccessConditionOption> itemAccessConditionOptions) {
+        this.itemAccessConditionOptions = itemAccessConditionOptions;
+    }
+
+    public List<AccessConditionOption> getBitstreamAccessConditionOptions() {
+        return bitstreamAccessConditionOptions;
+    }
+
+    public void setBitstreamAccessConditionOptions(
+        List<AccessConditionOption> bitstreamAccessConditionOptions) {
+        this.bitstreamAccessConditionOptions = bitstreamAccessConditionOptions;
+    }
+}

dspace-api/src/main/java/org/dspace/app/bulkaccesscontrol/model/BulkAccessControlInput.java

@@ -0,0 +1,72 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.bulkaccesscontrol.model;
+
+import org.dspace.app.bulkaccesscontrol.BulkAccessControl;
+
+/**
+ * Class that model the content of the JSON file used as input for the {@link BulkAccessControl}
+ *
+ * <code> <br/>
+ * { <br/>
+ *     item: { <br/>
+ *        mode: "replace", <br/>
+ *        accessConditions: [ <br/>
+ *            { <br/>
+ *              "name": "openaccess" <br/>
+ *            } <br/>
+ *        ] <br/>
+ *     }, <br/>
+ *     bitstream: { <br/>
+ *       constraints: { <br/>
+ *           uuid: [bit-uuid1, bit-uuid2, ..., bit-uuidN], <br/>
+ *       }, <br/>
+ *       mode: "add", <br/>
+ *       accessConditions: [ <br/>
+ *         { <br/>
+ *          "name": "embargo", <br/>
+ *          "startDate": "2024-06-24T23:59:59.999+0000" <br/>
+ *         } <br/>
+ *       ] <br/>
+ *    } <br/>
+ * }
+ * </code>
+ *
+ * @author Mohamed Eskander (mohamed.eskander at 4science.it)
+ */
+public class BulkAccessControlInput {
+
+    AccessConditionItem item;
+
+    AccessConditionBitstream bitstream;
+
+    public BulkAccessControlInput() {
+    }
+
+    public BulkAccessControlInput(AccessConditionItem item,
+                                  AccessConditionBitstream bitstream) {
+        this.item = item;
+        this.bitstream = bitstream;
+    }
+
+    public AccessConditionItem getItem() {
+        return item;
+    }
+
+    public void setItem(AccessConditionItem item) {
+        this.item = item;
+    }
+
+    public AccessConditionBitstream getBitstream() {
+        return bitstream;
+    }
+
+    public void setBitstream(AccessConditionBitstream bitstream) {
+        this.bitstream = bitstream;
+    }
+}

dspace-api/src/main/java/org/dspace/app/bulkaccesscontrol/service/BulkAccessConditionConfigurationService.java

@@ -0,0 +1,45 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.bulkaccesscontrol.service;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.collections4.CollectionUtils;
+import org.dspace.app.bulkaccesscontrol.model.BulkAccessConditionConfiguration;
+import org.springframework.beans.factory.annotation.Autowired;
+
+/**
+ * Simple bean to manage different Bulk Access Condition configurations
+ *
+ * @author Mohamed Eskander (mohamed.eskander at 4science.it)
+ */
+public class BulkAccessConditionConfigurationService {
+
+    @Autowired
+    private List<BulkAccessConditionConfiguration> bulkAccessConditionConfigurations;
+
+    public List<BulkAccessConditionConfiguration> getBulkAccessConditionConfigurations() {
+        if (CollectionUtils.isEmpty(bulkAccessConditionConfigurations)) {
+            return new ArrayList<>();
+        }
+        return bulkAccessConditionConfigurations;
+    }
+
+    public BulkAccessConditionConfiguration getBulkAccessConditionConfiguration(String name) {
+        return getBulkAccessConditionConfigurations().stream()
+                                                     .filter(x -> name.equals(x.getName()))
+                                                     .findFirst()
+                                                     .orElse(null);
+    }
+
+    public void setBulkAccessConditionConfigurations(
+        List<BulkAccessConditionConfiguration> bulkAccessConditionConfigurations) {
+        this.bulkAccessConditionConfigurations = bulkAccessConditionConfigurations;
+    }
+}

dspace-api/src/main/java/org/dspace/app/bulkedit/DSpaceCSV.java

@@ -188,6 +188,15 @@ public class DSpaceCSV implements Serializable {
                     // Verify that the heading is valid in the metadata registry
                     String[] clean = element.split("\\[");
                     String[] parts = clean[0].split("\\.");
+                    // Check language if present, if it's ANY then throw an exception
+                    if (clean.length > 1 && clean[1].equals(Item.ANY + "]")) {
+                        throw new MetadataImportInvalidHeadingException("Language ANY (*) was found in the heading " +
+                                                                                "of the metadata value to import, " +
+                                                                                "this should never be the case",
+                                                                        MetadataImportInvalidHeadingException.ENTRY,
+                                                                        columnCounter);
+
+                    }
 
                     if (parts.length < 2) {
                         throw new MetadataImportInvalidHeadingException(element,
@@ -223,6 +232,15 @@ public class DSpaceCSV implements Serializable {
                         }
                     }
 
+                    // Verify there isn’t already a header that is the same; if it already exists,
+                    // throw MetadataImportInvalidHeadingException
+                    String header = authorityPrefix + element;
+                    if (headings.contains(header)) {
+                        throw new MetadataImportInvalidHeadingException("Duplicate heading found: " + header,
+                                                                        MetadataImportInvalidHeadingException.ENTRY,
+                                                                        columnCounter);
+                    }
+
                     // Store the heading
                     headings.add(authorityPrefix + element);
                 }

dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataDeletionScriptConfiguration.java

@@ -7,33 +7,16 @@
  */
 package org.dspace.app.bulkedit;
 
-import java.sql.SQLException;
-
 import org.apache.commons.cli.Options;
-import org.dspace.authorize.service.AuthorizeService;
-import org.dspace.core.Context;
 import org.dspace.scripts.configuration.ScriptConfiguration;
-import org.springframework.beans.factory.annotation.Autowired;
 
 /**
  * The {@link ScriptConfiguration} for the {@link MetadataDeletion} script.
  */
 public class MetadataDeletionScriptConfiguration<T extends MetadataDeletion> extends ScriptConfiguration<T> {
 
-    @Autowired
-    private AuthorizeService authorizeService;
-
     private Class<T> dspaceRunnableClass;
 
-    @Override
-    public boolean isAllowedToExecute(Context context) {
-        try {
-            return authorizeService.isAdmin(context);
-        } catch (SQLException e) {
-            throw new RuntimeException("SQLException occurred when checking if the current user is an admin", e);
-        }
-    }
-
     @Override
     public Options getOptions() {
         if (options == null) {

dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataExportScriptConfiguration.java

@@ -7,22 +7,14 @@
  */
 package org.dspace.app.bulkedit;
 
-import java.sql.SQLException;
-
 import org.apache.commons.cli.Options;
-import org.dspace.authorize.service.AuthorizeService;
-import org.dspace.core.Context;
 import org.dspace.scripts.configuration.ScriptConfiguration;
-import org.springframework.beans.factory.annotation.Autowired;
 
 /**
  * The {@link ScriptConfiguration} for the {@link MetadataExport} script
  */
 public class MetadataExportScriptConfiguration<T extends MetadataExport> extends ScriptConfiguration<T> {
 
-    @Autowired
-    private AuthorizeService authorizeService;
-
     private Class<T> dspaceRunnableClass;
 
     @Override
@@ -39,15 +31,6 @@ public class MetadataExportScriptConfiguration<T extends MetadataExport> extends
         this.dspaceRunnableClass = dspaceRunnableClass;
     }
 
-    @Override
-    public boolean isAllowedToExecute(Context context) {
-        try {
-            return authorizeService.isAdmin(context);
-        } catch (SQLException e) {
-            throw new RuntimeException("SQLException occurred when checking if the current user is an admin", e);
-        }
-    }
-
     @Override
     public Options getOptions() {
         if (options == null) {

dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataExportSearch.java

@@ -14,6 +14,8 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.UUID;
 
+import org.apache.commons.cli.DefaultParser;
+import org.apache.commons.cli.DefaultParser.Builder;
 import org.apache.commons.cli.ParseException;
 import org.dspace.content.Item;
 import org.dspace.content.MetadataDSpaceCsvExportServiceImpl;
@@ -143,7 +145,7 @@ public class MetadataExportSearch extends DSpaceRunnable<MetadataExportSearchScr
 
         Iterator<Item> itemIterator = searchService.iteratorSearch(context, dso, discoverQuery);
         handler.logDebug("creating dspacecsv");
-        DSpaceCSV dSpaceCSV = metadataDSpaceCsvExportService.export(context, itemIterator, true);
+        DSpaceCSV dSpaceCSV = metadataDSpaceCsvExportService.export(context, itemIterator, true, handler);
         handler.logDebug("writing to file " + getFileNameOrExportFile());
         handler.writeFilestream(context, getFileNameOrExportFile(), dSpaceCSV.getInputStream(), EXPORT_CSV);
         context.restoreAuthSystemState();
@@ -167,4 +169,14 @@ public class MetadataExportSearch extends DSpaceRunnable<MetadataExportSearchScr
         }
         return scopeObj;
     }
+
+    @Override
+    protected StepResult parse(String[] args) throws ParseException {
+        commandLine = new DefaultParser().parse(getScriptConfiguration().getOptions(), args);
+        Builder builder = new DefaultParser().builder();
+        builder.setStripLeadingAndTrailingQuotes(false);
+        commandLine = builder.build().parse(getScriptConfiguration().getOptions(), args);
+        setup();
+        return StepResult.Continue;
+    }
 }

dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataExportSearchScriptConfiguration.java

@@ -9,7 +9,6 @@
 package org.dspace.app.bulkedit;
 
 import org.apache.commons.cli.Options;
-import org.dspace.core.Context;
 import org.dspace.scripts.configuration.ScriptConfiguration;
 
 /**
@@ -29,11 +28,6 @@ public class MetadataExportSearchScriptConfiguration<T extends MetadataExportSea
         this.dspaceRunnableclass = dspaceRunnableClass;
     }
 
-    @Override
-    public boolean isAllowedToExecute(Context context) {
-        return true;
-    }
-
     @Override
     public Options getOptions() {
         if (options == null) {

dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataImport.java

@@ -494,7 +494,7 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
 
                 // Check it has an owning collection
                 List<String> collections = line.get("collection");
-                if (collections == null) {
+                if (collections == null || collections.isEmpty()) {
                     throw new MetadataImportException(
                         "New items must have a 'collection' assigned in the form of a handle");
                 }
@@ -578,6 +578,10 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
                             wfItem = workflowService.startWithoutNotify(c, wsItem);
                         }
                     } else {
+                        // Add provenance info
+                        String provenance = installItemService.getSubmittedByProvenanceMessage(c, wsItem.getItem());
+                        itemService.addMetadata(c, item, MetadataSchemaEnum.DC.getName(),
+                                "description", "provenance", "en", provenance);
                         // Install the item
                         installItemService.installItem(c, wsItem);
                     }
@@ -598,18 +602,19 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
                 changes.add(whatHasChanged);
             }
 
-            if (change) {
-                //only clear cache if changes have been made.
-                c.uncacheEntity(wsItem);
-                c.uncacheEntity(wfItem);
-                c.uncacheEntity(item);
+            if (change && (rowCount % configurationService.getIntProperty("bulkedit.change.commit.count", 100) == 0)) {
+                c.commit();
+                handler.logInfo(LogHelper.getHeader(c, "metadata_import_commit", "lineNumber=" + rowCount));
             }
             populateRefAndRowMap(line, item == null ? null : item.getID());
             // keep track of current rows processed
             rowCount++;
         }
+        if (change) {
+            c.commit();
+        }
 
-        c.setMode(originalMode);
+        c.setMode(Context.Mode.READ_ONLY);
 
 
         // Return the changes
@@ -820,8 +825,10 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
                 addRelationships(c, item, element, values);
             } else {
                 itemService.clearMetadata(c, item, schema, element, qualifier, language);
-                itemService.addMetadata(c, item, schema, element, qualifier,
-                                        language, values, authorities, confidences);
+                if (!values.isEmpty()) {
+                    itemService.addMetadata(c, item, schema, element, qualifier,
+                                            language, values, authorities, confidences);
+                }
                 itemService.update(c, item);
             }
         }
@@ -1116,8 +1123,8 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
                     .getAuthoritySeparator() + dcv.getConfidence();
             }
 
-            // Add it
-            if ((value != null) && (!"".equals(value))) {
+            // Add it, if value is not blank
+            if (value != null && StringUtils.isNotBlank(value)) {
                 changes.registerAdd(dcv);
             }
         }
@@ -1362,7 +1369,7 @@ public class MetadataImport extends DSpaceRunnable<MetadataImportScriptConfigura
      * is the field is defined as authority controlled
      */
     private static boolean isAuthorityControlledField(String md) {
-        String mdf = StringUtils.substringAfter(md, ":");
+        String mdf = md.contains(":") ? StringUtils.substringAfter(md, ":") : md;
         mdf = StringUtils.substringBefore(mdf, "[");
         return authorityControlled.contains(mdf);
     }

dspace-api/src/main/java/org/dspace/app/bulkedit/MetadataImportScriptConfiguration.java

@@ -8,22 +8,15 @@
 package org.dspace.app.bulkedit;
 
 import java.io.InputStream;
-import java.sql.SQLException;
 
 import org.apache.commons.cli.Options;
-import org.dspace.authorize.service.AuthorizeService;
-import org.dspace.core.Context;
 import org.dspace.scripts.configuration.ScriptConfiguration;
-import org.springframework.beans.factory.annotation.Autowired;
 
 /**
  * The {@link ScriptConfiguration} for the {@link MetadataImport} script
  */
 public class MetadataImportScriptConfiguration<T extends MetadataImport> extends ScriptConfiguration<T> {
 
-    @Autowired
-    private AuthorizeService authorizeService;
-
     private Class<T> dspaceRunnableClass;
 
     @Override
@@ -40,15 +33,6 @@ public class MetadataImportScriptConfiguration<T extends MetadataImport> extends
         this.dspaceRunnableClass = dspaceRunnableClass;
     }
 
-    @Override
-    public boolean isAllowedToExecute(Context context) {
-        try {
-            return authorizeService.isAdmin(context);
-        } catch (SQLException e) {
-            throw new RuntimeException("SQLException occurred when checking if the current user is an admin", e);
-        }
-    }
-
     @Override
     public Options getOptions() {
         if (options == null) {

dspace-api/src/main/java/org/dspace/app/client/DSpaceHttpClientFactory.java

@@ -0,0 +1,152 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.client;
+
+import static org.apache.commons.collections4.ListUtils.emptyIfNull;
+
+import java.util.List;
+
+import org.apache.http.HttpRequestInterceptor;
+import org.apache.http.HttpResponseInterceptor;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.config.RequestConfig;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.dspace.services.ConfigurationService;
+import org.dspace.utils.DSpace;
+import org.springframework.beans.factory.annotation.Autowired;
+
+/**
+ * Factory of {@link HttpClient} with common configurations.
+ *
+ * @author Luca Giamminonni (luca.giamminonni at 4science.it)
+ *
+ */
+public class DSpaceHttpClientFactory {
+
+    @Autowired
+    private ConfigurationService configurationService;
+
+    @Autowired
+    private DSpaceProxyRoutePlanner proxyRoutePlanner;
+
+    @Autowired(required = false)
+    private List<HttpRequestInterceptor> requestInterceptors;
+
+    @Autowired(required = false)
+    private List<HttpResponseInterceptor> responseInterceptors;
+
+    /**
+     * Get an instance of {@link DSpaceHttpClientFactory} from the Spring context.
+     * @return the bean instance
+     */
+    public static DSpaceHttpClientFactory getInstance() {
+        return new DSpace().getSingletonService(DSpaceHttpClientFactory.class);
+    }
+
+    /**
+     * Build an instance of {@link HttpClient} setting the proxy if configured.
+     *
+     * @return the client
+     */
+    public CloseableHttpClient build() {
+        return build(HttpClientBuilder.create(), true);
+    }
+
+    /**
+     * return a Builder if an instance of {@link HttpClient} pre-setting the proxy if configured.
+     *
+     * @return the client
+     */
+    public HttpClientBuilder builder(boolean setProxy) {
+        HttpClientBuilder clientBuilder = HttpClientBuilder.create();
+        if (setProxy) {
+            clientBuilder.setRoutePlanner(proxyRoutePlanner);
+        }
+        getRequestInterceptors().forEach(clientBuilder::addInterceptorLast);
+        getResponseInterceptors().forEach(clientBuilder::addInterceptorLast);
+        return clientBuilder;
+    }
+
+    /**
+     * Build an instance of {@link HttpClient} without setting the proxy, even if
+     * configured.
+     *
+     * @return the client
+     */
+    public CloseableHttpClient buildWithoutProxy() {
+        return build(HttpClientBuilder.create(), false);
+    }
+
+    /**
+     * Build an instance of {@link HttpClient} setting the proxy if configured,
+     * disabling automatic retries and setting the maximum total connection.
+     *
+     * @param  maxConnTotal the maximum total connection value
+     * @return              the client
+     */
+    public CloseableHttpClient buildWithoutAutomaticRetries(int maxConnTotal) {
+        HttpClientBuilder clientBuilder = HttpClientBuilder.create()
+                .disableAutomaticRetries()
+                .setMaxConnTotal(maxConnTotal);
+        return build(clientBuilder, true);
+    }
+
+    /**
+     * Build an instance of {@link HttpClient} setting the proxy if configured with
+     * the given request configuration.
+     * @param  requestConfig the request configuration
+     * @return               the client
+     */
+    public CloseableHttpClient buildWithRequestConfig(RequestConfig requestConfig) {
+        HttpClientBuilder httpClientBuilder = HttpClientBuilder.create()
+                .setDefaultRequestConfig(requestConfig);
+        return build(httpClientBuilder, true);
+    }
+
+    private CloseableHttpClient build(HttpClientBuilder clientBuilder, boolean setProxy) {
+        if (setProxy) {
+            clientBuilder.setRoutePlanner(proxyRoutePlanner);
+        }
+        getRequestInterceptors().forEach(clientBuilder::addInterceptorLast);
+        getResponseInterceptors().forEach(clientBuilder::addInterceptorLast);
+        return clientBuilder.build();
+    }
+
+    public ConfigurationService getConfigurationService() {
+        return configurationService;
+    }
+
+    public void setConfigurationService(ConfigurationService configurationService) {
+        this.configurationService = configurationService;
+    }
+
+    public List<HttpRequestInterceptor> getRequestInterceptors() {
+        return emptyIfNull(requestInterceptors);
+    }
+
+    public void setRequestInterceptors(List<HttpRequestInterceptor> requestInterceptors) {
+        this.requestInterceptors = requestInterceptors;
+    }
+
+    public List<HttpResponseInterceptor> getResponseInterceptors() {
+        return emptyIfNull(responseInterceptors);
+    }
+
+    public void setResponseInterceptors(List<HttpResponseInterceptor> responseInterceptors) {
+        this.responseInterceptors = responseInterceptors;
+    }
+
+    public DSpaceProxyRoutePlanner getProxyRoutePlanner() {
+        return proxyRoutePlanner;
+    }
+
+    public void setProxyRoutePlanner(DSpaceProxyRoutePlanner proxyRoutePlanner) {
+        this.proxyRoutePlanner = proxyRoutePlanner;
+    }
+}

dspace-api/src/main/java/org/dspace/app/client/DSpaceProxyRoutePlanner.java

@@ -0,0 +1,73 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.client;
+
+import java.util.Arrays;
+
+import org.apache.commons.lang3.ArrayUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.http.HttpException;
+import org.apache.http.HttpHost;
+import org.apache.http.HttpRequest;
+import org.apache.http.impl.conn.DefaultRoutePlanner;
+import org.apache.http.protocol.HttpContext;
+import org.dspace.services.ConfigurationService;
+
+/**
+ * Extension of {@link DefaultRoutePlanner} that determine the proxy based on
+ * the configuration service, ignoring configured hosts.
+ *
+ * @author Luca Giamminonni (luca.giamminonni at 4science.it)
+ *
+ */
+public class DSpaceProxyRoutePlanner extends DefaultRoutePlanner {
+
+    private ConfigurationService configurationService;
+
+    public DSpaceProxyRoutePlanner(ConfigurationService configurationService) {
+        super(null);
+        this.configurationService = configurationService;
+    }
+
+    @Override
+    protected HttpHost determineProxy(HttpHost target, HttpRequest request, HttpContext context) throws HttpException {
+        if (isTargetHostConfiguredToBeIgnored(target)) {
+            return null;
+        }
+        String proxyHost = configurationService.getProperty("http.proxy.host");
+        String proxyPort = configurationService.getProperty("http.proxy.port");
+        if (StringUtils.isAnyBlank(proxyHost, proxyPort)) {
+            return null;
+        }
+        try {
+            return new HttpHost(proxyHost, Integer.parseInt(proxyPort), "http");
+        } catch (NumberFormatException e) {
+            throw new RuntimeException("Invalid proxy port configuration: " + proxyPort);
+        }
+    }
+
+    private boolean isTargetHostConfiguredToBeIgnored(HttpHost target) {
+        String[] hostsToIgnore = configurationService.getArrayProperty("http.proxy.hosts-to-ignore");
+        if (ArrayUtils.isEmpty(hostsToIgnore)) {
+            return false;
+        }
+        return Arrays.stream(hostsToIgnore)
+                .anyMatch(host -> matchesHost(host, target.getHostName()));
+    }
+
+    private boolean matchesHost(String hostPattern, String hostName) {
+        if (hostName.equals(hostPattern)) {
+            return true;
+        } else if (hostPattern.startsWith("*")) {
+            return hostName.endsWith(StringUtils.removeStart(hostPattern, "*"));
+        } else if (hostPattern.endsWith("*")) {
+            return hostName.startsWith(StringUtils.removeEnd(hostPattern, "*"));
+        }
+        return false;
+    }
+}

dspace-api/src/main/java/org/dspace/app/harvest/HarvestScriptConfiguration.java

@@ -7,18 +7,11 @@
  */
 package org.dspace.app.harvest;
 
