Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-3879

Add the ability to enforce a maximum attachment size

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.12, 2.3.7, 2.4.3
    • Fix Version/s: 2.4.4, 2.3.8
    • Component/s: JAX-RS
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      Safe handling of multipart-* HTTP request requires the ability to cap the size of the uploaded attachments before they get cached. CXF does currently not provide an option for this (other frameworks such as the commons fileupload and the 3.0 servlet spec do provide this). I've attached a quick patch that allows one to set a option for enforcing a size limit while doing the attachment parsing (similar to the threshold and temp dir options). The biggest question imo is how to best bubble up a appropriate error. I chose to subclass IOException and then later on transform it into a 413 (request size too large) HTTP response, but would welcome input on other approaches.

      I will attach a patch against CXF 2.2, but believe that it should also apply to newer versions.

        Attachments

          Activity

            People

            • Assignee:
              dkulp Daniel Kulp
              Reporter:
              smeder Sam Meder
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: