Return-Path: X-Original-To: apmail-cxf-issues-archive@www.apache.org Delivered-To: apmail-cxf-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 932E19B2E for ; Tue, 25 Oct 2011 03:00:53 +0000 (UTC) Received: (qmail 1289 invoked by uid 500); 25 Oct 2011 03:00:53 -0000 Delivered-To: apmail-cxf-issues-archive@cxf.apache.org Received: (qmail 1203 invoked by uid 500); 25 Oct 2011 03:00:53 -0000 Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list issues@cxf.apache.org Received: (qmail 1183 invoked by uid 99); 25 Oct 2011 03:00:52 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Oct 2011 03:00:52 +0000 X-ASF-Spam-Status: No, hits=-2000.5 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Oct 2011 03:00:51 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 3FC1E31AD8B for ; Tue, 25 Oct 2011 02:58:32 +0000 (UTC) Date: Tue, 25 Oct 2011 02:58:32 +0000 (UTC) From: "Sam Meder (Updated) (JIRA)" To: issues@cxf.apache.org Message-ID: <1844871078.11701.1319511512262.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <604380287.11694.1319511152352.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Updated] (CXF-3879) Add the ability to enforce a maximum attachment size MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CXF-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sam Meder updated CXF-3879: --------------------------- Attachment: attachment-size-limit.patch Enforce a optional attachment size limit - Patch against 2.2 > Add the ability to enforce a maximum attachment size > ---------------------------------------------------- > > Key: CXF-3879 > URL: https://issues.apache.org/jira/browse/CXF-3879 > Project: CXF > Issue Type: Improvement > Components: JAX-RS > Affects Versions: 2.2.12, 2.3.7, 2.4.3 > Reporter: Sam Meder > Attachments: attachment-size-limit.patch > > > Safe handling of multipart-* HTTP request requires the ability to cap the size of the uploaded attachments before they get cached. CXF does currently not provide an option for this (other frameworks such as the commons fileupload and the 3.0 servlet spec do provide this). I've attached a quick patch that allows one to set a option for enforcing a size limit while doing the attachment parsing (similar to the threshold and temp dir options). The biggest question imo is how to best bubble up a appropriate error. I chose to subclass IOException and then later on transform it into a 413 (request size too large) HTTP response, but would welcome input on other approaches. > I will attach a patch against CXF 2.2, but believe that it should also apply to newer versions. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira