CXF
  1. CXF
  2. CXF-3879

Add the ability to enforce a maximum attachment size

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.12, 2.3.7, 2.4.3
    • Fix Version/s: 2.4.4, 2.3.8
    • Component/s: JAX-RS
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      Safe handling of multipart-* HTTP request requires the ability to cap the size of the uploaded attachments before they get cached. CXF does currently not provide an option for this (other frameworks such as the commons fileupload and the 3.0 servlet spec do provide this). I've attached a quick patch that allows one to set a option for enforcing a size limit while doing the attachment parsing (similar to the threshold and temp dir options). The biggest question imo is how to best bubble up a appropriate error. I chose to subclass IOException and then later on transform it into a 413 (request size too large) HTTP response, but would welcome input on other approaches.

      I will attach a patch against CXF 2.2, but believe that it should also apply to newer versions.

        Activity

        Sam Meder created issue -
        Sam Meder made changes -
        Field Original Value New Value
        Attachment attachment-size-limit.patch [ 12500600 ]
        Sam Meder made changes -
        Attachment attachment-size-limit.patch [ 12500726 ]
        Sam Meder made changes -
        Attachment attachment-size-limit.patch [ 12500600 ]
        Sam Meder made changes -
        Attachment attachment-size-limit.patch [ 12500726 ]
        Sam Meder made changes -
        Attachment attachment-size-limit.patch [ 12500787 ]
        Sam Meder made changes -
        Attachment attachment-size-limit.patch [ 12500787 ]
        Sam Meder made changes -
        Attachment attachment-size-limit.patch [ 12500816 ]
        Daniel Kulp made changes -
        Assignee Daniel Kulp [ dkulp ]
        Daniel Kulp made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Fix Version/s 2.3.8 [ 12318348 ]
        Fix Version/s 2.4.4 [ 12318347 ]
        Resolution Fixed [ 1 ]
        Freeman Fang made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Daniel Kulp
            Reporter:
            Sam Meder
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development