-import java.sql.SQLException;
-
 import org.apache.commons.cli.Options;
-import org.dspace.authorize.service.AuthorizeService;
-import org.dspace.core.Context;
 import org.dspace.scripts.configuration.ScriptConfiguration;
-import org.springframework.beans.factory.annotation.Autowired;
 
 
 public class HarvestScriptConfiguration<T extends Harvest> extends ScriptConfiguration<T> {
-    @Autowired
-    private AuthorizeService authorizeService;
 
     private Class<T> dspaceRunnableClass;
 
@@ -32,13 +25,6 @@ public class HarvestScriptConfiguration<T extends Harvest> extends ScriptConfigu
         this.dspaceRunnableClass = dspaceRunnableClass;
     }
 
-    public boolean isAllowedToExecute(final Context context) {
-        try {
-            return authorizeService.isAdmin(context);
-        } catch (SQLException e) {
-            throw new RuntimeException("SQLException occurred when checking if the current user is an admin", e);
-        }
-    }
 
     public Options getOptions() {
         Options options = new Options();

dspace-api/src/main/java/org/dspace/app/itemexport/ItemExport.java

@@ -0,0 +1,264 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.itemexport;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.nio.file.Path;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.UUID;
+
+import org.apache.commons.cli.ParseException;
+import org.apache.commons.io.file.PathUtils;
+import org.dspace.app.itemexport.factory.ItemExportServiceFactory;
+import org.dspace.app.itemexport.service.ItemExportService;
+import org.dspace.content.Collection;
+import org.dspace.content.Item;
+import org.dspace.content.factory.ContentServiceFactory;
+import org.dspace.content.service.CollectionService;
+import org.dspace.content.service.ItemService;
+import org.dspace.core.Constants;
+import org.dspace.core.Context;
+import org.dspace.eperson.EPerson;
+import org.dspace.eperson.factory.EPersonServiceFactory;
+import org.dspace.eperson.service.EPersonService;
+import org.dspace.handle.factory.HandleServiceFactory;
+import org.dspace.handle.service.HandleService;
+import org.dspace.scripts.DSpaceRunnable;
+import org.dspace.utils.DSpace;
+
+/**
+ * Item exporter to create simple AIPs for DSpace content. Currently exports
+ * individual items, or entire collections. For instructions on use, see
+ * printUsage() method.
+ * <P>
+ * ItemExport creates the simple AIP package that the importer also uses. It
+ * consists of:
+ * <P>
+ * /exportdir/42/ (one directory per item) / dublin_core.xml - qualified dublin
+ * core in RDF schema / contents - text file, listing one file per line / file1
+ * - files contained in the item / file2 / ...
+ * <P>
+ * issues -doesn't handle special characters in metadata (needs to turn {@code &'s} into
+ * {@code &amp;}, etc.)
+ * <P>
+ * Modified by David Little, UCSD Libraries 12/21/04 to allow the registration
+ * of files (bitstreams) into DSpace.
+ *
+ * @author David Little
+ * @author Jay Paz
+ */
+public class ItemExport extends DSpaceRunnable<ItemExportScriptConfiguration> {
+
+    public static final String TEMP_DIR = "exportSAF";
+    public static final String ZIP_NAME = "exportSAFZip";
+    public static final String ZIP_FILENAME = "saf-export";
+    public static final String ZIP_EXT = "zip";
+
+    protected String typeString = null;
+    protected String destDirName = null;
+    protected String idString = null;
+    protected int seqStart = -1;
+    protected int type = -1;
+    protected Item item = null;
+    protected Collection collection = null;
+    protected boolean migrate = false;
+    protected boolean zip = false;
+    protected String zipFileName = "";
+    protected boolean excludeBitstreams = false;
+    protected boolean help = false;
+
+    protected static HandleService handleService = HandleServiceFactory.getInstance().getHandleService();
+    protected static ItemService itemService = ContentServiceFactory.getInstance().getItemService();
+    protected static CollectionService collectionService = ContentServiceFactory.getInstance().getCollectionService();
+    protected static final EPersonService epersonService =
+            EPersonServiceFactory.getInstance().getEPersonService();
+
+    @Override
+    public ItemExportScriptConfiguration getScriptConfiguration() {
+        return new DSpace().getServiceManager()
+                .getServiceByName("export", ItemExportScriptConfiguration.class);
+    }
+
+    @Override
+    public void setup() throws ParseException {
+        help = commandLine.hasOption('h');
+
+        if (commandLine.hasOption('t')) { // type
+            typeString = commandLine.getOptionValue('t');
+
+            if ("ITEM".equals(typeString)) {
+                type = Constants.ITEM;
+            } else if ("COLLECTION".equals(typeString)) {
+                type = Constants.COLLECTION;
+            }
+        }
+
+        if (commandLine.hasOption('i')) { // id
+            idString = commandLine.getOptionValue('i');
+        }
+
+        setNumber();
+
+        if (commandLine.hasOption('m')) { // number
+            migrate = true;
+        }
+
+        if (commandLine.hasOption('x')) {
+            excludeBitstreams = true;
+        }
+    }
+
+    @Override
+    public void internalRun() throws Exception {
+        if (help) {
+            printHelp();
+            return;
+        }
+
+        validate();
+
+        Context context = new Context();
+        context.turnOffAuthorisationSystem();
+
+        if (type == Constants.ITEM) {
+            // first, is myIDString a handle?
+            if (idString.indexOf('/') != -1) {
+                item = (Item) handleService.resolveToObject(context, idString);
+
+                if ((item == null) || (item.getType() != Constants.ITEM)) {
+                    item = null;
+                }
+            } else {
+                item = itemService.find(context, UUID.fromString(idString));
+            }
+
+            if (item == null) {
+                handler.logError("The item cannot be found: " + idString + " (run with -h flag for details)");
+                throw new UnsupportedOperationException("The item cannot be found: " + idString);
+            }
+        } else {
+            if (idString.indexOf('/') != -1) {
+                // has a / must be a handle
+                collection = (Collection) handleService.resolveToObject(context,
+                                                                          idString);
+
+                // ensure it's a collection
+                if ((collection == null)
+                    || (collection.getType() != Constants.COLLECTION)) {
+                    collection = null;
+                }
+            } else {
+                collection = collectionService.find(context, UUID.fromString(idString));
+            }
+
+            if (collection == null) {
+                handler.logError("The collection cannot be found: " + idString + " (run with -h flag for details)");
+                throw new UnsupportedOperationException("The collection cannot be found: " + idString);
+            }
+        }
+
+        ItemExportService itemExportService = ItemExportServiceFactory.getInstance()
+                .getItemExportService();
+        try {
+            itemExportService.setHandler(handler);
+            process(context, itemExportService);
+            context.complete();
+        } catch (Exception e) {
+            context.abort();
+            throw new Exception(e);
+        }
+    }
+
+    /**
+     * Validate the options
+     */
+    protected void validate() {
+        if (type == -1) {
+            handler.logError("The type must be either COLLECTION or ITEM (run with -h flag for details)");
+            throw new UnsupportedOperationException("The type must be either COLLECTION or ITEM");
+        }
+
+        if (idString == null) {
+            handler.logError("The ID must be set to either a database ID or a handle (run with -h flag for details)");
+            throw new UnsupportedOperationException("The ID must be set to either a database ID or a handle");
+        }
+    }
+
+    /**
+     * Process the export
+     * @param context
+     * @throws Exception
+     */
+    protected void process(Context context, ItemExportService itemExportService) throws Exception {
+        setEPerson(context);
+        setDestDirName(context, itemExportService);
+        setZip(context);
+
+        Iterator<Item> items;
+        if (item != null) {
+            List<Item> myItems = new ArrayList<>();
+            myItems.add(item);
+            items = myItems.iterator();
+        } else {
+            handler.logInfo("Exporting from collection: " + idString);
+            items = itemService.findByCollection(context, collection);
+        }
+        itemExportService.exportAsZip(context, items, destDirName, zipFileName,
+                seqStart, migrate, excludeBitstreams);
+
+        File zip = new File(destDirName + System.getProperty("file.separator") + zipFileName);
+        try (InputStream is = new FileInputStream(zip)) {
+            // write input stream on handler
+            handler.writeFilestream(context, ZIP_FILENAME + "." + ZIP_EXT, is, ZIP_NAME);
+        } finally {
+            PathUtils.deleteDirectory(Path.of(destDirName));
+        }
+    }
+
+    /**
+     * Set the destination directory option
+     */
+    protected void setDestDirName(Context context, ItemExportService itemExportService) throws Exception {
+        destDirName = itemExportService.getExportWorkDirectory() + File.separator + TEMP_DIR;
+    }
+
+    /**
+     * Set the zip option
+     */
+    protected void setZip(Context context) {
+        zip = true;
+        zipFileName = ZIP_FILENAME + "-" + context.getCurrentUser().getID() + "." + ZIP_EXT;
+    }
+
+    /**
+     * Set the number option
+     */
+    protected void setNumber() {
+        seqStart = 1;
+        if (commandLine.hasOption('n')) { // number
+            seqStart = Integer.parseInt(commandLine.getOptionValue('n'));
+        }
+    }
+
+    private void setEPerson(Context context) throws SQLException {
+        EPerson myEPerson = epersonService.find(context, this.getEpersonIdentifier());
+
+        // check eperson
+        if (myEPerson == null) {
+            handler.logError("EPerson cannot be found: " + this.getEpersonIdentifier());
+            throw new UnsupportedOperationException("EPerson cannot be found: " + this.getEpersonIdentifier());
+        }
+
+        context.setCurrentUser(myEPerson);
+    }
+}

dspace-api/src/main/java/org/dspace/app/itemexport/ItemExportCLI.java

@@ -0,0 +1,96 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.itemexport;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+import org.dspace.app.itemexport.service.ItemExportService;
+import org.dspace.content.Item;
+import org.dspace.core.Context;
+
+/**
+ * CLI variant for the {@link ItemExport} class.
+ * This was done to specify the specific behaviors for the CLI.
+ *
+ * @author Francesco Pio Scognamiglio (francescopio.scognamiglio at 4science.com)
+ */
+public class ItemExportCLI extends ItemExport {
+
+    @Override
+    protected void validate() {
+        super.validate();
+
+        setDestDirName();
+
+        if (destDirName == null) {
+            handler.logError("The destination directory must be set (run with -h flag for details)");
+            throw new UnsupportedOperationException("The destination directory must be set");
+        }
+
+        if (seqStart == -1) {
+            handler.logError("The sequence start number must be set (run with -h flag for details)");
+            throw new UnsupportedOperationException("The sequence start number must be set");
+        }
+    }
+
+    @Override
+    protected void process(Context context, ItemExportService itemExportService) throws Exception {
+        setZip(context);
+
+        if (zip) {
+            Iterator<Item> items;
+            if (item != null) {
+                List<Item> myItems = new ArrayList<>();
+                myItems.add(item);
+                items = myItems.iterator();
+            } else {
+                handler.logInfo("Exporting from collection: " + idString);
+                items = itemService.findByCollection(context, collection);
+            }
+            itemExportService.exportAsZip(context, items, destDirName, zipFileName,
+                    seqStart, migrate, excludeBitstreams);
+        } else {
+            if (item != null) {
+                // it's only a single item
+                itemExportService
+                    .exportItem(context, Collections.singletonList(item).iterator(), destDirName,
+                            seqStart, migrate, excludeBitstreams);
+            } else {
+                handler.logInfo("Exporting from collection: " + idString);
+
+                // it's a collection, so do a bunch of items
+                Iterator<Item> i = itemService.findByCollection(context, collection);
+                itemExportService.exportItem(context, i, destDirName, seqStart, migrate, excludeBitstreams);
+            }
+        }
+    }
+
+    protected void setDestDirName() {
+        if (commandLine.hasOption('d')) { // dest
+            destDirName = commandLine.getOptionValue('d');
+        }
+    }
+
+    @Override
+    protected void setZip(Context context) {
+        if (commandLine.hasOption('z')) {
+            zip = true;
+            zipFileName = commandLine.getOptionValue('z');
+        }
+    }
+
+    @Override
+    protected void setNumber() {
+        if (commandLine.hasOption('n')) { // number
+            seqStart = Integer.parseInt(commandLine.getOptionValue('n'));
+        }
+    }
+}

dspace-api/src/main/java/org/dspace/app/itemexport/ItemExportCLIScriptConfiguration.java

@@ -0,0 +1,56 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.itemexport;
+
+import org.apache.commons.cli.Option;
+import org.apache.commons.cli.Options;
+import org.dspace.scripts.configuration.ScriptConfiguration;
+
+/**
+ * The {@link ScriptConfiguration} for the {@link ItemExportCLI} script
+ * 
+ * @author Francesco Pio Scognamiglio (francescopio.scognamiglio at 4science.com)
+ */
+public class ItemExportCLIScriptConfiguration extends ItemExportScriptConfiguration<ItemExportCLI> {
+
+    @Override
+    public Options getOptions() {
+        Options options = new Options();
+
+        options.addOption(Option.builder("t").longOpt("type")
+                .desc("type: COLLECTION or ITEM")
+                .hasArg().required().build());
+        options.addOption(Option.builder("i").longOpt("id")
+                .desc("ID or handle of thing to export")
+                .hasArg().required().build());
+        options.addOption(Option.builder("d").longOpt("dest")
+                .desc("destination where you want items to go")
+                .hasArg().required().build());
+        options.addOption(Option.builder("n").longOpt("number")
+                .desc("sequence number to begin exporting items with")
+                .hasArg().required().build());
+        options.addOption(Option.builder("z").longOpt("zip")
+                .desc("export as zip file (specify filename e.g. export.zip)")
+                .hasArg().required(false).build());
+        options.addOption(Option.builder("m").longOpt("migrate")
+                .desc("export for migration (remove handle and metadata that will be re-created in new system)")
+                .hasArg(false).required(false).build());
+
+        // as pointed out by Peter Dietz this provides similar functionality to export metadata
+        // but it is needed since it directly exports to Simple Archive Format (SAF)
+        options.addOption(Option.builder("x").longOpt("exclude-bitstreams")
+                .desc("do not export bitstreams")
+                .hasArg(false).required(false).build());
+
+        options.addOption(Option.builder("h").longOpt("help")
+                .desc("help")
+                .hasArg(false).required(false).build());
+
+        return options;
+    }
+}

dspace-api/src/main/java/org/dspace/app/itemexport/ItemExportCLITool.java

@@ -1,246 +0,0 @@
-/**
- * The contents of this file are subject to the license and copyright
- * detailed in the LICENSE and NOTICE files at the root of the source
- * tree and available online at
- *
- * http://www.dspace.org/license/
- */
-package org.dspace.app.itemexport;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Iterator;
-import java.util.List;
-import java.util.UUID;
-
-import org.apache.commons.cli.CommandLine;
-import org.apache.commons.cli.CommandLineParser;
-import org.apache.commons.cli.DefaultParser;
-import org.apache.commons.cli.HelpFormatter;
-import org.apache.commons.cli.Options;
-import org.dspace.app.itemexport.factory.ItemExportServiceFactory;
-import org.dspace.app.itemexport.service.ItemExportService;
-import org.dspace.content.Collection;
-import org.dspace.content.Item;
-import org.dspace.content.factory.ContentServiceFactory;
-import org.dspace.content.service.CollectionService;
-import org.dspace.content.service.ItemService;
-import org.dspace.core.Constants;
-import org.dspace.core.Context;
-import org.dspace.handle.factory.HandleServiceFactory;
-import org.dspace.handle.service.HandleService;
-
-/**
- * Item exporter to create simple AIPs for DSpace content. Currently exports
- * individual items, or entire collections. For instructions on use, see
- * printUsage() method.
- * <P>
- * ItemExport creates the simple AIP package that the importer also uses. It
- * consists of:
- * <P>
- * /exportdir/42/ (one directory per item) / dublin_core.xml - qualified dublin
- * core in RDF schema / contents - text file, listing one file per line / file1
- * - files contained in the item / file2 / ...
- * <P>
- * issues -doesn't handle special characters in metadata (needs to turn {@code &'s} into
- * {@code &amp;}, etc.)
- * <P>
- * Modified by David Little, UCSD Libraries 12/21/04 to allow the registration
- * of files (bitstreams) into DSpace.
- *
- * @author David Little
- * @author Jay Paz
- */
-public class ItemExportCLITool {
-
-    protected static ItemExportService itemExportService = ItemExportServiceFactory.getInstance()
-                                                                                   .getItemExportService();
-    protected static HandleService handleService = HandleServiceFactory.getInstance().getHandleService();
-    protected static ItemService itemService = ContentServiceFactory.getInstance().getItemService();
-    protected static CollectionService collectionService = ContentServiceFactory.getInstance().getCollectionService();
-
-    /**
-     * Default constructor
-     */
-    private ItemExportCLITool() { }
-
-    /*
-     *
-     */
-    public static void main(String[] argv) throws Exception {
-        // create an options object and populate it
-        CommandLineParser parser = new DefaultParser();
-
-        Options options = new Options();
-
-        options.addOption("t", "type", true, "type: COLLECTION or ITEM");
-        options.addOption("i", "id", true, "ID or handle of thing to export");
-        options.addOption("d", "dest", true,
-                          "destination where you want items to go");
-        options.addOption("m", "migrate", false,
-                          "export for migration (remove handle and metadata that will be re-created in new system)");
-        options.addOption("n", "number", true,
-                          "sequence number to begin exporting items with");
-        options.addOption("z", "zip", true, "export as zip file (specify filename e.g. export.zip)");
-        options.addOption("h", "help", false, "help");
-
-        // as pointed out by Peter Dietz this provides similar functionality to export metadata
-        // but it is needed since it directly exports to Simple Archive Format (SAF)
-        options.addOption("x", "exclude-bitstreams", false, "do not export bitstreams");
-
-        CommandLine line = parser.parse(options, argv);
-
-        String typeString = null;
-        String destDirName = null;
-        String myIDString = null;
-        int seqStart = -1;
-        int myType = -1;
-
-        Item myItem = null;
-        Collection mycollection = null;
-
-        if (line.hasOption('h')) {
-            HelpFormatter myhelp = new HelpFormatter();
-            myhelp.printHelp("ItemExport\n", options);
-            System.out
-                .println("\nfull collection: ItemExport -t COLLECTION -i ID -d dest -n number");
-            System.out
-                .println("singleitem:       ItemExport -t ITEM -i ID -d dest -n number");
-
-            System.exit(0);
-        }
-
-        if (line.hasOption('t')) { // type
-            typeString = line.getOptionValue('t');
-
-            if ("ITEM".equals(typeString)) {
-                myType = Constants.ITEM;
-            } else if ("COLLECTION".equals(typeString)) {
-                myType = Constants.COLLECTION;
-            }
-        }
-
-        if (line.hasOption('i')) { // id
-            myIDString = line.getOptionValue('i');
-        }
-
-        if (line.hasOption('d')) { // dest
-            destDirName = line.getOptionValue('d');
-        }
-
-        if (line.hasOption('n')) { // number
-            seqStart = Integer.parseInt(line.getOptionValue('n'));
-        }
-
-        boolean migrate = false;
-        if (line.hasOption('m')) { // number
-            migrate = true;
-        }
-
-        boolean zip = false;
-        String zipFileName = "";
-        if (line.hasOption('z')) {
-            zip = true;
-            zipFileName = line.getOptionValue('z');
-        }
-
-        boolean excludeBitstreams = false;
-        if (line.hasOption('x')) {
-            excludeBitstreams = true;
-        }
-
-        // now validate the args
-        if (myType == -1) {
-            System.out
-                .println("type must be either COLLECTION or ITEM (-h for help)");
-            System.exit(1);
-        }
-
-        if (destDirName == null) {
-            System.out
-                .println("destination directory must be set (-h for help)");
-            System.exit(1);
-        }
-
-        if (seqStart == -1) {
-            System.out
-                .println("sequence start number must be set (-h for help)");
-            System.exit(1);
-        }
-
-        if (myIDString == null) {
-            System.out
-                .println("ID must be set to either a database ID or a handle (-h for help)");
-            System.exit(1);
-        }
-
-        Context c = new Context(Context.Mode.READ_ONLY);
-        c.turnOffAuthorisationSystem();
-
-        if (myType == Constants.ITEM) {
-            // first, is myIDString a handle?
-            if (myIDString.indexOf('/') != -1) {
-                myItem = (Item) handleService.resolveToObject(c, myIDString);
-
-                if ((myItem == null) || (myItem.getType() != Constants.ITEM)) {
-                    myItem = null;
-                }
-            } else {
-                myItem = itemService.find(c, UUID.fromString(myIDString));
-            }
-
-            if (myItem == null) {
-                System.out
-                    .println("Error, item cannot be found: " + myIDString);
-            }
-        } else {
-            if (myIDString.indexOf('/') != -1) {
-                // has a / must be a handle
-                mycollection = (Collection) handleService.resolveToObject(c,
-                                                                          myIDString);
-
-                // ensure it's a collection
-                if ((mycollection == null)
-                    || (mycollection.getType() != Constants.COLLECTION)) {
-                    mycollection = null;
-                }
-            } else if (myIDString != null) {
-                mycollection = collectionService.find(c, UUID.fromString(myIDString));
-            }
-
-            if (mycollection == null) {
-                System.out.println("Error, collection cannot be found: "
-                                       + myIDString);
-                System.exit(1);
-            }
-        }
-
-        if (zip) {
-            Iterator<Item> items;
-            if (myItem != null) {
-                List<Item> myItems = new ArrayList<>();
-                myItems.add(myItem);
-                items = myItems.iterator();
-            } else {
-                System.out.println("Exporting from collection: " + myIDString);
-                items = itemService.findByCollection(c, mycollection);
-            }
-            itemExportService.exportAsZip(c, items, destDirName, zipFileName, seqStart, migrate, excludeBitstreams);
-        } else {
-            if (myItem != null) {
-                // it's only a single item
-                itemExportService
-                    .exportItem(c, Collections.singletonList(myItem).iterator(), destDirName, seqStart, migrate,
-                                excludeBitstreams);
-            } else {
-                System.out.println("Exporting from collection: " + myIDString);
-
-                // it's a collection, so do a bunch of items
-                Iterator<Item> i = itemService.findByCollection(c, mycollection);
-                itemExportService.exportItem(c, i, destDirName, seqStart, migrate, excludeBitstreams);
-            }
-        }
-
-        c.complete();
-    }
-}

dspace-api/src/main/java/org/dspace/app/itemexport/ItemExportScriptConfiguration.java

@@ -0,0 +1,62 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.itemexport;
+
+import org.apache.commons.cli.Option;
+import org.apache.commons.cli.Options;
+import org.dspace.scripts.configuration.ScriptConfiguration;
+
+/**
+ * The {@link ScriptConfiguration} for the {@link ItemExport} script
+ * 
+ * @author Francesco Pio Scognamiglio (francescopio.scognamiglio at 4science.com)
+ */
+public class ItemExportScriptConfiguration<T extends ItemExport> extends ScriptConfiguration<T> {
+
+    private Class<T> dspaceRunnableClass;
+
+    @Override
+    public Class<T> getDspaceRunnableClass() {
+        return dspaceRunnableClass;
+    }
+
+    @Override
+    public void setDspaceRunnableClass(Class<T> dspaceRunnableClass) {
+        this.dspaceRunnableClass = dspaceRunnableClass;
+    }
+
+    @Override
+    public Options getOptions() {
+        Options options = new Options();
+
+        options.addOption(Option.builder("t").longOpt("type")
+                .desc("type: COLLECTION or ITEM")
+                .hasArg().required().build());
+        options.addOption(Option.builder("i").longOpt("id")
+                .desc("ID or handle of thing to export")
+                .hasArg().required().build());
+        options.addOption(Option.builder("n").longOpt("number")
+                .desc("sequence number to begin exporting items with")
+                .hasArg().required(false).build());
+        options.addOption(Option.builder("m").longOpt("migrate")
+                .desc("export for migration (remove handle and metadata that will be re-created in new system)")
+                .hasArg(false).required(false).build());
+
+        // as pointed out by Peter Dietz this provides similar functionality to export metadata
+        // but it is needed since it directly exports to Simple Archive Format (SAF)
+        options.addOption(Option.builder("x").longOpt("exclude-bitstreams")
+                .desc("do not export bitstreams")
+                .hasArg(false).required(false).build());
+
+        options.addOption(Option.builder("h").longOpt("help")
+                .desc("help")
+                .hasArg(false).required(false).build());
+
+        return options;
+    }
+}

dspace-api/src/main/java/org/dspace/app/itemexport/ItemExportServiceImpl.java

@@ -57,6 +57,7 @@ import org.dspace.core.Utils;
 import org.dspace.eperson.EPerson;
 import org.dspace.eperson.service.EPersonService;
 import org.dspace.handle.service.HandleService;
+import org.dspace.scripts.handler.DSpaceRunnableHandler;
 import org.dspace.services.ConfigurationService;
 import org.springframework.beans.factory.annotation.Autowired;
 
@@ -64,17 +65,21 @@ import org.springframework.beans.factory.annotation.Autowired;
  * Item exporter to create simple AIPs for DSpace content. Currently exports
  * individual items, or entire collections. For instructions on use, see
  * printUsage() method.
- * <P>
+ * <p>
  * ItemExport creates the simple AIP package that the importer also uses. It
  * consists of:
- * <P>
- * /exportdir/42/ (one directory per item) / dublin_core.xml - qualified dublin
- * core in RDF schema / contents - text file, listing one file per line / file1
- * - files contained in the item / file2 / ...
- * <P>
+ * <pre>{@code
+ * /exportdir/42/ (one directory per item)
+ *              / dublin_core.xml - qualified dublin core in RDF schema
+ *              / contents - text file, listing one file per line
+ *              / file1 - files contained in the item
+ *              / file2
+ *              / ...
+ * }</pre>
+ * <p>
  * issues -doesn't handle special characters in metadata (needs to turn {@code &'s} into
  * {@code &amp;}, etc.)
- * <P>
+ * <p>
  * Modified by David Little, UCSD Libraries 12/21/04 to allow the registration
  * of files (bitstreams) into DSpace.
  *
@@ -97,11 +102,12 @@ public class ItemExportServiceImpl implements ItemExportService {
     @Autowired(required = true)
     protected ConfigurationService configurationService;
 
-
     /**
      * log4j logger
      */
-    private final Logger log = org.apache.logging.log4j.LogManager.getLogger(ItemExportServiceImpl.class);
+    private final Logger log = org.apache.logging.log4j.LogManager.getLogger();
+
+    private DSpaceRunnableHandler handler;
 
     protected ItemExportServiceImpl() {
 
@@ -126,7 +132,7 @@ public class ItemExportServiceImpl implements ItemExportService {
             }
         }
 
-        System.out.println("Beginning export");
+        logInfo("Beginning export");
 
         while (i.hasNext()) {
             if (SUBDIR_LIMIT > 0 && ++counter == SUBDIR_LIMIT) {
@@ -139,7 +145,7 @@ public class ItemExportServiceImpl implements ItemExportService {
                 }
             }
 
-            System.out.println("Exporting item to " + mySequenceNumber);
+            logInfo("Exporting item to " + mySequenceNumber);
             Item item = i.next();
             exportItem(c, item, fullPath, mySequenceNumber, migrate, excludeBitstreams);
             c.uncacheEntity(item);
@@ -155,7 +161,7 @@ public class ItemExportServiceImpl implements ItemExportService {
             // now create a subdirectory
             File itemDir = new File(destDir + "/" + seqStart);
 
-            System.out.println("Exporting Item " + myItem.getID() +
+            logInfo("Exporting Item " + myItem.getID() +
                                    (myItem.getHandle() != null ? ", handle " + myItem.getHandle() : "") +
                                    " to " + itemDir);
 
@@ -168,6 +174,7 @@ public class ItemExportServiceImpl implements ItemExportService {
                 // make it this far, now start exporting
                 writeMetadata(c, myItem, itemDir, migrate);
                 writeBitstreams(c, myItem, itemDir, excludeBitstreams);
+                writeCollections(myItem, itemDir);
                 if (!migrate) {
                     writeHandle(c, myItem, itemDir);
                 }
@@ -225,7 +232,7 @@ public class ItemExportServiceImpl implements ItemExportService {
 
         File outFile = new File(destDir, filename);
 
-        System.out.println("Attempting to create file " + outFile);
+        logInfo("Attempting to create file " + outFile);
 
         if (outFile.createNewFile()) {
             BufferedOutputStream out = new BufferedOutputStream(
@@ -343,6 +350,35 @@ public class ItemExportServiceImpl implements ItemExportService {
         }
     }
 
+    /**
+     * Create the 'collections' file.  List handles of all Collections which
+     * contain this Item. The "owning" Collection is listed first.
+     *
+     * @param item list collections holding this Item.
+     * @param destDir write the file here.
+     * @throws IOException if the file cannot be created or written.
+     */
+    protected void writeCollections(Item item, File destDir)
+            throws IOException {
+        File outFile = new File(destDir, "collections");
+        if (outFile.createNewFile()) {
+            try (PrintWriter out = new PrintWriter(new FileWriter(outFile))) {
+                Collection owningCollection = item.getOwningCollection();
+                // The owning collection is null for workspace and workflow items
+                if (owningCollection != null) {
+                    out.println(owningCollection.getHandle());
+                }
+                for (Collection collection : item.getCollections()) {
+                    if (!collection.equals(owningCollection)) {
+                        out.println(collection.getHandle());
+                    }
+                }
+            }
+        } else {
+            throw new IOException("Cannot create 'collections' in " + destDir);
+        }
+    }
+
     /**
      * Create both the bitstreams and the contents file. Any bitstreams that
      * were originally registered will be marked in the contents file as such.
@@ -399,7 +435,7 @@ public class ItemExportServiceImpl implements ItemExportService {
                             File fdirs = new File(destDir + File.separator
                                                       + dirs);
                             if (!fdirs.exists() && !fdirs.mkdirs()) {
-                                log.error("Unable to create destination directory");
+                                logError("Unable to create destination directory");
                             }
                         }
 
@@ -456,19 +492,26 @@ public class ItemExportServiceImpl implements ItemExportService {
 
         File wkDir = new File(workDir);
         if (!wkDir.exists() && !wkDir.mkdirs()) {
-            log.error("Unable to create working direcory");
+            logError("Unable to create working directory");
         }
 
         File dnDir = new File(destDirName);
         if (!dnDir.exists() && !dnDir.mkdirs()) {
-            log.error("Unable to create destination directory");
+            logError("Unable to create destination directory");
         }
 
-        // export the items using normal export method
-        exportItem(context, items, workDir, seqStart, migrate, excludeBitstreams);
+        try {
+            // export the items using normal export method (this exports items to our workDir)
+            exportItem(context, items, workDir, seqStart, migrate, excludeBitstreams);
 
-        // now zip up the export directory created above
-        zip(workDir, destDirName + System.getProperty("file.separator") + zipFileName);
+            // now zip up the workDir directory created above
+            zip(workDir, destDirName + System.getProperty("file.separator") + zipFileName);
+        } finally {
+            // Cleanup workDir created above, if it still exists
+            if (wkDir.exists()) {
+                deleteDirectory(wkDir);
+            }
+        }
     }
 
     @Override
@@ -630,11 +673,9 @@ public class ItemExportServiceImpl implements ItemExportService {
             Thread go = new Thread() {
                 @Override
                 public void run() {
-                    Context context = null;
+                    Context context = new Context();
                     Iterator<Item> iitems = null;
                     try {
-                        // create a new dspace context
-                        context = new Context();
                         // ignore auths
                         context.turnOffAuthorisationSystem();
 
@@ -646,7 +687,7 @@ public class ItemExportServiceImpl implements ItemExportService {
                         String downloadDir = getExportDownloadDirectory(eperson);
                         File dnDir = new File(downloadDir);
                         if (!dnDir.exists() && !dnDir.mkdirs()) {
-                            log.error("Unable to create download directory");
+                            logError("Unable to create download directory");
                         }
 
                         Iterator<String> iter = itemsMap.keySet().iterator();
@@ -665,7 +706,7 @@ public class ItemExportServiceImpl implements ItemExportService {
 
                             File wkDir = new File(workDir);
                             if (!wkDir.exists() && !wkDir.mkdirs()) {
-                                log.error("Unable to create working directory");
+                                logError("Unable to create working directory");
                             }
 
 
@@ -756,7 +797,8 @@ public class ItemExportServiceImpl implements ItemExportService {
             throw new Exception(
                 "A dspace.cfg entry for 'org.dspace.app.itemexport.work.dir' does not exist.");
         }
-        return exportDir;
+        // clean work dir path from duplicate separators
+        return StringUtils.replace(exportDir, File.separator + File.separator, File.separator);
     }
 
     @Override
@@ -884,7 +926,7 @@ public class ItemExportServiceImpl implements ItemExportService {
             for (File file : files) {
                 if (file.lastModified() < now.getTimeInMillis()) {
                     if (!file.delete()) {
-                        log.error("Unable to delete export file");
+                        logError("Unable to delete export file");
                     }
                 }
             }
@@ -908,7 +950,7 @@ public class ItemExportServiceImpl implements ItemExportService {
                 for (File file : files) {
                     if (file.lastModified() < now.getTimeInMillis()) {
                         if (!file.delete()) {
-                            log.error("Unable to delete old files");
+                            logError("Unable to delete old files");
                         }
                     }
                 }
@@ -916,7 +958,7 @@ public class ItemExportServiceImpl implements ItemExportService {
                 // If the directory is now empty then we delete it too.
                 if (dir.listFiles().length == 0) {
                     if (!dir.delete()) {
-                        log.error("Unable to delete directory");
+                        logError("Unable to delete directory");
                     }
                 }
             }
@@ -937,14 +979,14 @@ public class ItemExportServiceImpl implements ItemExportService {
 
             email.send();
         } catch (Exception e) {
-            log.warn(LogHelper.getHeader(context, "emailSuccessMessage", "cannot notify user of export"), e);
+            logWarn(LogHelper.getHeader(context, "emailSuccessMessage", "cannot notify user of export"), e);
         }
     }
 
     @Override
     public void emailErrorMessage(EPerson eperson, String error)
         throws MessagingException {
-        log.warn("An error occurred during item export, the user will be notified. " + error);
+        logWarn("An error occurred during item export, the user will be notified. " + error);
         try {
             Locale supportedLocale = I18nUtil.getEPersonLocale(eperson);
             Email email = Email.getEmail(I18nUtil.getEmailFilename(supportedLocale, "export_error"));
@@ -954,7 +996,7 @@ public class ItemExportServiceImpl implements ItemExportService {
 
             email.send();
         } catch (Exception e) {
-            log.warn("error during item export error notification", e);
+            logWarn("error during item export error notification", e);
         }
     }
 
@@ -969,7 +1011,7 @@ public class ItemExportServiceImpl implements ItemExportService {
             }
             File targetFile = new File(tempFileName);
             if (!targetFile.createNewFile()) {
-                log.warn("Target file already exists: " + targetFile.getName());
+                logWarn("Target file already exists: " + targetFile.getName());
             }
 
             FileOutputStream fos = new FileOutputStream(tempFileName);
@@ -985,7 +1027,7 @@ public class ItemExportServiceImpl implements ItemExportService {
 
             deleteDirectory(cpFile);
             if (!targetFile.renameTo(new File(target))) {
-                log.error("Unable to rename file");
+                logError("Unable to rename file");
             }
         } finally {
             if (cpZipOutputStream != null) {
@@ -1018,8 +1060,11 @@ public class ItemExportServiceImpl implements ItemExportService {
                     return;
                 }
                 String strAbsPath = cpFile.getPath();
-                String strZipEntryName = strAbsPath.substring(strSource
-                                                                  .length() + 1, strAbsPath.length());
+                int startIndex = strSource.length();
+                if (!StringUtils.endsWith(strSource, File.separator)) {
+                    startIndex++;
+                }
+                String strZipEntryName = strAbsPath.substring(startIndex, strAbsPath.length());
 
                 // byte[] b = new byte[ (int)(cpFile.length()) ];
 
@@ -1058,7 +1103,7 @@ public class ItemExportServiceImpl implements ItemExportService {
                     deleteDirectory(file);
                 } else {
                     if (!file.delete()) {
-                        log.error("Unable to delete file: " + file.getName());
+                        logError("Unable to delete file: " + file.getName());
                     }
                 }
             }
@@ -1067,4 +1112,64 @@ public class ItemExportServiceImpl implements ItemExportService {
         return (path.delete());
     }
 
+    @Override
+    public void setHandler(DSpaceRunnableHandler handler) {
+        this.handler = handler;
+    }
+
+    private void logInfo(String message) {
+        logInfo(message, null);
+    }
+
+    private void logInfo(String message, Exception e) {
+        if (handler != null) {
+            handler.logInfo(message);
+            return;
+        }
+
+        if (e != null) {
+            log.info(message, e);
+        } else {
+            log.info(message);
+        }
+    }
+
+    private void logWarn(String message) {
+        logWarn(message, null);
+    }
+
+    private void logWarn(String message, Exception e) {
+        if (handler != null) {
+            handler.logWarning(message);
+            return;
+        }
+
+        if (e != null) {
+            log.warn(message, e);
+        } else {
+            log.warn(message);
+        }
+    }
+
+    private void logError(String message) {
+        logError(message, null);
+    }
+
+    private void logError(String message, Exception e) {
+        if (handler != null) {
+            if (e != null) {
+                handler.logError(message, e);
+            } else {
+                handler.logError(message);
+            }
+            return;
+        }
+
+        if (e != null) {
+            log.error(message, e);
+        } else {
+            log.error(message);
+        }
+    }
+
 }

dspace-api/src/main/java/org/dspace/app/itemexport/service/ItemExportService.java

