cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sam Meder (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-3879) Add the ability to enforce a maximum attachment size
Date Tue, 25 Oct 2011 17:38:32 GMT

    [ https://issues.apache.org/jira/browse/CXF-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13135267#comment-13135267
] 

Sam Meder commented on CXF-3879:
--------------------------------

By the way, are there existing tests for any of the code I touched? Quick look didn't turn
up any, so any pointers would be welcome.
                
> Add the ability to enforce a maximum attachment size
> ----------------------------------------------------
>
>                 Key: CXF-3879
>                 URL: https://issues.apache.org/jira/browse/CXF-3879
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS
>    Affects Versions: 2.2.12, 2.3.7, 2.4.3
>            Reporter: Sam Meder
>         Attachments: attachment-size-limit.patch
>
>
> Safe handling of multipart-* HTTP request requires the ability to cap the size of the
uploaded attachments before they get cached. CXF does currently not provide an option for
this (other frameworks such as the commons fileupload and the 3.0 servlet spec do provide
this). I've attached a quick patch that allows one to set a option for enforcing a size limit
while doing the attachment parsing (similar to the threshold and temp dir options). The biggest
question imo is how to best bubble up a appropriate error. I chose to subclass IOException
and then later on transform it into a 413 (request size too large) HTTP response, but would
welcome input on other approaches.
> I will attach a patch against CXF 2.2, but believe that it should also apply to newer
versions.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message