Since you have posted this to the Servlet forum I assume you will be using the HTTP protocol to receive these files from clients/browsers. What you are looking for is the ability to process multipart HTTP requests on the server. Going with a third party library will probably save you a lot of time as implementing the complete RFC can take some time
. There is also an open source free library from the Apache foundation (www.apache.org).
From security stand point the things you have to consider are what kind of information do you wish to receive and ensure that that is being send. What size of files you wish to accept and what types, where will those files be stored on the server. Do you have a virus scanner that may interfere or switch permission amid transmition. What permission will your files have during and once downloaded on your server. What ports will you use for this functionality. What other checks and functionality will your fileupload servlet need to peruse to conform to business requirements.
So what you have to do is analyse what you need to get from those files, why, when, how etc. and make sure that is the only thing that can be sent, sound rather simplified but in general terms that is it.
Good luck.
George