@@ -17,6 +17,7 @@ import org.dspace.content.DSpaceObject;
 import org.dspace.content.Item;
 import org.dspace.core.Context;
 import org.dspace.eperson.EPerson;
+import org.dspace.scripts.handler.DSpaceRunnableHandler;
 
 /**
  * Item exporter to create simple AIPs for DSpace content. Currently exports
@@ -267,4 +268,10 @@ public interface ItemExportService {
      */
     public void zip(String strSource, String target) throws Exception;
 
+    /**
+     * Set the DSpace Runnable Handler
+     * @param handler
+     */
+    public void setHandler(DSpaceRunnableHandler handler);
+
 }

dspace-api/src/main/java/org/dspace/app/itemimport/ItemImport.java

@@ -0,0 +1,446 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.itemimport;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.nio.file.Files;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Optional;
+import java.util.UUID;
+
+import org.apache.commons.cli.ParseException;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.tika.Tika;
+import org.dspace.app.itemimport.factory.ItemImportServiceFactory;
+import org.dspace.app.itemimport.service.ItemImportService;
+import org.dspace.authorize.AuthorizeException;
+import org.dspace.content.Collection;
+import org.dspace.content.factory.ContentServiceFactory;
+import org.dspace.content.service.CollectionService;
+import org.dspace.core.Constants;
+import org.dspace.core.Context;
+import org.dspace.eperson.EPerson;
+import org.dspace.eperson.factory.EPersonServiceFactory;
+import org.dspace.eperson.service.EPersonService;
+import org.dspace.handle.factory.HandleServiceFactory;
+import org.dspace.handle.service.HandleService;
+import org.dspace.scripts.DSpaceRunnable;
+import org.dspace.utils.DSpace;
+
+/**
+ * Import items into DSpace. The conventional use is upload files by copying
+ * them. DSpace writes the item's bitstreams into its assetstore. Metadata is
+ * also loaded to the DSpace database.
+ * <P>
+ * A second use assumes the bitstream files already exist in a storage
+ * resource accessible to DSpace. In this case the bitstreams are 'registered'.
+ * That is, the metadata is loaded to the DSpace database and DSpace is given
+ * the location of the file which is subsumed into DSpace.
+ * <P>
+ * The distinction is controlled by the format of lines in the 'contents' file.
+ * See comments in processContentsFile() below.
+ * <P>
+ * Modified by David Little, UCSD Libraries 12/21/04 to
+ * allow the registration of files (bitstreams) into DSpace.
+ */
+public class ItemImport extends DSpaceRunnable<ItemImportScriptConfiguration> {
+
+    public static String TEMP_DIR = "importSAF";
+    public static String MAPFILE_FILENAME = "mapfile";
+    public static String MAPFILE_BITSTREAM_TYPE = "importSAFMapfile";
+
+    protected boolean template = false;
+    protected String command = null;
+    protected String sourcedir = null;
+    protected String mapfile = null;
+    protected String eperson = null;
+    protected String[] collections = null;
+    protected boolean isTest = false;
+    protected boolean isExcludeContent = false;
+    protected boolean isResume = false;
+    protected boolean useWorkflow = false;
+    protected boolean useWorkflowSendEmail = false;
+    protected boolean isQuiet = false;
+    protected boolean commandLineCollections = false;
+    protected boolean zip = false;
+    protected boolean remoteUrl = false;
+    protected String zipfilename = null;
+    protected boolean zipvalid = false;
+    protected boolean help = false;
+    protected File workDir = null;
+    protected File workFile = null;
+
+    protected static final CollectionService collectionService =
+            ContentServiceFactory.getInstance().getCollectionService();
+    protected static final EPersonService epersonService =
+            EPersonServiceFactory.getInstance().getEPersonService();
+    protected static final HandleService handleService =
+            HandleServiceFactory.getInstance().getHandleService();
+
+    @Override
+    public ItemImportScriptConfiguration getScriptConfiguration() {
+        return new DSpace().getServiceManager()
+                .getServiceByName("import", ItemImportScriptConfiguration.class);
+    }
+
+    @Override
+    public void setup() throws ParseException {
+        help = commandLine.hasOption('h');
+
+        if (commandLine.hasOption('a')) {
+            command = "add";
+        }
+
+        if (commandLine.hasOption('r')) {
+            command = "replace";
+        }
+
+        if (commandLine.hasOption('d')) {
+            command = "delete";
+        }
+
+        if (commandLine.hasOption('w')) {
+            useWorkflow = true;
+            if (commandLine.hasOption('n')) {
+                useWorkflowSendEmail = true;
+            }
+        }
+
+        if (commandLine.hasOption('v')) {
+            isTest = true;
+            handler.logInfo("**Test Run** - not actually importing items.");
+        }
+
+        isExcludeContent = commandLine.hasOption('x');
+
+        if (commandLine.hasOption('p')) {
+            template = true;
+        }
+
+        if (commandLine.hasOption('c')) { // collections
+            collections = commandLine.getOptionValues('c');
+            commandLineCollections = true;
+        } else {
+            handler.logInfo("No collections given. Assuming 'collections' file inside item directory");
+        }
+
+        if (commandLine.hasOption('R')) {
+            isResume = true;
+            handler.logInfo("**Resume import** - attempting to import items not already imported");
+        }
+
+        if (commandLine.hasOption('q')) {
+            isQuiet = true;
+        }
+
+        setZip();
+    }
+
+    @Override
+    public void internalRun() throws Exception {
+        if (help) {
+            printHelp();
+            return;
+        }
+
+        Date startTime = new Date();
+        Context context = new Context(Context.Mode.BATCH_EDIT);
+
+        setMapFile();
+
+        validate(context);
+
+        setEPerson(context);
+
+        // check collection
+        List<Collection> mycollections = null;
+        // don't need to validate collections set if command is "delete"
+        // also if no collections are given in the command line
+        if (!"delete".equals(command) && commandLineCollections) {
+            handler.logInfo("Destination collections:");
+
+            mycollections = new ArrayList<>();
+
+            // validate each collection arg to see if it's a real collection
+            for (int i = 0; i < collections.length; i++) {
+                Collection collection = null;
+                if (collections[i] != null) {
+                    // is the ID a handle?
+                    if (collections[i].indexOf('/') != -1) {
+                        // string has a / so it must be a handle - try and resolve
+                        // it
+                        collection = ((Collection) handleService
+                            .resolveToObject(context, collections[i]));
+                    } else {
+                        // not a handle, try and treat it as an integer collection database ID
+                        collection = collectionService.find(context, UUID.fromString(collections[i]));
+                    }
+                }
+
+                // was the collection valid?
+                if (collection == null
+                        || collection.getType() != Constants.COLLECTION) {
+                    throw new IllegalArgumentException("Cannot resolve "
+                            + collections[i] + " to collection");
+                }
+
+                // add resolved collection to list
+                mycollections.add(collection);
+
+                // print progress info
+                handler.logInfo((i == 0 ? "Owning " : "") + "Collection: " + collection.getName());
+            }
+        }
+        // end validation
+
+        // start
+        ItemImportService itemImportService = ItemImportServiceFactory.getInstance()
+                .getItemImportService();
+        try {
+            itemImportService.setTest(isTest);
+            itemImportService.setExcludeContent(isExcludeContent);
+            itemImportService.setResume(isResume);
+            itemImportService.setUseWorkflow(useWorkflow);
+            itemImportService.setUseWorkflowSendEmail(useWorkflowSendEmail);
+            itemImportService.setQuiet(isQuiet);
+            itemImportService.setHandler(handler);
+
+            try {
+                context.turnOffAuthorisationSystem();
+
+                readZip(context, itemImportService);
+
+                process(context, itemImportService, mycollections);
+
+                // complete all transactions
+                context.complete();
+            } catch (Exception e) {
+                context.abort();
+                throw new Exception(
+                    "Error committing changes to database: " + e.getMessage() + ", aborting most recent changes", e);
+            }
+
+            if (isTest) {
+                handler.logInfo("***End of Test Run***");
+            }
+        } finally {
+            if (zip) {
+                // if zip file was valid then clean sourcedir
+                if (zipvalid && sourcedir != null && new File(sourcedir).exists()) {
+                    FileUtils.deleteDirectory(new File(sourcedir));
+                }
+
+                // clean workdir
+                if (workDir != null && workDir.exists()) {
+                    FileUtils.deleteDirectory(workDir);
+                }
+
+                // conditionally clean workFile if import was done in the UI or via a URL and it still exists
+                if (workFile != null && workFile.exists()) {
+                    workFile.delete();
+                }
+            }
+
+            Date endTime = new Date();
+            handler.logInfo("Started: " + startTime.getTime());
+            handler.logInfo("Ended: " + endTime.getTime());
+            handler.logInfo(
+                "Elapsed time: " + ((endTime.getTime() - startTime.getTime()) / 1000) + " secs (" + (endTime
+                    .getTime() - startTime.getTime()) + " msecs)");
+        }
+    }
+
+    /**
+     * Validate the options
+     * @param context
+     */
+    protected void validate(Context context) {
+        // check zip type: uploaded file or remote url
+        if (commandLine.hasOption('z')) {
+            zipfilename = commandLine.getOptionValue('z');
+        } else if (commandLine.hasOption('u')) {
+            remoteUrl = true;
+            zipfilename = commandLine.getOptionValue('u');
+        }
+        if (StringUtils.isBlank(zipfilename)) {
+            throw new UnsupportedOperationException("Must run with either name of zip file or url of zip file");
+        }
+
+        if (command == null) {
+            handler.logError("Must run with either add, replace, or remove (run with -h flag for details)");
+            throw new UnsupportedOperationException("Must run with either add, replace, or remove");
+        }
+
+        // can only resume for adds
+        if (isResume && !"add".equals(command)) {
+            handler.logError("Resume option only works with the --add command (run with -h flag for details)");
+            throw new UnsupportedOperationException("Resume option only works with the --add command");
+        }
+
+        if (isResume && StringUtils.isBlank(mapfile)) {
+            handler.logError("The mapfile does not exist. ");
+            throw new UnsupportedOperationException("The mapfile does not exist");
+        }
+    }
+
+    /**
+     * Process the import
+     * @param context
+     * @param itemImportService
+     * @param collections
+     * @throws Exception
+     */
+    protected void process(Context context, ItemImportService itemImportService,
+            List<Collection> collections) throws Exception {
+        readMapfile(context);
+
+        if ("add".equals(command)) {
+            itemImportService.addItems(context, collections, sourcedir, mapfile, template);
+        } else if ("replace".equals(command)) {
+            itemImportService.replaceItems(context, collections, sourcedir, mapfile, template);
+        } else if ("delete".equals(command)) {
+            itemImportService.deleteItems(context, mapfile);
+        }
+
+        // write input stream on handler
+        File mapFile = new File(mapfile);
+        try (InputStream mapfileInputStream = new FileInputStream(mapFile)) {
+            handler.writeFilestream(context, MAPFILE_FILENAME, mapfileInputStream, MAPFILE_BITSTREAM_TYPE);
+        } finally {
+            mapFile.delete();
+        }
+    }
+
+    /**
+     * Read the ZIP archive in SAF format
+     * @param context
+     * @param itemImportService
+     * @throws Exception
+     */
+    protected void readZip(Context context, ItemImportService itemImportService) throws Exception {
+        Optional<InputStream> optionalFileStream = Optional.empty();
+        Optional<InputStream> validationFileStream = Optional.empty();
+        try {
+            if (!remoteUrl) {
+                // manage zip via upload
+                optionalFileStream = handler.getFileStream(context, zipfilename);
+                validationFileStream = handler.getFileStream(context, zipfilename);
+            } else {
+                // manage zip via remote url
+                optionalFileStream = Optional.ofNullable(new URL(zipfilename).openStream());
+                validationFileStream = Optional.ofNullable(new URL(zipfilename).openStream());
+            }
+
+            if (validationFileStream.isPresent()) {
+                // validate zip file
+                if (validationFileStream.isPresent()) {
+                    validateZip(validationFileStream.get());
+                }
+
+                workFile = new File(itemImportService.getTempWorkDir() + File.separator
+                        + zipfilename + "-" + context.getCurrentUser().getID());
+                FileUtils.copyInputStreamToFile(optionalFileStream.get(), workFile);
+            } else {
+                throw new IllegalArgumentException(
+                        "Error reading file, the file couldn't be found for filename: " + zipfilename);
+            }
+
+            workDir = new File(itemImportService.getTempWorkDir() + File.separator + TEMP_DIR
+                    + File.separator + context.getCurrentUser().getID());
+            sourcedir = itemImportService.unzip(workFile, workDir.getAbsolutePath());
+        } finally {
+            optionalFileStream.ifPresent(IOUtils::closeQuietly);
+            validationFileStream.ifPresent(IOUtils::closeQuietly);
+        }
+    }
+
+    /**
+     * Confirm that the zip file has the correct MIME type
+     * @param inputStream
+     */
+    protected void validateZip(InputStream inputStream) {
+        Tika tika = new Tika();
+        try {
+            String mimeType = tika.detect(inputStream);
+            if (mimeType.equals("application/zip")) {
+                zipvalid = true;
+            } else {
+                handler.logError("A valid zip file must be supplied. The provided file has mimetype: " + mimeType);
+                throw new UnsupportedOperationException("A valid zip file must be supplied");
+            }
+        } catch (IOException e) {
+            throw new IllegalArgumentException(
+                "There was an error while reading the zip file: " + zipfilename);
+        }
+    }
+
+    /**
+     * Read the mapfile
+     * @param context
+     */
+    protected void readMapfile(Context context) {
+        if (isResume) {
+            try {
+                Optional<InputStream> optionalFileStream = handler.getFileStream(context, mapfile);
+                if (optionalFileStream.isPresent()) {
+                    File tempFile = File.createTempFile(mapfile, "temp");
+                    tempFile.deleteOnExit();
+                    FileUtils.copyInputStreamToFile(optionalFileStream.get(), tempFile);
+                    mapfile = tempFile.getAbsolutePath();
+                }
+            } catch (IOException | AuthorizeException e) {
+                throw new UnsupportedOperationException("The mapfile does not exist");
+            }
+        }
+    }
+
+    /**
+     * Set the mapfile option
+     * @throws IOException
+     */
+    protected void setMapFile() throws IOException {
+        if (isResume && commandLine.hasOption('m')) {
+            mapfile = commandLine.getOptionValue('m');
+        } else {
+            mapfile = Files.createTempFile(MAPFILE_FILENAME, "temp").toString();
+        }
+    }
+
+    /**
+     * Set the zip option
+     */
+    protected void setZip() {
+        zip = true;
+    }
+
+    /**
+     * Set the eperson in the context
+     * @param context
+     * @throws SQLException
+     */
+    protected void setEPerson(Context context) throws SQLException {
+        EPerson myEPerson = epersonService.find(context, this.getEpersonIdentifier());
+
+        // check eperson
+        if (myEPerson == null) {
+            handler.logError("EPerson cannot be found: " + this.getEpersonIdentifier());
+            throw new UnsupportedOperationException("EPerson cannot be found: " + this.getEpersonIdentifier());
+        }
+
+        context.setCurrentUser(myEPerson);
+    }
+}

dspace-api/src/main/java/org/dspace/app/itemimport/ItemImportCLI.java

@@ -0,0 +1,198 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.itemimport;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.net.URL;
+import java.sql.SQLException;
+import java.util.List;
+import java.util.Optional;
+import java.util.UUID;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.dspace.app.itemimport.service.ItemImportService;
+import org.dspace.content.Collection;
+import org.dspace.core.Context;
+import org.dspace.eperson.EPerson;
+
+/**
+ * CLI variant for the {@link ItemImport} class.
+ * This was done to specify the specific behaviors for the CLI.
+ *
+ * @author Francesco Pio Scognamiglio (francescopio.scognamiglio at 4science.com)
+ */
+public class ItemImportCLI extends ItemImport {
+
+    @Override
+    protected void validate(Context context) {
+        // can only resume for adds
+        if (isResume && !"add".equals(command)) {
+            handler.logError("Resume option only works with the --add command (run with -h flag for details)");
+            throw new UnsupportedOperationException("Resume option only works with the --add command");
+        }
+
+        if (commandLine.hasOption('e')) {
+            eperson = commandLine.getOptionValue('e');
+        }
+
+        // check eperson identifier (email or id)
+        if (eperson == null) {
+            handler.logError("An eperson to do the importing must be specified (run with -h flag for details)");
+            throw new UnsupportedOperationException("An eperson to do the importing must be specified");
+        }
+
+        File myFile = null;
+        try {
+            myFile = new File(mapfile);
+        } catch (Exception e) {
+            throw new UnsupportedOperationException("The mapfile " + mapfile + " does not exist");
+        }
+
+        if (!isResume && "add".equals(command) && myFile.exists()) {
+            handler.logError("The mapfile " + mapfile + " already exists. "
+                    + "Either delete it or use --resume if attempting to resume an aborted import. "
+                    + "(run with -h flag for details)");
+            throw new UnsupportedOperationException("The mapfile " + mapfile + " already exists");
+        }
+
+        if (command == null) {
+            handler.logError("Must run with either add, replace, or remove (run with -h flag for details)");
+            throw new UnsupportedOperationException("Must run with either add, replace, or remove");
+        } else if ("add".equals(command) || "replace".equals(command)) {
+            if (!remoteUrl && sourcedir == null) {
+                handler.logError("A source directory containing items must be set (run with -h flag for details)");
+                throw new UnsupportedOperationException("A source directory containing items must be set");
+            }
+
+            if (mapfile == null) {
+                handler.logError(
+                        "A map file to hold importing results must be specified (run with -h flag for details)");
+                throw new UnsupportedOperationException("A map file to hold importing results must be specified");
+            }
+        } else if ("delete".equals(command)) {
+            if (mapfile == null) {
+                handler.logError("A map file must be specified (run with -h flag for details)");
+                throw new UnsupportedOperationException("A map file must be specified");
+            }
+        }
+    }
+
+    @Override
+    protected void process(Context context, ItemImportService itemImportService,
+            List<Collection> collections) throws Exception {
+        if ("add".equals(command)) {
+            itemImportService.addItems(context, collections, sourcedir, mapfile, template);
+        } else if ("replace".equals(command)) {
+            itemImportService.replaceItems(context, collections, sourcedir, mapfile, template);
+        } else if ("delete".equals(command)) {
+            itemImportService.deleteItems(context, mapfile);
+        }
+    }
+
+    @Override
+    protected void readZip(Context context, ItemImportService itemImportService) throws Exception {
+        // If this is a zip archive, unzip it first
+        if (zip) {
+            if (!remoteUrl) {
+                // confirm zip file exists
+                File myZipFile = new File(sourcedir + File.separator + zipfilename);
+                if ((!myZipFile.exists()) || (!myZipFile.isFile())) {
+                    throw new IllegalArgumentException(
+                        "Error reading file, the file couldn't be found for filename: " + zipfilename);
+                }
+
+                // validate zip file
+                InputStream validationFileStream = new FileInputStream(myZipFile);
+                try {
+                    validateZip(validationFileStream);
+                } finally {
+                    IOUtils.closeQuietly(validationFileStream);
+                }
+
+                workDir = new File(itemImportService.getTempWorkDir() + File.separator + TEMP_DIR
+                        + File.separator + context.getCurrentUser().getID());
+                sourcedir = itemImportService.unzip(
+                        new File(sourcedir + File.separator + zipfilename), workDir.getAbsolutePath());
+            } else {
+                // manage zip via remote url
+                Optional<InputStream> optionalFileStream = Optional.ofNullable(new URL(zipfilename).openStream());
+                Optional<InputStream> validationFileStream = Optional.ofNullable(new URL(zipfilename).openStream());
+                try {
+                    if (optionalFileStream.isPresent()) {
+                        // validate zip file via url
+
+                        if (validationFileStream.isPresent()) {
+                            validateZip(validationFileStream.get());
+                        }
+
+                        workFile = new File(itemImportService.getTempWorkDir() + File.separator
+                                + zipfilename + "-" + context.getCurrentUser().getID());
+                        FileUtils.copyInputStreamToFile(optionalFileStream.get(), workFile);
+                        workDir = new File(itemImportService.getTempWorkDir() + File.separator + TEMP_DIR
+                                + File.separator + context.getCurrentUser().getID());
+                        sourcedir = itemImportService.unzip(workFile, workDir.getAbsolutePath());
+                    } else {
+                        throw new IllegalArgumentException(
+                                "Error reading file, the file couldn't be found for filename: " + zipfilename);
+                    }
+                } finally {
+                    optionalFileStream.ifPresent(IOUtils::closeQuietly);
+                    validationFileStream.ifPresent(IOUtils::closeQuietly);
+                }
+            }
+        }
+    }
+
+    @Override
+    protected void setMapFile() {
+        if (commandLine.hasOption('m')) {
+            mapfile = commandLine.getOptionValue('m');
+        }
+    }
+
+    @Override
+    protected void setZip() {
+        if (commandLine.hasOption('s')) { // source
+            sourcedir = commandLine.getOptionValue('s');
+        }
+
+        if (commandLine.hasOption('z')) {
+            zip = true;
+            zipfilename = commandLine.getOptionValue('z');
+        }
+
+        if (commandLine.hasOption('u')) { // remote url
+            zip = true;
+            remoteUrl = true;
+            zipfilename = commandLine.getOptionValue('u');
+        }
+    }
+
+    @Override
+    protected void setEPerson(Context context) throws SQLException {
+        EPerson myEPerson = null;
+        if (StringUtils.contains(eperson, '@')) {
+            // @ sign, must be an email
+            myEPerson = epersonService.findByEmail(context, eperson);
+        } else {
+            myEPerson = epersonService.find(context, UUID.fromString(eperson));
+        }
+
+        // check eperson
+        if (myEPerson == null) {
+            handler.logError("EPerson cannot be found: " + eperson + " (run with -h flag for details)");
+            throw new UnsupportedOperationException("EPerson cannot be found: " + eperson);
+        }
+
+        context.setCurrentUser(myEPerson);
+    }
+}

dspace-api/src/main/java/org/dspace/app/itemimport/ItemImportCLIScriptConfiguration.java

@@ -0,0 +1,80 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.itemimport;
+
+import org.apache.commons.cli.Option;
+import org.apache.commons.cli.Options;
+import org.dspace.scripts.configuration.ScriptConfiguration;
+
+/**
+ * The {@link ScriptConfiguration} for the {@link ItemImportCLI} script
+ *
+ * @author Francesco Pio Scognamiglio (francescopio.scognamiglio at 4science.com)
+ */
+public class ItemImportCLIScriptConfiguration extends ItemImportScriptConfiguration<ItemImportCLI> {
+
+    @Override
+    public Options getOptions() {
+        Options options = new Options();
+
+        options.addOption(Option.builder("a").longOpt("add")
+                .desc("add items to DSpace")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("r").longOpt("replace")
+                .desc("replace items in mapfile")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("d").longOpt("delete")
+                .desc("delete items listed in mapfile")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("s").longOpt("source")
+                .desc("source of items (directory)")
+                .hasArg().required(false).build());
+        options.addOption(Option.builder("z").longOpt("zip")
+                .desc("name of zip file")
+                .hasArg().required(false).build());
+        options.addOption(Option.builder("u").longOpt("url")
+                .desc("url of zip file")
+                .hasArg().build());
+        options.addOption(Option.builder("c").longOpt("collection")
+                .desc("destination collection(s) Handle or database ID")
+                .hasArg().required(false).build());
+        options.addOption(Option.builder("m").longOpt("mapfile")
+                .desc("mapfile items in mapfile")
+                .hasArg().required().build());
+        options.addOption(Option.builder("e").longOpt("eperson")
+                .desc("email of eperson doing importing")
+                .hasArg().required().build());
+        options.addOption(Option.builder("w").longOpt("workflow")
+                .desc("send submission through collection's workflow")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("n").longOpt("notify")
+                .desc("if sending submissions through the workflow, send notification emails")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("v").longOpt("validate")
+                .desc("test run - do not actually import items")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("x").longOpt("exclude-bitstreams")
+                .desc("do not load or expect content bitstreams")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("p").longOpt("template")
+                .desc("apply template")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("R").longOpt("resume")
+                .desc("resume a failed import (add only)")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("q").longOpt("quiet")
+                .desc("don't display metadata")
+                .hasArg(false).required(false).build());
+
+        options.addOption(Option.builder("h").longOpt("help")
+                .desc("help")
+                .hasArg(false).required(false).build());
+
+        return options;
+    }
+}

dspace-api/src/main/java/org/dspace/app/itemimport/ItemImportCLITool.java

@@ -1,395 +0,0 @@
-/**
- * The contents of this file are subject to the license and copyright
- * detailed in the LICENSE and NOTICE files at the root of the source
- * tree and available online at
- *
- * http://www.dspace.org/license/
- */
-package org.dspace.app.itemimport;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.UUID;
-
-import org.apache.commons.cli.CommandLine;
-import org.apache.commons.cli.CommandLineParser;
-import org.apache.commons.cli.DefaultParser;
-import org.apache.commons.cli.HelpFormatter;
-import org.apache.commons.cli.Options;
-import org.dspace.app.itemimport.factory.ItemImportServiceFactory;
-import org.dspace.app.itemimport.service.ItemImportService;
-import org.dspace.content.Collection;
-import org.dspace.content.factory.ContentServiceFactory;
-import org.dspace.content.service.CollectionService;
-import org.dspace.core.Constants;
-import org.dspace.core.Context;
-import org.dspace.eperson.EPerson;
-import org.dspace.eperson.factory.EPersonServiceFactory;
-import org.dspace.eperson.service.EPersonService;
-import org.dspace.handle.factory.HandleServiceFactory;
-import org.dspace.handle.service.HandleService;
-
-/**
- * Import items into DSpace. The conventional use is upload files by copying
- * them. DSpace writes the item's bitstreams into its assetstore. Metadata is
- * also loaded to the DSpace database.
- * <P>
- * A second use assumes the bitstream files already exist in a storage
- * resource accessible to DSpace. In this case the bitstreams are 'registered'.
- * That is, the metadata is loaded to the DSpace database and DSpace is given
- * the location of the file which is subsumed into DSpace.
- * <P>
- * The distinction is controlled by the format of lines in the 'contents' file.
- * See comments in processContentsFile() below.
- * <P>
- * Modified by David Little, UCSD Libraries 12/21/04 to
- * allow the registration of files (bitstreams) into DSpace.
- */
-public class ItemImportCLITool {
-
-    private static boolean template = false;
-
-    private static final CollectionService collectionService = ContentServiceFactory.getInstance()
-                                                                                    .getCollectionService();
-    private static final EPersonService epersonService = EPersonServiceFactory.getInstance().getEPersonService();
-    private static final HandleService handleService = HandleServiceFactory.getInstance().getHandleService();
-
-    /**
-     * Default constructor
-     */
-    private ItemImportCLITool() { }
-
-    public static void main(String[] argv) throws Exception {
-        Date startTime = new Date();
-        int status = 0;
-
-        try {
-            // create an options object and populate it
-            CommandLineParser parser = new DefaultParser();
-
-            Options options = new Options();
-
-            options.addOption("a", "add", false, "add items to DSpace");
-            options.addOption("r", "replace", false, "replace items in mapfile");
-            options.addOption("d", "delete", false,
-                              "delete items listed in mapfile");
-            options.addOption("s", "source", true, "source of items (directory)");
-            options.addOption("z", "zip", true, "name of zip file");
-            options.addOption("c", "collection", true,
-                              "destination collection(s) Handle or database ID");
-            options.addOption("m", "mapfile", true, "mapfile items in mapfile");
-            options.addOption("e", "eperson", true,
-                              "email of eperson doing importing");
-            options.addOption("w", "workflow", false,
-                              "send submission through collection's workflow");
-            options.addOption("n", "notify", false,
-                              "if sending submissions through the workflow, send notification emails");
-            options.addOption("t", "test", false,
-                              "test run - do not actually import items");
-            options.addOption("p", "template", false, "apply template");
-            options.addOption("R", "resume", false,
-                              "resume a failed import (add only)");
-            options.addOption("q", "quiet", false, "don't display metadata");
-
-            options.addOption("h", "help", false, "help");
-
-            CommandLine line = parser.parse(options, argv);
-
-            String command = null; // add replace remove, etc
-            String sourcedir = null;
-            String mapfile = null;
-            String eperson = null; // db ID or email
-            String[] collections = null; // db ID or handles
-            boolean isTest = false;
-            boolean isResume = false;
-            boolean useWorkflow = false;
-            boolean useWorkflowSendEmail = false;
-            boolean isQuiet = false;
-
-            if (line.hasOption('h')) {
-                HelpFormatter myhelp = new HelpFormatter();
-                myhelp.printHelp("ItemImport\n", options);
-                System.out
-                    .println("\nadding items:    ItemImport -a -e eperson -c collection -s sourcedir -m mapfile");
-                System.out
-                    .println(
-                        "\nadding items from zip file:    ItemImport -a -e eperson -c collection -s sourcedir -z " +
-                            "filename.zip -m mapfile");
-                System.out
-                    .println("replacing items: ItemImport -r -e eperson -c collection -s sourcedir -m mapfile");
-                System.out
-                    .println("deleting items:  ItemImport -d -e eperson -m mapfile");
-                System.out
-                    .println(
-                        "If multiple collections are specified, the first collection will be the one that owns the " +
-                            "item.");
-
-                System.exit(0);
-            }
-
-            if (line.hasOption('a')) {
-                command = "add";
-            }
-
-            if (line.hasOption('r')) {
-                command = "replace";
-            }
-
-            if (line.hasOption('d')) {
-                command = "delete";
-            }
-
-            if (line.hasOption('w')) {
-                useWorkflow = true;
-                if (line.hasOption('n')) {
-                    useWorkflowSendEmail = true;
-                }
-            }
-
-            if (line.hasOption('t')) {
-                isTest = true;
-                System.out.println("**Test Run** - not actually importing items.");
-            }
-
-            if (line.hasOption('p')) {
-                template = true;
-            }
-
-            if (line.hasOption('s')) { // source
-                sourcedir = line.getOptionValue('s');
-            }
-
-            if (line.hasOption('m')) { // mapfile
-                mapfile = line.getOptionValue('m');
-            }
-
-            if (line.hasOption('e')) { // eperson
-                eperson = line.getOptionValue('e');
-            }
-
-            if (line.hasOption('c')) { // collections
-                collections = line.getOptionValues('c');
-            }
-
-            if (line.hasOption('R')) {
-                isResume = true;
-                System.out
-                    .println("**Resume import** - attempting to import items not already imported");
-            }
-
-            if (line.hasOption('q')) {
-                isQuiet = true;
-            }
-
-            boolean zip = false;
-            String zipfilename = "";
-            if (line.hasOption('z')) {
-                zip = true;
-                zipfilename = line.getOptionValue('z');
-            }
-
-            //By default assume collections will be given on the command line
-            boolean commandLineCollections = true;
-            // now validate
-            // must have a command set
-            if (command == null) {
-                System.out
-                    .println("Error - must run with either add, replace, or remove (run with -h flag for details)");
-                System.exit(1);
-            } else if ("add".equals(command) || "replace".equals(command)) {
-                if (sourcedir == null) {
-                    System.out
-                        .println("Error - a source directory containing items must be set");
-                    System.out.println(" (run with -h flag for details)");
-                    System.exit(1);
-                }
-
-                if (mapfile == null) {
-                    System.out
-                        .println("Error - a map file to hold importing results must be specified");
-                    System.out.println(" (run with -h flag for details)");
-                    System.exit(1);
-                }
-
-                if (eperson == null) {
-                    System.out
-                        .println("Error - an eperson to do the importing must be specified");
-                    System.out.println(" (run with -h flag for details)");
-                    System.exit(1);
-                }
-
-                if (collections == null) {
-                    System.out.println("No collections given. Assuming 'collections' file inside item directory");
-                    commandLineCollections = false;
-                }
-            } else if ("delete".equals(command)) {
-                if (eperson == null) {
-                    System.out
-                        .println("Error - an eperson to do the importing must be specified");
-                    System.exit(1);
-                }
-
-                if (mapfile == null) {
-                    System.out.println("Error - a map file must be specified");
-                    System.exit(1);
-                }
-            }
-
-            // can only resume for adds
-            if (isResume && !"add".equals(command)) {
-                System.out
-                    .println("Error - resume option only works with the --add command");
-                System.exit(1);
-            }
-
-            // do checks around mapfile - if mapfile exists and 'add' is selected,
-            // resume must be chosen
-            File myFile = new File(mapfile);
-
-            if (!isResume && "add".equals(command) && myFile.exists()) {
-                System.out.println("Error - the mapfile " + mapfile
-                                       + " already exists.");
-                System.out
-                    .println("Either delete it or use --resume if attempting to resume an aborted import.");
-                System.exit(1);
-            }
-
-            ItemImportService myloader = ItemImportServiceFactory.getInstance().getItemImportService();
-            myloader.setTest(isTest);
-            myloader.setResume(isResume);
-            myloader.setUseWorkflow(useWorkflow);
-            myloader.setUseWorkflowSendEmail(useWorkflowSendEmail);
-            myloader.setQuiet(isQuiet);
-
-            // create a context
-            Context c = new Context(Context.Mode.BATCH_EDIT);
-
-            // find the EPerson, assign to context
-            EPerson myEPerson = null;
-
-            if (eperson.indexOf('@') != -1) {
-                // @ sign, must be an email
-                myEPerson = epersonService.findByEmail(c, eperson);
-            } else {
-                myEPerson = epersonService.find(c, UUID.fromString(eperson));
-            }
-
-            if (myEPerson == null) {
-                System.out.println("Error, eperson cannot be found: " + eperson);
-                System.exit(1);
-            }
-
-            c.setCurrentUser(myEPerson);
-
-            // find collections
-            List<Collection> mycollections = null;
-
-            // don't need to validate collections set if command is "delete"
-            // also if no collections are given in the command line
-            if (!"delete".equals(command) && commandLineCollections) {
-                System.out.println("Destination collections:");
-
-                mycollections = new ArrayList<>();
-
-                // validate each collection arg to see if it's a real collection
-                for (int i = 0; i < collections.length; i++) {
-
-                    Collection resolved = null;
-
-                    if (collections[i] != null) {
-
-                        // is the ID a handle?
-                        if (collections[i].indexOf('/') != -1) {
-                            // string has a / so it must be a handle - try and resolve
-                            // it
-                            resolved = ((Collection) handleService
-                                .resolveToObject(c, collections[i]));
-
-                        } else {
-                            // not a handle, try and treat it as an integer collection database ID
-                            resolved = collectionService.find(c, UUID.fromString(collections[i]));
-
-                        }
-
-                    }
-
-                    // was the collection valid?
-                    if ((resolved == null)
-                            || (resolved.getType() != Constants.COLLECTION)) {
-                        throw new IllegalArgumentException("Cannot resolve "
-                                                               + collections[i] + " to collection");
-                    }
-
-                    // add resolved collection to list
-                    mycollections.add(resolved);
-
-                    // print progress info
-                    String owningPrefix = "";
-
-                    if (i == 0) {
-                        owningPrefix = "Owning ";
-                    }
-
-                    System.out.println(owningPrefix + " Collection: "
-                                           + resolved.getName());
-                }
-            } // end of validating collections
-
-            try {
-                // If this is a zip archive, unzip it first
-                if (zip) {
-                    sourcedir = myloader.unzip(sourcedir, zipfilename);
-                }
-
-
-                c.turnOffAuthorisationSystem();
-
-                if ("add".equals(command)) {
-                    myloader.addItems(c, mycollections, sourcedir, mapfile, template);
-                } else if ("replace".equals(command)) {
-                    myloader.replaceItems(c, mycollections, sourcedir, mapfile, template);
-                } else if ("delete".equals(command)) {
-                    myloader.deleteItems(c, mapfile);
-                }
-
-                // complete all transactions
-                c.complete();
-            } catch (Exception e) {
-                c.abort();
-                e.printStackTrace();
-                System.out.println(e);
-                status = 1;
-            }
-
-            // Delete the unzipped file
-            try {
-                if (zip) {
-                    System.gc();
-                    System.out.println(
-                        "Deleting temporary zip directory: " + myloader.getTempWorkDirFile().getAbsolutePath());
-                    myloader.cleanupZipTemp();
-                }
-            } catch (IOException ex) {
-                System.out.println("Unable to delete temporary zip archive location: " + myloader.getTempWorkDirFile()
-                                                                                                 .getAbsolutePath());
-            }
-
-
-            if (isTest) {
-                System.out.println("***End of Test Run***");
-            }
-        } finally {
-            Date endTime = new Date();
-            System.out.println("Started: " + startTime.getTime());
-            System.out.println("Ended: " + endTime.getTime());
-            System.out.println(
-                "Elapsed time: " + ((endTime.getTime() - startTime.getTime()) / 1000) + " secs (" + (endTime
-                    .getTime() - startTime.getTime()) + " msecs)");
-        }
-
-        System.exit(status);
-    }
-}

dspace-api/src/main/java/org/dspace/app/itemimport/ItemImportScriptConfiguration.java

@@ -0,0 +1,90 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.itemimport;
+
+import java.io.InputStream;
+
+import org.apache.commons.cli.Option;
+import org.apache.commons.cli.Options;
+import org.dspace.scripts.configuration.ScriptConfiguration;
+
+/**
+ * The {@link ScriptConfiguration} for the {@link ItemImport} script
+ *
+ * @author Francesco Pio Scognamiglio (francescopio.scognamiglio at 4science.com)
+ */
+public class ItemImportScriptConfiguration<T extends ItemImport> extends ScriptConfiguration<T> {
+
+    private Class<T> dspaceRunnableClass;
+
+    @Override
+    public Class<T> getDspaceRunnableClass() {
+        return dspaceRunnableClass;
+    }
+
+    @Override
+    public void setDspaceRunnableClass(Class<T> dspaceRunnableClass) {
+        this.dspaceRunnableClass = dspaceRunnableClass;
+    }
+
+    @Override
+    public Options getOptions() {
+        Options options = new Options();
+
+        options.addOption(Option.builder("a").longOpt("add")
+                .desc("add items to DSpace")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("r").longOpt("replace")
+                .desc("replace items in mapfile")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("d").longOpt("delete")
+                .desc("delete items listed in mapfile")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("z").longOpt("zip")
+                .desc("name of zip file")
+                .type(InputStream.class)
+                .hasArg().build());
+        options.addOption(Option.builder("u").longOpt("url")
+                .desc("url of zip file")
+                .hasArg().build());
+        options.addOption(Option.builder("c").longOpt("collection")
+                .desc("destination collection(s) Handle or database ID")
+                .hasArg().required(false).build());
+        options.addOption(Option.builder("m").longOpt("mapfile")
+                .desc("mapfile items in mapfile")
+                .type(InputStream.class)
+                .hasArg().required(false).build());
+        options.addOption(Option.builder("w").longOpt("workflow")
+                .desc("send submission through collection's workflow")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("n").longOpt("notify")
+                .desc("if sending submissions through the workflow, send notification emails")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("v").longOpt("validate")
+                .desc("test run - do not actually import items")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("x").longOpt("exclude-bitstreams")
+                .desc("do not load or expect content bitstreams")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("p").longOpt("template")
+                .desc("apply template")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("R").longOpt("resume")
+                .desc("resume a failed import (add only)")
+                .hasArg(false).required(false).build());
+        options.addOption(Option.builder("q").longOpt("quiet")
+                .desc("don't display metadata")
+                .hasArg(false).required(false).build());
+
+        options.addOption(Option.builder("h").longOpt("help")
+                .desc("help")
+                .hasArg(false).required(false).build());
+
+        return options;
+    }
+}

dspace-api/src/main/java/org/dspace/app/itemimport/service/ItemImportService.java

@@ -16,6 +16,7 @@ import org.dspace.app.itemimport.BatchUpload;
 import org.dspace.content.Collection;
 import org.dspace.core.Context;
 import org.dspace.eperson.EPerson;
+import org.dspace.scripts.handler.DSpaceRunnableHandler;
 
 /**
  * Import items into DSpace. The conventional use is upload files by copying
@@ -210,6 +211,13 @@ public interface ItemImportService {
      */
     public void setTest(boolean isTest);
 
+    /**
+     * Set exclude-content flag.
+     *
+     * @param isExcludeContent true or false
+     */
+    public void setExcludeContent(boolean isExcludeContent);
+
     /**
      * Set resume flag
      *
@@ -235,4 +243,10 @@ public interface ItemImportService {
      * @param isQuiet true or false
      */
     public void setQuiet(boolean isQuiet);
+
+    /**
+     * Set the DSpace Runnable Handler
+     * @param handler
+     */
+    public void setHandler(DSpaceRunnableHandler handler);
 }

dspace-api/src/main/java/org/dspace/app/itemupdate/AddBitstreamsAction.java

@@ -77,7 +77,7 @@ public class AddBitstreamsAction extends UpdateBitstreamsAction {
         ItemUpdate.pr("Contents bitstream count: " + contents.size());
 
         String[] files = dir.list(ItemUpdate.fileFilter);
-        List<String> fileList = new ArrayList<String>();
+        List<String> fileList = new ArrayList<>();
         for (String filename : files) {
             fileList.add(filename);
             ItemUpdate.pr("file: " + filename);
@@ -134,9 +134,6 @@ public class AddBitstreamsAction extends UpdateBitstreamsAction {
         ItemUpdate.pr("contents entry for bitstream: " + ce.toString());
         File f = new File(dir, ce.filename);
 
-        // get an input stream
-        BufferedInputStream bis = new BufferedInputStream(new FileInputStream(f));
-
         Bitstream bs = null;
         String newBundleName = ce.bundlename;
 
@@ -173,7 +170,9 @@ public class AddBitstreamsAction extends UpdateBitstreamsAction {
                 targetBundle = bundles.iterator().next();
             }
 
-            bs = bitstreamService.create(context, targetBundle, bis);
+            try (BufferedInputStream bis = new BufferedInputStream(new FileInputStream(f));) {
+                bs = bitstreamService.create(context, targetBundle, bis);
+            }
             bs.setName(context, ce.filename);
 
             // Identify the format

dspace-api/src/main/java/org/dspace/app/itemupdate/DeleteBitstreamsAction.java

@@ -70,16 +70,19 @@ public class DeleteBitstreamsAction extends UpdateBitstreamsAction {
                                 }
                             }
 
-                            if (alterProvenance) {
+                            if (alterProvenance && !bundles.isEmpty()) {
                                 DtoMetadata dtom = DtoMetadata.create("dc.description.provenance", "en", "");
 
                                 String append = "Bitstream " + bs.getName() + " deleted on " + DCDate
                                     .getCurrent() + "; ";
-                                Item item = bundles.iterator().next().getItems().iterator().next();
-                                ItemUpdate.pr("Append provenance with: " + append);
+                                List<Item> items = bundles.iterator().next().getItems();
+                                if (!items.isEmpty()) {
+                                    Item item = items.iterator().next();
+                                    ItemUpdate.pr("Append provenance with: " + append);
 
-                                if (!isTest) {
-                                    MetadataUtilities.appendMetadata(context, item, dtom, false, append);
+                                    if (!isTest) {
+                                        MetadataUtilities.appendMetadata(context, item, dtom, false, append);
+                                    }
                                 }
                             }
                         }

dspace-api/src/main/java/org/dspace/app/itemupdate/ItemArchive.java

@@ -23,8 +23,6 @@ import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 import java.util.UUID;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerConfigurationException;
@@ -33,6 +31,7 @@ import javax.xml.transform.TransformerFactory;
 
 import org.apache.logging.log4j.Logger;
 import org.dspace.app.util.LocalSchemaFilenameFilter;
+import org.dspace.app.util.XMLUtils;
 import org.dspace.authorize.AuthorizeException;
 import org.dspace.content.DSpaceObject;
 import org.dspace.content.Item;
@@ -52,7 +51,6 @@ public class ItemArchive {
 
     public static final String DUBLIN_CORE_XML = "dublin_core.xml";
 
-    protected static DocumentBuilder builder = null;
     protected Transformer transformer = null;
 
     protected List<DtoMetadata> dtomList = null;
@@ -95,14 +93,14 @@ public class ItemArchive {
         InputStream is = null;
         try {
             is = new FileInputStream(new File(dir, DUBLIN_CORE_XML));
-            itarch.dtomList = MetadataUtilities.loadDublinCore(getDocumentBuilder(), is);
+            itarch.dtomList = MetadataUtilities.loadDublinCore(XMLUtils.getDocumentBuilder(), is);
 
             //The code to search for local schema files was copied from org.dspace.app.itemimport
             // .ItemImportServiceImpl.java
             File file[] = dir.listFiles(new LocalSchemaFilenameFilter());
             for (int i = 0; i < file.length; i++) {
                 is = new FileInputStream(file[i]);
-                itarch.dtomList.addAll(MetadataUtilities.loadDublinCore(getDocumentBuilder(), is));
+                itarch.dtomList.addAll(MetadataUtilities.loadDublinCore(XMLUtils.getDocumentBuilder(), is));
             }
         } finally {
             if (is != null) {
@@ -126,14 +124,6 @@ public class ItemArchive {
         return itarch;
     }
 
-    protected static DocumentBuilder getDocumentBuilder()
-        throws ParserConfigurationException {
-        if (builder == null) {
-            builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
-        }
-        return builder;
-    }
-
     /**
      * Getter for Transformer
      *
@@ -318,7 +308,7 @@ public class ItemArchive {
 
         try {
             out = new FileOutputStream(new File(dir, "dublin_core.xml"));
-            Document doc = MetadataUtilities.writeDublinCore(getDocumentBuilder(), undoDtomList);
+            Document doc = MetadataUtilities.writeDublinCore(XMLUtils.getDocumentBuilder(), undoDtomList);
             MetadataUtilities.writeDocument(doc, getTransformer(), out);
 
             // if undo has delete bitstream

dspace-api/src/main/java/org/dspace/app/itemupdate/ItemUpdate.java

@@ -39,29 +39,34 @@ import org.dspace.handle.factory.HandleServiceFactory;
 import org.dspace.handle.service.HandleService;
 
 /**
- * Provides some batch editing capabilities for items in DSpace:
- * Metadata fields - Add, Delete
- * Bitstreams - Add, Delete
+ * Provides some batch editing capabilities for items in DSpace.
+ * <ul>
+ *   <li>Metadata fields - Add, Delete</li>
+ *   <li>Bitstreams - Add, Delete</li>
+ * </ul>
  *
- * The design has been for compatibility with ItemImporter
+ * <p>
+ * The design has been for compatibility with
+ * {@link org.dspace.app.itemimport.service.ItemImportService}
  * in the use of the DSpace archive format which is used to
  * specify changes on a per item basis.  The directory names
  * to correspond to each item are arbitrary and will only be
  * used for logging purposes.  The reference to the item is
- * from a required dc.identifier with the item handle to be
- * included in the dublin_core.xml (or similar metadata) file.
+ * from a required {@code dc.identifier} with the item handle to be
+ * included in the {@code dublin_core.xml} (or similar metadata) file.
  *
- * Any combination of these actions is permitted in a single run of this class
+ * <p>
+ * Any combination of these actions is permitted in a single run of this class.
  * The order of actions is important when used in combination.
- * It is the responsibility of the calling class (here, ItemUpdate)
- * to register UpdateAction classes in the order to which they are
+ * It is the responsibility of the calling class (here, {@code ItemUpdate})
+ * to register {@link UpdateAction} classes in the order which they are
  * to be performed.
  *
- *
- * It is unfortunate that so much code needs to be borrowed
- * from ItemImport as it is not reusable in private methods, etc.
- * Some of this has been placed into the MetadataUtilities class
- * for possible reuse elsewhere.
+ * <p>
+ * It is unfortunate that so much code needs to be borrowed from
+ * {@link org.dspace.app.itemimport.service.ItemImportService} as it is not
+ * reusable in private methods, etc.  Some of this has been placed into the
+ * {@link MetadataUtilities} class for possible reuse elsewhere.
  *
  * @author W. Hays based on a conceptual design by R. Rodgers
  */
@@ -73,7 +78,7 @@ public class ItemUpdate {
     public static final String DELETE_CONTENTS_FILE = "delete_contents";
 
     public static String HANDLE_PREFIX = null;
-    public static final Map<String, String> filterAliases = new HashMap<String, String>();
+    public static final Map<String, String> filterAliases = new HashMap<>();
 
     public static boolean verbose = false;
 
@@ -375,7 +380,7 @@ public class ItemUpdate {
         // open and process the source directory
         File sourceDir = new File(sourceDirPath);
 
-        if ((sourceDir == null) || !sourceDir.exists() || !sourceDir.isDirectory()) {
+        if (!sourceDir.exists() || !sourceDir.isDirectory()) {
             pr("Error, cannot open archive source directory " + sourceDirPath);
             throw new Exception("error with archive source directory " + sourceDirPath);
         }

dspace-api/src/main/java/org/dspace/app/launcher/ScriptLauncher.java

@@ -19,8 +19,10 @@ import java.util.TreeMap;
 import org.apache.commons.cli.ParseException;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.dspace.app.util.XMLUtils;
 import org.dspace.core.Context;
 import org.dspace.scripts.DSpaceRunnable;
+import org.dspace.scripts.DSpaceRunnable.StepResult;
 import org.dspace.scripts.configuration.ScriptConfiguration;
 import org.dspace.scripts.factory.ScriptServiceFactory;
 import org.dspace.scripts.handler.DSpaceRunnableHandler;
@@ -145,8 +147,13 @@ public class ScriptLauncher {
     private static int executeScript(String[] args, DSpaceRunnableHandler dSpaceRunnableHandler,
                                      DSpaceRunnable script) {
         try {
-            script.initialize(args, dSpaceRunnableHandler, null);
-            script.run();
+            StepResult result = script.initialize(args, dSpaceRunnableHandler, null);
+            // check the StepResult, only run the script if the result is Continue;
+            // otherwise - for example the script is started with the help as argument, nothing is to do
+            if (StepResult.Continue.equals(result)) {
+                // runs the script, the normal initialization is successful
+                script.run();
+            }
             return 0;
         } catch (ParseException e) {
             script.printHelp();
@@ -308,7 +315,7 @@ public class ScriptLauncher {
         String config = kernelImpl.getConfigurationService().getProperty("dspace.dir") +
             System.getProperty("file.separator") + "config" +
             System.getProperty("file.separator") + "launcher.xml";
-        SAXBuilder saxBuilder = new SAXBuilder();
+        SAXBuilder saxBuilder = XMLUtils.getSAXBuilder();
         Document doc = null;
         try {
             doc = saxBuilder.build(config);

dspace-api/src/main/java/org/dspace/app/mediafilter/Brand.java

@@ -21,10 +21,10 @@ import java.awt.image.BufferedImage;
  */
 
 public class Brand {
-    private int brandWidth;
-    private int brandHeight;
-    private Font font;
-    private int xOffset;
+    private final int brandWidth;
+    private final int brandHeight;
+    private final Font font;
+    private final int xOffset;
 
     /**
      * Constructor to set up footer image attributes.
@@ -92,7 +92,7 @@ public class Brand {
      * do the text placements and preparatory work for the brand image generation
      *
      * @param brandImage a BufferedImage object where the image is created
-     * @param identifier and Identifier object describing what text is to be placed in what
+     * @param brandText  an Identifier object describing what text is to be placed in what
      *                   position within the brand
      */
     private void drawImage(BufferedImage brandImage,

dspace-api/src/main/java/org/dspace/app/mediafilter/BrandText.java

@@ -39,7 +39,7 @@ class BrandText {
      * its location within a rectangular area.
      *
      * @param location one of the class location constants e.g. <code>Identifier.BL</code>
-     * @param the      text associated with the location
+     * @param text     text associated with the location
      */
     public BrandText(String location, String text) {
         this.location = location;

dspace-api/src/main/java/org/dspace/app/mediafilter/BrandedPreviewJPEGFilter.java

@@ -7,9 +7,7 @@
  */
 package org.dspace.app.mediafilter;
 
-import java.awt.image.BufferedImage;
 import java.io.InputStream;
-import javax.imageio.ImageIO;
 
 import org.dspace.content.Item;
 import org.dspace.services.ConfigurationService;
@@ -63,27 +61,20 @@ public class BrandedPreviewJPEGFilter extends MediaFilter {
     @Override
     public InputStream getDestinationStream(Item currentItem, InputStream source, boolean verbose)
         throws Exception {
-        // read in bitstream's image
-        BufferedImage buf = ImageIO.read(source);
-
         // get config params
         ConfigurationService configurationService
                 = DSpaceServicesFactory.getInstance().getConfigurationService();
-        float xmax = (float) configurationService
-            .getIntProperty("webui.preview.maxwidth");
-        float ymax = (float) configurationService
-            .getIntProperty("webui.preview.maxheight");
-        boolean blurring = (boolean) configurationService
-            .getBooleanProperty("webui.preview.blurring");
-        boolean hqscaling = (boolean) configurationService
-            .getBooleanProperty("webui.preview.hqscaling");
+        int xmax = configurationService.getIntProperty("webui.preview.maxwidth");
+        int ymax = configurationService.getIntProperty("webui.preview.maxheight");
+        boolean blurring = configurationService.getBooleanProperty("webui.preview.blurring");
+        boolean hqscaling = configurationService.getBooleanProperty("webui.preview.hqscaling");
         int brandHeight = configurationService.getIntProperty("webui.preview.brand.height");
         String brandFont = configurationService.getProperty("webui.preview.brand.font");
         int brandFontPoint = configurationService.getIntProperty("webui.preview.brand.fontpoint");
 
         JPEGFilter jpegFilter = new JPEGFilter();
-        return jpegFilter
-            .getThumbDim(currentItem, buf, verbose, xmax, ymax, blurring, hqscaling, brandHeight, brandFontPoint,
-                         brandFont);
+        return jpegFilter.getThumb(
+                currentItem, source, verbose, xmax, ymax, blurring, hqscaling, brandHeight, brandFontPoint, brandFont
+        );
     }
 }

dspace-api/src/main/java/org/dspace/app/mediafilter/ImageMagickPdfThumbnailFilter.java

@@ -22,7 +22,9 @@ public class ImageMagickPdfThumbnailFilter extends ImageMagickThumbnailFilter {
         File f2 = null;
         File f3 = null;
         try {
-            f2 = getImageFile(f, 0, verbose);
+            // Step 1: get an image from our PDF file, with PDF-specific processing options
+            f2 = getImageFile(f, verbose);
+            // Step 2: use the image above to create the final resized and rotated thumbnail
             f3 = getThumbnailFile(f2, verbose);
             byte[] bytes = Files.readAllBytes(f3.toPath());
             return new ByteArrayInputStream(bytes);

dspace-api/src/main/java/org/dspace/app/mediafilter/ImageMagickThumbnailFilter.java

@@ -14,6 +14,9 @@ import java.io.InputStream;
 import java.util.regex.Pattern;
 import java.util.regex.PatternSyntaxException;
 
+import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.pdmodel.PDPage;
+import org.apache.pdfbox.pdmodel.common.PDRectangle;
 import org.dspace.content.Bitstream;
 import org.dspace.content.Bundle;
 import org.dspace.content.Item;
@@ -113,13 +116,54 @@ public abstract class ImageMagickThumbnailFilter extends MediaFilter {
         return f2;
     }
 
-    public File getImageFile(File f, int page, boolean verbose)
+    /**
+     * Return an image from a bitstream with specific processing options for
+     * PDFs. This is only used by ImageMagickPdfThumbnailFilter in order to
+     * generate an intermediate image file for use with getThumbnailFile.
+     */
+    public File getImageFile(File f, boolean verbose)
         throws IOException, InterruptedException, IM4JavaException {
-        File f2 = new File(f.getParentFile(), f.getName() + ".jpg");
+        // Writing an intermediate file to disk is inefficient, but since we're
+        // doing it anyway, we should use a lossless format. IM's internal MIFF
+        // is lossless like PNG and TIFF, but much faster.
+        File f2 = new File(f.getParentFile(), f.getName() + ".miff");
         f2.deleteOnExit();
         ConvertCmd cmd = new ConvertCmd();
         IMOperation op = new IMOperation();
-        String s = "[" + page + "]";
+
+        // Optionally override ImageMagick's default density of 72 DPI to use a
+        // "supersample" when creating the PDF thumbnail. Note that I prefer to
+        // use the getProperty() method here instead of getIntPropert() because
+        // the latter always returns an integer (0 in the case it's not set). I
+        // would prefer to keep ImageMagick's default to itself rather than for
+        // us to set one. Also note that the density option *must* come before
+        // we open the input file.
+        String density = configurationService.getProperty(PRE + ".density");
+        if (density != null) {
+            op.density(Integer.valueOf(density));
+        }
+
+        // Check the PDF's MediaBox and CropBox to see if they are the same.
+        // If not, then tell ImageMagick to use the CropBox when generating
+        // the thumbnail because the CropBox is generally used to define the
+        // area displayed when a user opens the PDF on a screen, whereas the
+        // MediaBox is used for print. Not all PDFs set these correctly, so
+        // we can use ImageMagick's default behavior unless we see an explit
+        // CropBox. Note: we don't need to do anything special to detect if
+        // the CropBox is missing or empty because pdfbox will set it to the
+        // same size as the MediaBox if it doesn't exist. Also note that we
+        // only need to check the first page, since that's what we use for
+        // generating the thumbnail (PDDocument uses a zero-based index).
+        PDPage pdfPage = PDDocument.load(f).getPage(0);
+        PDRectangle pdfPageMediaBox = pdfPage.getMediaBox();
+        PDRectangle pdfPageCropBox = pdfPage.getCropBox();
+
+        // This option must come *before* we open the input file.
+        if (pdfPageCropBox != pdfPageMediaBox) {
+            op.define("pdf:use-cropbox=true");
+        }
+
+        String s = "[0]";
         op.addImage(f.getAbsolutePath() + s);
         if (configurationService.getBooleanProperty(PRE + ".flatten", true)) {
             op.flatten();
@@ -172,20 +216,20 @@ public abstract class ImageMagickThumbnailFilter extends MediaFilter {
                 if (description != null) {
                     if (replaceRegex.matcher(description).matches()) {
                         if (verbose) {
-                            System.out.format("%s %s matches pattern and is replacable.%n",
-                                    description, nsrc);
+                            System.out.format("%s %s matches pattern and is replaceable.%n",
+                                    description, n);
                         }
                         continue;
                     }
                     if (description.equals(getDescription())) {
                         if (verbose) {
                             System.out.format("%s %s is replaceable.%n",
-                                    getDescription(), nsrc);
+                                    getDescription(), n);
                         }
                         continue;
                     }
                 }
-                System.out.format("Custom Thumbnail exists for %s for item %s.  Thumbnail will not be generated.%n",
+                System.out.format("Custom thumbnail exists for %s for item %s. Thumbnail will not be generated.%n",
                         nsrc, item.getHandle());
                 return false;
             }

dspace-api/src/main/java/org/dspace/app/mediafilter/ImageMagickVideoThumbnailFilter.java

@@ -0,0 +1,76 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.mediafilter;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+
+import org.dspace.content.Item;
+import org.im4java.core.ConvertCmd;
+import org.im4java.core.IM4JavaException;
+import org.im4java.core.IMOperation;
+
+
+/**
+ * Filter video bitstreams, scaling the image to be within the bounds of
+ * thumbnail.maxwidth, thumbnail.maxheight, the size we want our thumbnail to be
+ * no bigger than. Creates only JPEGs.
+ */
+public class ImageMagickVideoThumbnailFilter extends ImageMagickThumbnailFilter {
+    private static final int DEFAULT_WIDTH = 180;
+    private static final int DEFAULT_HEIGHT = 120;
+    private static final int FRAME_NUMBER = 100;
+
+    /**
+     * @param currentItem item
+     * @param source      source input stream
+     * @param verbose     verbose mode
+     * @return InputStream the resulting input stream
+     * @throws Exception if error
+     */
+    @Override
+    public InputStream getDestinationStream(Item currentItem, InputStream source, boolean verbose)
+        throws Exception {
+        File f = inputStreamToTempFile(source, "imthumb", ".tmp");
+        File f2 = null;
+        try {
+            f2 = getThumbnailFile(f, verbose);
+            byte[] bytes = Files.readAllBytes(f2.toPath());
+            return new ByteArrayInputStream(bytes);
+        } finally {
+            //noinspection ResultOfMethodCallIgnored
+            f.delete();
+            if (f2 != null) {
+                //noinspection ResultOfMethodCallIgnored
+                f2.delete();
+            }
+        }
+    }
+
+    @Override
+    public File getThumbnailFile(File f, boolean verbose)
+        throws IOException, InterruptedException, IM4JavaException {
+        File f2 = new File(f.getParentFile(), f.getName() + ".jpg");
+        f2.deleteOnExit();
+        ConvertCmd cmd = new ConvertCmd();
+        IMOperation op = new IMOperation();
+        op.autoOrient();
+        op.addImage("VIDEO:" + f.getAbsolutePath() + "[" + FRAME_NUMBER + "]");
+        op.thumbnail(configurationService.getIntProperty("thumbnail.maxwidth", DEFAULT_WIDTH),
+                        configurationService.getIntProperty("thumbnail.maxheight", DEFAULT_HEIGHT));
+        op.addImage(f2.getAbsolutePath());
+        if (verbose) {
+            System.out.println("IM Thumbnail Param: " + op);
+        }
+        cmd.run(op);
+        return f2;
+    }
+}

dspace-api/src/main/java/org/dspace/app/mediafilter/JPEGFilter.java

@@ -8,19 +8,32 @@
 package org.dspace.app.mediafilter;
 
 import java.awt.Color;
+import java.awt.Dimension;
 import java.awt.Font;
 import java.awt.Graphics2D;
 import java.awt.RenderingHints;
 import java.awt.Transparency;
+import java.awt.geom.AffineTransform;
 import java.awt.image.BufferedImage;
 import java.awt.image.BufferedImageOp;
 import java.awt.image.ConvolveOp;
 import java.awt.image.Kernel;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
 import java.io.InputStream;
 import javax.imageio.ImageIO;
 
+import com.drew.imaging.ImageMetadataReader;
+import com.drew.imaging.ImageProcessingException;
+import com.drew.metadata.Metadata;
+import com.drew.metadata.MetadataException;
+import com.drew.metadata.exif.ExifIFD0Directory;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.dspace.content.Item;
 import org.dspace.services.ConfigurationService;
 import org.dspace.services.factory.DSpaceServicesFactory;
@@ -33,6 +46,8 @@ import org.dspace.services.factory.DSpaceServicesFactory;
  * @author Jason Sherman jsherman@usao.edu
  */
 public class JPEGFilter extends MediaFilter implements SelfRegisterInputFormats {
+    private static final Logger log = LogManager.getLogger(JPEGFilter.class);
+
     @Override
     public String getFilteredName(String oldFilename) {
         return oldFilename + ".jpg";
@@ -62,6 +77,115 @@ public class JPEGFilter extends MediaFilter implements SelfRegisterInputFormats
         return "Generated Thumbnail";
     }
 
+    /**
+     * Gets the rotation angle from image's metadata using ImageReader.
+     * This method consumes the InputStream, so you need to be careful to don't reuse the same InputStream after
+     * computing the rotation angle.
+     *
+     * @param buf InputStream of the image file
+     * @return Rotation angle in degrees (0, 90, 180, or 270)
+     */
+    public static int getImageRotationUsingImageReader(InputStream buf) {
+        try {
+            Metadata metadata = ImageMetadataReader.readMetadata(buf);
+            ExifIFD0Directory directory = metadata.getFirstDirectoryOfType(ExifIFD0Directory.class);
+            if (directory != null && directory.containsTag(ExifIFD0Directory.TAG_ORIENTATION)) {
+                return convertRotationToDegrees(directory.getInt(ExifIFD0Directory.TAG_ORIENTATION));
+            }
+        } catch (MetadataException | ImageProcessingException | IOException e) {
+            log.error("Error reading image metadata", e);
+        }
+        return 0;
+    }
+
+    public static int convertRotationToDegrees(int valueNode) {
+        // Common orientation values:
+        // 1 = Normal (0°)
+        // 6 = Rotated 90° CW
+        // 3 = Rotated 180°
+        // 8 = Rotated 270° CW
+        switch (valueNode) {
+            case 6:
+                return 90;
+            case 3:
+                return 180;
+            case 8:
+                return 270;
+            default:
+                return 0;
+        }
+    }
+
+    /**
+     * Rotates an image by the specified angle
+     *
+     * @param image The original image
+     * @param angle The rotation angle in degrees
+     * @return Rotated image
+     */
+    public static BufferedImage rotateImage(BufferedImage image, int angle) {
+        if (angle == 0) {
+            return image;
+        }
+
+        double radians = Math.toRadians(angle);
+        double sin = Math.abs(Math.sin(radians));
+        double cos = Math.abs(Math.cos(radians));
+
+        int newWidth = (int) Math.round(image.getWidth() * cos + image.getHeight() * sin);
+        int newHeight = (int) Math.round(image.getWidth() * sin + image.getHeight() * cos);
+
+        BufferedImage rotated = new BufferedImage(newWidth, newHeight, image.getType());
+        Graphics2D g2d = rotated.createGraphics();
+        AffineTransform at = new AffineTransform();
+
+        at.translate(newWidth / 2, newHeight / 2);
+        at.rotate(radians);
+        at.translate(-image.getWidth() / 2, -image.getHeight() / 2);
+
+        g2d.setTransform(at);
+        g2d.drawImage(image, 0, 0, null);
+        g2d.dispose();
+
+        return rotated;
+    }
+
+    /**
+     * Calculates scaled dimension while maintaining aspect ratio
+     *
+     * @param imgSize  Original image dimensions
+     * @param boundary Maximum allowed dimensions
+     * @return New dimensions that fit within boundary while preserving aspect ratio
+     */
+    private Dimension getScaledDimension(Dimension imgSize, Dimension boundary) {
+
+        int originalWidth = imgSize.width;
+        int originalHeight = imgSize.height;
+        int boundWidth = boundary.width;
+        int boundHeight = boundary.height;
+        int newWidth = originalWidth;
+        int newHeight = originalHeight;
+
+
+        // First check if we need to scale width
+        if (originalWidth > boundWidth) {
+            // Scale width to fit
+            newWidth = boundWidth;
+            // Scale height to maintain aspect ratio
+            newHeight = (newWidth * originalHeight) / originalWidth;
+        }
+
+        // Then check if we need to scale even with the new height
+        if (newHeight > boundHeight) {
+            // Scale height to fit instead
+            newHeight = boundHeight;
+            newWidth = (newHeight * originalWidth) / originalHeight;
+        }
+
+        return new Dimension(newWidth, newHeight);
+    }
+
+
     /**
      * @param currentItem item
      * @param source      source input stream
@@ -72,10 +196,65 @@ public class JPEGFilter extends MediaFilter implements SelfRegisterInputFormats
     @Override
     public InputStream getDestinationStream(Item currentItem, InputStream source, boolean verbose)
         throws Exception {
-        // read in bitstream's image
-        BufferedImage buf = ImageIO.read(source);
+        return getThumb(currentItem, source, verbose);
+    }
 
-        return getThumb(currentItem, buf, verbose);
+    public InputStream getThumb(Item currentItem, InputStream source, boolean verbose)
+        throws Exception {
+        // get config params
+        final ConfigurationService configurationService
+            = DSpaceServicesFactory.getInstance().getConfigurationService();
+        int xmax = configurationService
+            .getIntProperty("thumbnail.maxwidth");
+        int ymax = configurationService
+            .getIntProperty("thumbnail.maxheight");
+        boolean blurring = (boolean) configurationService
+            .getBooleanProperty("thumbnail.blurring");
+        boolean hqscaling = (boolean) configurationService
+            .getBooleanProperty("thumbnail.hqscaling");
+
+        return getThumb(currentItem, source, verbose, xmax, ymax, blurring, hqscaling, 0, 0, null);
+    }
+
+    protected InputStream getThumb(
+        Item currentItem,
+        InputStream source,
+        boolean verbose,
+        int xmax,
+        int ymax,
+        boolean blurring,
+        boolean hqscaling,
+        int brandHeight,
+        int brandFontPoint,
+        String brandFont
+    ) throws Exception {
+
+        File tempFile = File.createTempFile("temp", ".tmp");
+        tempFile.deleteOnExit();
+
+        // Write to temp file
+        try (FileOutputStream fos = new FileOutputStream(tempFile)) {
+            byte[] buffer = new byte[4096];
+            int len;
+            while ((len = source.read(buffer)) != -1) {
+                fos.write(buffer, 0, len);
+            }
+        }
+
+        int rotation = 0;
+        try (FileInputStream fis = new FileInputStream(tempFile)) {
+            rotation = getImageRotationUsingImageReader(fis);
+        }
+
+        try (FileInputStream fis = new FileInputStream(tempFile)) {
+            // read in bitstream's image
+            BufferedImage buf = ImageIO.read(fis);
+
+            return getThumbDim(
+                currentItem, buf, verbose, xmax, ymax, blurring, hqscaling, brandHeight, brandFontPoint, rotation,
+                brandFont
+            );
+        }
     }
 
     public InputStream getThumb(Item currentItem, BufferedImage buf, boolean verbose)
@@ -83,25 +262,28 @@ public class JPEGFilter extends MediaFilter implements SelfRegisterInputFormats
         // get config params
         final ConfigurationService configurationService
                 = DSpaceServicesFactory.getInstance().getConfigurationService();
-        float xmax = (float) configurationService
+        int xmax = configurationService
             .getIntProperty("thumbnail.maxwidth");
-        float ymax = (float) configurationService
+        int ymax = configurationService
             .getIntProperty("thumbnail.maxheight");
         boolean blurring = (boolean) configurationService
             .getBooleanProperty("thumbnail.blurring");
         boolean hqscaling = (boolean) configurationService
             .getBooleanProperty("thumbnail.hqscaling");
 
-        return getThumbDim(currentItem, buf, verbose, xmax, ymax, blurring, hqscaling, 0, 0, null);
+        return getThumbDim(currentItem, buf, verbose, xmax, ymax, blurring, hqscaling, 0, 0, 0, null);
     }
 
-    public InputStream getThumbDim(Item currentItem, BufferedImage buf, boolean verbose, float xmax, float ymax,
+    public InputStream getThumbDim(Item currentItem, BufferedImage buf, boolean verbose, int xmax, int ymax,
                                    boolean blurring, boolean hqscaling, int brandHeight, int brandFontPoint,
-                                   String brandFont)
+                                   int rotation, String brandFont)
         throws Exception {
-        // now get the image dimensions
-        float xsize = (float) buf.getWidth(null);
-        float ysize = (float) buf.getHeight(null);
+
+        // Rotate the image if needed
+        BufferedImage correctedImage = rotateImage(buf, rotation);
+
+        int xsize = correctedImage.getWidth();
+        int ysize = correctedImage.getHeight();
 
         // if verbose flag is set, print out dimensions
         // to STDOUT
@@ -109,86 +291,63 @@ public class JPEGFilter extends MediaFilter implements SelfRegisterInputFormats
             System.out.println("original size: " + xsize + "," + ysize);
         }
 
-        // scale by x first if needed
-        if (xsize > xmax) {
-            // calculate scaling factor so that xsize * scale = new size (max)
-            float scale_factor = xmax / xsize;
+        // Calculate new dimensions while maintaining aspect ratio
+        Dimension newDimension = getScaledDimension(
+            new Dimension(xsize, ysize),
+            new Dimension(xmax, ymax)
+        );
 
-            // if verbose flag is set, print out extracted text
-            // to STDOUT
-            if (verbose) {
-                System.out.println("x scale factor: " + scale_factor);
-            }
-
-            // now reduce x size
-            // and y size
-            xsize = xsize * scale_factor;
-            ysize = ysize * scale_factor;
-
-            // if verbose flag is set, print out extracted text
-            // to STDOUT
-            if (verbose) {
-                System.out.println("size after fitting to maximum width: " + xsize + "," + ysize);
-            }
-        }
-
-        // scale by y if needed
-        if (ysize > ymax) {
-            float scale_factor = ymax / ysize;
-
-            // now reduce x size
-            // and y size
-            xsize = xsize * scale_factor;
-            ysize = ysize * scale_factor;
-        }
 
         // if verbose flag is set, print details to STDOUT
         if (verbose) {
-            System.out.println("size after fitting to maximum height: " + xsize + ", "
-                                   + ysize);
+            System.out.println("size after fitting to maximum height: " + newDimension.width + ", "
+                                   + newDimension.height);
         }
 
+        xsize = newDimension.width;
+        ysize = newDimension.height;
+
         // create an image buffer for the thumbnail with the new xsize, ysize
-        BufferedImage thumbnail = new BufferedImage((int) xsize, (int) ysize,
-                                                    BufferedImage.TYPE_INT_RGB);
+        BufferedImage thumbnail = new BufferedImage(xsize, ysize, BufferedImage.TYPE_INT_RGB);
 
         // Use blurring if selected in config.
         // a little blur before scaling does wonders for keeping moire in check.
         if (blurring) {
             // send the buffered image off to get blurred.
-            buf = getBlurredInstance((BufferedImage) buf);
+            correctedImage = getBlurredInstance(correctedImage);
         }
 
         // Use high quality scaling method if selected in config.
         // this has a definite performance penalty.
         if (hqscaling) {
             // send the buffered image off to get an HQ downscale.
-            buf = getScaledInstance((BufferedImage) buf, (int) xsize, (int) ysize,
-                                    (Object) RenderingHints.VALUE_INTERPOLATION_BICUBIC, (boolean) true);
+            correctedImage = getScaledInstance(correctedImage, xsize, ysize,
+                                               RenderingHints.VALUE_INTERPOLATION_BICUBIC, true);
         }
 
         // now render the image into the thumbnail buffer
         Graphics2D g2d = thumbnail.createGraphics();
-        g2d.drawImage(buf, 0, 0, (int) xsize, (int) ysize, null);
+        g2d.drawImage(correctedImage, 0, 0, xsize, ysize, null);
 
         if (brandHeight != 0) {
             ConfigurationService configurationService
                     = DSpaceServicesFactory.getInstance().getConfigurationService();
-            Brand brand = new Brand((int) xsize, brandHeight, new Font(brandFont, Font.PLAIN, brandFontPoint), 5);
+            Brand brand = new Brand(xsize, brandHeight, new Font(brandFont, Font.PLAIN, brandFontPoint), 5);
             BufferedImage brandImage = brand.create(configurationService.getProperty("webui.preview.brand"),
                                                     configurationService.getProperty("webui.preview.brand.abbrev"),
                                                     currentItem == null ? "" : "hdl:" + currentItem.getHandle());
 
-            g2d.drawImage(brandImage, (int) 0, (int) ysize, (int) xsize, (int) 20, null);
+            g2d.drawImage(brandImage, 0, ysize, xsize, 20, null);
         }
 
+
+        ByteArrayInputStream bais;
         // now create an input stream for the thumbnail buffer and return it
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-
-        ImageIO.write(thumbnail, "jpeg", baos);
-
-        // now get the array
-        ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
+        try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
+            ImageIO.write(thumbnail, "jpeg", baos);
+            // now get the array
+            bais = new ByteArrayInputStream(baos.toByteArray());
+        }
 
         return bais; // hope this gets written out before its garbage collected!
     }

dspace-api/src/main/java/org/dspace/app/mediafilter/MediaFilterScriptConfiguration.java

@@ -7,25 +7,16 @@
  */
 package org.dspace.app.mediafilter;
 
-import java.sql.SQLException;
-
 import org.apache.commons.cli.Option;
 import org.apache.commons.cli.Options;
-import org.dspace.authorize.service.AuthorizeService;
-import org.dspace.core.Context;
 import org.dspace.scripts.configuration.ScriptConfiguration;
-import org.springframework.beans.factory.annotation.Autowired;
 
 public class MediaFilterScriptConfiguration<T extends MediaFilterScript> extends ScriptConfiguration<T> {
 
-    @Autowired
-    private AuthorizeService authorizeService;
-
     private Class<T> dspaceRunnableClass;
 
     private static final String MEDIA_FILTER_PLUGINS_KEY = "filter.plugins";
 
-
     @Override
     public Class<T> getDspaceRunnableClass() {
         return dspaceRunnableClass;
@@ -36,23 +27,14 @@ public class MediaFilterScriptConfiguration<T extends MediaFilterScript> extends
         this.dspaceRunnableClass = dspaceRunnableClass;
     }
 
-
-    @Override
-    public boolean isAllowedToExecute(final Context context) {
-        try {
-            return authorizeService.isAdmin(context);
-        } catch (SQLException e) {
-            throw new RuntimeException("SQLException occurred when checking if the current user is an admin", e);
-        }
-    }
-
     @Override
     public Options getOptions() {
         Options options = new Options();
         options.addOption("v", "verbose", false, "print all extracted text and other details to STDOUT");
         options.addOption("q", "quiet", false, "do not print anything except in the event of errors.");
         options.addOption("f", "force", false, "force all bitstreams to be processed");
-        options.addOption("i", "identifier", true, "ONLY process bitstreams belonging to identifier");
+        options.addOption("i", "identifier", true,
+            "ONLY process bitstreams belonging to the provided handle identifier");
         options.addOption("m", "maximum", true, "process no more than maximum items");
         options.addOption("h", "help", false, "help");
 

dspace-api/src/main/java/org/dspace/app/mediafilter/MediaFilterServiceImpl.java

@@ -8,13 +8,18 @@
 package org.dspace.app.mediafilter;
 
 import java.io.InputStream;
+import java.sql.SQLException;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.stream.Collectors;
 
+import org.apache.commons.lang3.StringUtils;
 import org.dspace.app.mediafilter.service.MediaFilterService;
+import org.dspace.authorize.AuthorizeException;
 import org.dspace.authorize.service.AuthorizeService;
 import org.dspace.content.Bitstream;
 import org.dspace.content.BitstreamFormat;
@@ -36,6 +41,7 @@ import org.dspace.eperson.Group;
 import org.dspace.eperson.service.GroupService;
 import org.dspace.scripts.handler.DSpaceRunnableHandler;
 import org.dspace.services.ConfigurationService;
+import org.dspace.util.ThrowableUtils;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
 
@@ -126,12 +132,18 @@ public class MediaFilterServiceImpl implements MediaFilterService, InitializingB
     @Override
     public void applyFiltersCommunity(Context context, Community community)
         throws Exception {   //only apply filters if community not in skip-list
+        // ensure that the community is attached to the current hibernate session
+        // as we are committing after each item (handles, sub-communties and
+        // collections are lazy attributes)
+        community = context.reloadEntity(community);
         if (!inSkipList(community.getHandle())) {
             List<Community> subcommunities = community.getSubcommunities();
             for (Community subcommunity : subcommunities) {
                 applyFiltersCommunity(context, subcommunity);
             }
-
+            // ensure that the community is attached to the current hibernate session
+            // as we are committing after each item
+            community = context.reloadEntity(community);
             List<Collection> collections = community.getCollections();
             for (Collection collection : collections) {
                 applyFiltersCollection(context, collection);
@@ -142,6 +154,9 @@ public class MediaFilterServiceImpl implements MediaFilterService, InitializingB
     @Override
     public void applyFiltersCollection(Context context, Collection collection)
         throws Exception {
+        // ensure that the collection is attached to the current hibernate session
+        // as we are committing after each item (handles are lazy attributes)
+        collection = context.reloadEntity(collection);
         //only apply filters if collection not in skip-list
         if (!inSkipList(collection.getHandle())) {
             Iterator<Item> itemIterator = itemService.findAllByCollection(context, collection);
@@ -165,6 +180,8 @@ public class MediaFilterServiceImpl implements MediaFilterService, InitializingB
             }
             // clear item objects from context cache and internal cache
             c.uncacheEntity(currentItem);
+            // commit after each item to release DB resources
+            c.commit();
             currentItem = null;
         }
     }
@@ -221,23 +238,9 @@ public class MediaFilterServiceImpl implements MediaFilterService, InitializingB
                         filtered = true;
                     }
                 } catch (Exception e) {
-                    String handle = myItem.getHandle();
-                    List<Bundle> bundles = myBitstream.getBundles();
-                    long size = myBitstream.getSizeBytes();
-                    String checksum = myBitstream.getChecksum() + " (" + myBitstream.getChecksumAlgorithm() + ")";
-                    int assetstore = myBitstream.getStoreNumber();
-
                     // Printout helpful information to find the errored bitstream.
-                    StringBuilder sb = new StringBuilder("ERROR filtering, skipping bitstream:\n");
-                    sb.append("\tItem Handle: ").append(handle);
-                    for (Bundle bundle : bundles) {
-                        sb.append("\tBundle Name: ").append(bundle.getName());
-                    }
-                    sb.append("\tFile Size: ").append(size);
-                    sb.append("\tChecksum: ").append(checksum);
-                    sb.append("\tAsset Store: ").append(assetstore);
-                    logError(sb.toString());
-                    logError(e.getMessage(), e);
+                    logError(formatBitstreamDetails(myItem.getHandle(), myBitstream));
+                    logError(ThrowableUtils.formatCauseChain(e));
                 }
             } else if (filterClass instanceof SelfRegisterInputFormats) {
                 // Filter implements self registration, so check to see if it should be applied
@@ -315,25 +318,25 @@ public class MediaFilterServiceImpl implements MediaFilterService, InitializingB
 
         // check if destination bitstream exists
         Bundle existingBundle = null;
-        Bitstream existingBitstream = null;
+        List<Bitstream> existingBitstreams = new ArrayList<>();
         List<Bundle> bundles = itemService.getBundles(item, formatFilter.getBundleName());
 
-        if (bundles.size() > 0) {
-            // only finds the last match (FIXME?)
+        if (!bundles.isEmpty()) {
+            // only finds the last matching bundle and all matching bitstreams in the proper bundle(s)
             for (Bundle bundle : bundles) {
                 List<Bitstream> bitstreams = bundle.getBitstreams();
 
                 for (Bitstream bitstream : bitstreams) {
                     if (bitstream.getName().trim().equals(newName.trim())) {
                         existingBundle = bundle;
-                        existingBitstream = bitstream;
+                        existingBitstreams.add(bitstream);
                     }
                 }
             }
         }
 
         // if exists and overwrite = false, exit
-        if (!overWrite && (existingBitstream != null)) {
+        if (!overWrite && (!existingBitstreams.isEmpty())) {
             if (!isQuiet) {
                 logInfo("SKIPPED: bitstream " + source.getID()
                                        + " (item: " + item.getHandle() + ") because '" + newName + "' already exists");
@@ -366,7 +369,7 @@ public class MediaFilterServiceImpl implements MediaFilterService, InitializingB
             }
 
             Bundle targetBundle; // bundle we're modifying
-            if (bundles.size() < 1) {
+            if (bundles.isEmpty()) {
                 // create new bundle if needed
                 targetBundle = bundleService.create(context, item, formatFilter.getBundleName());
             } else {
@@ -388,29 +391,18 @@ public class MediaFilterServiceImpl implements MediaFilterService, InitializingB
             bitstreamService.update(context, b);
 
             //Set permissions on the derivative bitstream
-            //- First remove any existing policies
-            authorizeService.removeAllPolicies(context, b);
-
-            //- Determine if this is a public-derivative format
-            if (publicFiltersClasses.contains(formatFilter.getClass().getSimpleName())) {
-                //- Set derivative bitstream to be publicly accessible
-                Group anonymous = groupService.findByName(context, Group.ANONYMOUS);
-                authorizeService.addPolicy(context, b, Constants.READ, anonymous);
-            } else {
-                //- Inherit policies from the source bitstream
-                authorizeService.inheritPolicies(context, source, b);
-            }
+            updatePoliciesOfDerivativeBitstream(context, b, formatFilter, source);
 
             //do post-processing of the generated bitstream
             formatFilter.postProcessBitstream(context, item, b);
 
         } catch (OutOfMemoryError oome) {
             logError("!!! OutOfMemoryError !!!");
+            logError(formatBitstreamDetails(item.getHandle(), source));
         }
 
-        // fixme - set date?
         // we are overwriting, so remove old bitstream
-        if (existingBitstream != null) {
+        for (Bitstream existingBitstream : existingBitstreams) {
             bundleService.removeBitstream(context, existingBundle, existingBitstream);
         }
 
@@ -422,6 +414,71 @@ public class MediaFilterServiceImpl implements MediaFilterService, InitializingB
         return true;
     }
 
+    @Override
+    public void updatePoliciesOfDerivativeBitstreams(Context context, Item item, Bitstream source)
+        throws SQLException, AuthorizeException {
+
+        if (filterClasses == null) {
+            return;
+        }
+
+        for (FormatFilter formatFilter : filterClasses) {
+            for (Bitstream bitstream : findDerivativeBitstreams(item, source, formatFilter)) {
+                updatePoliciesOfDerivativeBitstream(context, bitstream, formatFilter, source);
+            }
+        }
+    }
+
+    /**
+     * find derivative bitstreams related to source bitstream
+     *
+     * @param item item containing bitstreams
+     * @param source source bitstream
+     * @param formatFilter formatFilter
+     * @return list of derivative bitstreams from source bitstream
+     * @throws SQLException If something goes wrong in the database
+     */
+    private List<Bitstream> findDerivativeBitstreams(Item item, Bitstream source, FormatFilter formatFilter)
+        throws SQLException {
+
+        String bitstreamName = formatFilter.getFilteredName(source.getName());
+        List<Bundle> bundles = itemService.getBundles(item, formatFilter.getBundleName());
+
+        return bundles.stream()
+                      .flatMap(bundle ->
+                          bundle.getBitstreams().stream())
+                      .filter(bitstream ->
+                          StringUtils.equals(bitstream.getName().trim(), bitstreamName.trim()))
+                      .collect(Collectors.toList());
+    }
+
+    /**
+     * update resource polices of derivative bitstreams.
+     * by remove all resource policies and
+     * set derivative bitstreams to be publicly accessible or
+     * replace derivative bitstreams policies using
+     * the same in the source bitstream.
+     *
+     * @param context the context
+     * @param bitstream derivative bitstream
+     * @param formatFilter formatFilter
+     * @param source the source bitstream
+     * @throws SQLException If something goes wrong in the database
+     * @throws AuthorizeException if authorization error
+     */
+    private void updatePoliciesOfDerivativeBitstream(Context context, Bitstream bitstream, FormatFilter formatFilter,
+                                                     Bitstream source) throws SQLException, AuthorizeException {
+
+        authorizeService.removeAllPolicies(context, bitstream);
+
+        if (publicFiltersClasses.contains(formatFilter.getClass().getSimpleName())) {
+            Group anonymous = groupService.findByName(context, Group.ANONYMOUS);
+            authorizeService.addPolicy(context, bitstream, Constants.READ, anonymous);
+        } else {
+            authorizeService.replaceAllPolicies(context, source, bitstream);
+        }
+    }
+
     @Override
     public Item getCurrentItem() {
         return currentItem;
@@ -439,6 +496,37 @@ public class MediaFilterServiceImpl implements MediaFilterService, InitializingB
         }
     }
 
+    /**
+     * Describe a Bitstream in detail.  Format a single line of text with
+     * information such as Bitstore index, backing file ID, size, checksum,
+     * enclosing Item and Bundles.
+     *
+     * @param itemHandle Handle of the Item by which we found the Bitstream.
+     * @param bitstream the Bitstream to be described.
+     * @return Bitstream details.
+     */
+    private String formatBitstreamDetails(String itemHandle,
+            Bitstream bitstream) {
+        List<Bundle> bundles;
+        try {
+            bundles = bitstream.getBundles();
+        } catch (SQLException ex) {
+            logError("Unexpected error fetching Bundles", ex);
+            bundles = Collections.EMPTY_LIST;
+        }
+        StringBuilder sb = new StringBuilder("ERROR filtering, skipping bitstream:\n");
+        sb.append("\tItem Handle: ").append(itemHandle);
+        for (Bundle bundle : bundles) {
+            sb.append("\tBundle Name: ").append(bundle.getName());
+        }
+        sb.append("\tFile Size: ").append(bitstream.getSizeBytes());
+        sb.append("\tChecksum: ").append(bitstream.getChecksum())
+                .append(" (").append(bitstream.getChecksumAlgorithm()).append(')');
+        sb.append("\tAsset Store: ").append(bitstream.getStoreNumber());
+        sb.append("\tInternal ID: ").append(bitstream.getInternalId());
+        return sb.toString();
+    }
+
     private void logInfo(String message) {
         if (handler != null) {
             handler.logInfo(message);

dspace-api/src/main/java/org/dspace/app/mediafilter/PDFBoxThumbnail.java

@@ -81,6 +81,7 @@ public class PDFBoxThumbnail extends MediaFilter {
 
         // Generate thumbnail derivative and return as IO stream.
         JPEGFilter jpegFilter = new JPEGFilter();
+
         return jpegFilter.getThumb(currentItem, buf, verbose);
     }
 }

dspace-api/src/main/java/org/dspace/app/mediafilter/TikaTextExtractionFilter.java

@@ -18,6 +18,7 @@ import java.nio.charset.StandardCharsets;
 import org.apache.commons.lang.StringUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.apache.poi.util.IOUtils;
 import org.apache.tika.Tika;
 import org.apache.tika.exception.TikaException;
 import org.apache.tika.metadata.Metadata;
@@ -37,6 +38,8 @@ import org.xml.sax.SAXException;
 public class TikaTextExtractionFilter
     extends MediaFilter {
     private final static Logger log = LogManager.getLogger();
+    private static final int DEFAULT_MAX_CHARS = 100_000;
+    private static final int DEFAULT_MAX_ARRAY = 100_000_000;
 
     @Override
     public String getFilteredName(String oldFilename) {
@@ -70,9 +73,12 @@ public class TikaTextExtractionFilter
         }
 
         // Not using temporary file. We'll use Tika's default in-memory parsing.
-        // Get maximum characters to extract. Default is 100,000 chars, which is also Tika's default setting.
         String extractedText;
-        int maxChars = configurationService.getIntProperty("textextractor.max-chars", 100000);
+        // Get maximum characters to extract. Default is 100,000 chars, which is also Tika's default setting.
+        int maxChars = configurationService.getIntProperty("textextractor.max-chars", DEFAULT_MAX_CHARS);
+        // Get maximum size of structure that Tika will try to buffer.
+        int maxArray = configurationService.getIntProperty("textextractor.max-array", DEFAULT_MAX_ARRAY);
+        IOUtils.setByteArrayMaxOverride(maxArray);
         try {
             // Use Tika to extract text from input. Tika will automatically detect the file type.
             Tika tika = new Tika();
@@ -80,13 +86,13 @@ public class TikaTextExtractionFilter
             extractedText = tika.parseToString(source);
         } catch (IOException e) {
             System.err.format("Unable to extract text from bitstream in Item %s%n", currentItem.getID().toString());
-            e.printStackTrace();
+            e.printStackTrace(System.err);
             log.error("Unable to extract text from bitstream in Item {}", currentItem.getID().toString(), e);
             throw e;
         } catch (OutOfMemoryError oe) {
             System.err.format("OutOfMemoryError occurred when extracting text from bitstream in Item %s. " +
                 "You may wish to enable 'textextractor.use-temp-file'.%n", currentItem.getID().toString());
-            oe.printStackTrace();
+            oe.printStackTrace(System.err);
             log.error("OutOfMemoryError occurred when extracting text from bitstream in Item {}. " +
                           "You may wish to enable 'textextractor.use-temp-file'.", currentItem.getID().toString(), oe);
             throw oe;
@@ -138,7 +144,7 @@ public class TikaTextExtractionFilter
                 @Override
                 public void characters(char[] ch, int start, int length) throws SAXException {
                     try {
-                        writer.append(new String(ch), start, length);
+                        writer.append(new String(ch, start, length));
                     } catch (IOException e) {
                         String errorMsg = String.format("Could not append to temporary file at %s " +
                                                             "when performing text extraction",
@@ -156,7 +162,7 @@ public class TikaTextExtractionFilter
                 @Override
                 public void ignorableWhitespace(char[] ch, int start, int length) throws SAXException {
                     try {
-                        writer.append(new String(ch), start, length);
+                        writer.append(new String(ch, start, length));
                     } catch (IOException e) {
                         String errorMsg = String.format("Could not append to temporary file at %s " +
                                                             "when performing text extraction",
@@ -167,6 +173,10 @@ public class TikaTextExtractionFilter
                 }
             });
 
+            ConfigurationService configurationService = DSpaceServicesFactory.getInstance().getConfigurationService();
+            int maxArray = configurationService.getIntProperty("textextractor.max-array", DEFAULT_MAX_ARRAY);
+            IOUtils.setByteArrayMaxOverride(maxArray);
+
             AutoDetectParser parser = new AutoDetectParser();
             Metadata metadata = new Metadata();
             // parse our source InputStream using the above custom handler

dspace-api/src/main/java/org/dspace/app/mediafilter/service/MediaFilterService.java

@@ -7,10 +7,12 @@
  */
 package org.dspace.app.mediafilter.service;
 
+import java.sql.SQLException;
 import java.util.List;
 import java.util.Map;
 
 import org.dspace.app.mediafilter.FormatFilter;
+import org.dspace.authorize.AuthorizeException;
 import org.dspace.content.Bitstream;
 import org.dspace.content.Collection;
 import org.dspace.content.Community;
@@ -91,6 +93,22 @@ public interface MediaFilterService {
     public boolean processBitstream(Context context, Item item, Bitstream source, FormatFilter formatFilter)
         throws Exception;
 
+    /**
+     * update resource polices of derivative bitstreams
+     * related to source bitstream.
+     * set derivative bitstreams to be publicly accessible or
+     * replace derivative bitstreams policies using
+     * the same in the source bitstream.
+     *
+     * @param context context
+     * @param item item containing bitstreams
+     * @param source source bitstream
+     * @throws SQLException If something goes wrong in the database
+     * @throws AuthorizeException if authorization error
+     */
+    public void updatePoliciesOfDerivativeBitstreams(Context context, Item item, Bitstream source)
+        throws SQLException, AuthorizeException;
+
     /**
      * Return the item that is currently being processed/filtered
      * by the MediaFilterManager.

dspace-api/src/main/java/org/dspace/app/packager/Packager.java

@@ -631,7 +631,7 @@ public class Packager {
             //otherwise, just disseminate a single object to a single package file
             dip.disseminate(context, dso, pkgParams, pkgFile);
 
-            if (pkgFile != null && pkgFile.exists()) {
+            if (pkgFile.exists()) {
                 System.out.println("\nCREATED package file: " + pkgFile.getCanonicalPath());
             }
         }

dspace-api/src/main/java/org/dspace/app/requestitem/CollectionAdministratorsRequestItemStrategy.java

@@ -0,0 +1,46 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+
+package org.dspace.app.requestitem;
+
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.dspace.content.Collection;
+import org.dspace.content.Item;
+import org.dspace.core.Context;
+import org.dspace.eperson.EPerson;
+import org.springframework.lang.NonNull;
+
+/**
+ * Derive request recipients from groups of the Collection which owns an Item.
+ * The list will include all members of the administrators group.  If the
+ * resulting list is empty, delegates to {@link RequestItemHelpdeskStrategy}.
+ *
+ * @author Mark H. Wood <mwood@iupui.edu>
+ */
+public class CollectionAdministratorsRequestItemStrategy
+        extends RequestItemHelpdeskStrategy {
+    @Override
+    @NonNull
+    public List<RequestItemAuthor> getRequestItemAuthor(Context context,
+            Item item)
+            throws SQLException {
+        List<RequestItemAuthor> recipients = new ArrayList<>();
+        Collection collection = item.getOwningCollection();
+        for (EPerson admin : collection.getAdministrators().getMembers()) {
+            recipients.add(new RequestItemAuthor(admin));
+        }
+        if (recipients.isEmpty()) {
+            return super.getRequestItemAuthor(context, item);
+        } else {
+            return recipients;
+        }
+    }
+}

dspace-api/src/main/java/org/dspace/app/requestitem/CombiningRequestItemStrategy.java

@@ -0,0 +1,61 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.requestitem;
+
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.dspace.content.Item;
+import org.dspace.core.Context;
+import org.springframework.lang.NonNull;
+import org.springframework.util.Assert;
+
+/**
+ * Assemble a list of recipients from the results of other strategies.
+ * The list of strategy classes is injected as the constructor argument
+ * {@code strategies}.
+ * If the strategy list is not configured, returns an empty List.
+ *
+ * @author Mark H. Wood <mwood@iupui.edu>
+ */
+public class CombiningRequestItemStrategy
+        implements RequestItemAuthorExtractor {
+    /** The strategies to combine. */
+    private final List<RequestItemAuthorExtractor> strategies;
+
+    /**
+     * Initialize a combination of strategies.
+     * @param strategies the author extraction strategies to combine.
+     */
+    public CombiningRequestItemStrategy(@NonNull List<RequestItemAuthorExtractor> strategies) {
+        Assert.notNull(strategies, "Strategy list may not be null");
+        this.strategies = strategies;
+    }
+
+    /**
+     * Do not call.
+     * @throws IllegalArgumentException always
+     */
+    private CombiningRequestItemStrategy() {
+        throw new IllegalArgumentException();
+    }
+
+    @Override
+    @NonNull
+    public List<RequestItemAuthor> getRequestItemAuthor(Context context, Item item)
+            throws SQLException {
+        List<RequestItemAuthor> recipients = new ArrayList<>();
+
+        for (RequestItemAuthorExtractor strategy : strategies) {
+            recipients.addAll(strategy.getRequestItemAuthor(context, item));
+        }
+
+        return recipients;
+    }
+}

dspace-api/src/main/java/org/dspace/app/requestitem/RequestItem.java

@@ -27,7 +27,7 @@ import org.dspace.core.Context;
 import org.dspace.core.ReloadableEntity;
 
 /**
- * Object representing an Item Request
+ * Object representing an Item Request.
  */
 @Entity
 @Table(name = "requestitem")
@@ -94,6 +94,9 @@ public class RequestItem implements ReloadableEntity<Integer> {
         this.allfiles = allfiles;
     }
 
+    /**
+     * @return {@code true} if all of the Item's files are requested.
+     */
     public boolean isAllfiles() {
         return allfiles;
     }
@@ -102,6 +105,9 @@ public class RequestItem implements ReloadableEntity<Integer> {
         this.reqMessage = reqMessage;
     }
 
+    /**
+     * @return a message from the requester.
+     */
     public String getReqMessage() {
         return reqMessage;
     }
@@ -110,6 +116,9 @@ public class RequestItem implements ReloadableEntity<Integer> {
         this.reqName = reqName;
     }
 
+    /**
+     * @return Human-readable name of the user requesting access.
+     */
     public String getReqName() {
         return reqName;
     }
@@ -118,6 +127,9 @@ public class RequestItem implements ReloadableEntity<Integer> {
         this.reqEmail = reqEmail;
     }
 
+    /**
+     * @return address of the user requesting access.
+     */
     public String getReqEmail() {
         return reqEmail;
     }
@@ -126,6 +138,9 @@ public class RequestItem implements ReloadableEntity<Integer> {
         this.token = token;
     }
 
+    /**
+     * @return a unique request identifier which can be emailed.
+     */
     public String getToken() {
         return token;
     }