Merge pull request #5641 from venilnoronha/issue-5637-fix

* issue-5637-fix: Polish contribution Support max-http-header-size & max-http-post-size
9 years ago · fc149dcc05
parent 3d9ac6ea57 ea44ae6a35
commit fc149dcc05
4 changed files with 236 additions and 9 deletions
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
@ -30,6 +30,8 @@ import javax.servlet.SessionCookieConfig;
 import javax.servlet.SessionTrackingMode;
 import javax.validation.constraints.NotNull;

+import io.undertow.Undertow.Builder;
+import io.undertow.UndertowOptions;
 import org.apache.catalina.Context;
 import org.apache.catalina.connector.Connector;
 import org.apache.catalina.valves.AccessLogValve;
@ -37,6 +39,13 @@ import org.apache.catalina.valves.RemoteIpValve;
 import org.apache.coyote.AbstractProtocol;
 import org.apache.coyote.ProtocolHandler;
 import org.apache.coyote.http11.AbstractHttp11Protocol;
+import org.eclipse.jetty.server.ConnectionFactory;
+import org.eclipse.jetty.server.Handler;
+import org.eclipse.jetty.server.HttpConfiguration;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.handler.ContextHandler;
+import org.eclipse.jetty.server.handler.HandlerCollection;
+import org.eclipse.jetty.server.handler.HandlerWrapper;

 import org.springframework.boot.autoconfigure.web.ServerProperties.Session.Cookie;
 import org.springframework.boot.cloud.CloudPlatform;
@ -50,11 +59,14 @@ import org.springframework.boot.context.embedded.JspServlet;
 import org.springframework.boot.context.embedded.ServletContextInitializer;
 import org.springframework.boot.context.embedded.Ssl;
 import org.springframework.boot.context.embedded.jetty.JettyEmbeddedServletContainerFactory;
+import org.springframework.boot.context.embedded.jetty.JettyServerCustomizer;
 import org.springframework.boot.context.embedded.tomcat.TomcatConnectorCustomizer;
 import org.springframework.boot.context.embedded.tomcat.TomcatContextCustomizer;
 import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
+import org.springframework.boot.context.embedded.undertow.UndertowBuilderCustomizer;
 import org.springframework.boot.context.embedded.undertow.UndertowEmbeddedServletContainerFactory;
 import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.context.properties.DeprecatedConfigurationProperty;
 import org.springframework.boot.context.properties.NestedConfigurationProperty;
 import org.springframework.context.EnvironmentAware;
 import org.springframework.core.Ordered;
@ -73,6 +85,7 @@ import org.springframework.util.StringUtils;
 * @author Marcos Barbero
 * @author Eddú Meléndez
 * @author Quinten De Swaef
+ * @author Venil Noronha
 */
@ConfigurationProperties(prefix = "server", ignoreUnknownFields = true)
 public class ServerProperties
@ -122,6 +135,16 @@ public class ServerProperties
 	 */
 	private String serverHeader;

+	/**
+	 * Maximum size in bytes of the HTTP message header.
+	 */
+	private int maxHttpHeaderSize = 0; // bytes
+
+	/**
+	 * Maximum size in bytes of the HTTP post content.
+	 */
+	private int maxHttpPostSize = 0; // bytes
+
 	private Session session = new Session();

 	@NestedConfigurationProperty
@ -319,6 +342,22 @@ public class ServerProperties
 		this.serverHeader = serverHeader;
 	}

+	public int getMaxHttpHeaderSize() {
+		return this.maxHttpHeaderSize;
+	}
+
+	public void setMaxHttpHeaderSize(int maxHttpHeaderSize) {
+		this.maxHttpHeaderSize = maxHttpHeaderSize;
+	}
+
+	public int getMaxHttpPostSize() {
+		return this.maxHttpPostSize;
+	}
+
+	public void setMaxHttpPostSize(int maxHttpPostSize) {
+		this.maxHttpPostSize = maxHttpPostSize;
+	}
+
 	protected final boolean getOrDeduceUseForwardHeaders() {
 		if (this.useForwardHeaders != null) {
 			return this.useForwardHeaders;
@ -612,10 +651,25 @@ public class ServerProperties
 			this.minSpareThreads = minSpareThreads;
 		}

+		/**
+		 * Get the max http header size.
+		 * @return the max http header size.
+		 * @deprecated as of 1.4 in favor of
+		 * {@link ServerProperties#getMaxHttpHeaderSize()}
+		 */
+		@Deprecated
+		@DeprecatedConfigurationProperty(replacement = "server.max-http-header-size")
 		public int getMaxHttpHeaderSize() {
 			return this.maxHttpHeaderSize;
 		}

+		/**
+		 * Set the max http header size.
+		 * @param maxHttpHeaderSize the max http header size.
+		 * @deprecated as of 1.4 in favor of
+		 * {@link ServerProperties#setMaxHttpHeaderSize(int)}
+		 */
+		@Deprecated
 		public void setMaxHttpHeaderSize(int maxHttpHeaderSize) {
 			this.maxHttpHeaderSize = maxHttpHeaderSize;
 		}
@ -701,8 +755,13 @@ public class ServerProperties
 			if (this.minSpareThreads > 0) {
 				customizeMinThreads(factory);
 			}
-			if (this.maxHttpHeaderSize > 0) {
-				customizeMaxHttpHeaderSize(factory);
+			int maxHttpHeaderSize = (serverProperties.getMaxHttpHeaderSize() > 0
+					? serverProperties.getMaxHttpHeaderSize() : this.maxHttpHeaderSize);
+			if (maxHttpHeaderSize > 0) {
+				customizeMaxHttpHeaderSize(factory, maxHttpHeaderSize);
+			}
+			if (serverProperties.getMaxHttpPostSize() > 0) {
+				customizeMaxHttpPostSize(factory, serverProperties.getMaxHttpPostSize());
 			}
 			if (this.accesslog.enabled) {
 				customizeAccessLog(factory);
@ -782,7 +841,8 @@ public class ServerProperties

 		@SuppressWarnings("rawtypes")
 		private void customizeMaxHttpHeaderSize(
-				TomcatEmbeddedServletContainerFactory factory) {
+				TomcatEmbeddedServletContainerFactory factory,
+				final int maxHttpHeaderSize) {
 			factory.addConnectorCustomizers(new TomcatConnectorCustomizer() {

 				@Override
@ -790,13 +850,26 @@ public class ServerProperties
 					ProtocolHandler handler = connector.getProtocolHandler();
 					if (handler instanceof AbstractHttp11Protocol) {
 						AbstractHttp11Protocol protocol = (AbstractHttp11Protocol) handler;
-						protocol.setMaxHttpHeaderSize(Tomcat.this.maxHttpHeaderSize);
+						protocol.setMaxHttpHeaderSize(maxHttpHeaderSize);
 					}
 				}

 			});
 		}

+		private void customizeMaxHttpPostSize(
+				TomcatEmbeddedServletContainerFactory factory,
+				final int maxHttpPostSize) {
+			factory.addConnectorCustomizers(new TomcatConnectorCustomizer() {
+
+				@Override
+				public void customize(Connector connector) {
+					connector.setMaxPostSize(maxHttpPostSize);
+				}
+
+			});
+		}
+
 		private void customizeAccessLog(TomcatEmbeddedServletContainerFactory factory) {
 			AccessLogValve valve = new AccessLogValve();
 			valve.setPattern(this.accesslog.getPattern());
@ -882,6 +955,72 @@ public class ServerProperties
 		void customizeJetty(ServerProperties serverProperties,
 				JettyEmbeddedServletContainerFactory factory) {
 			factory.setUseForwardHeaders(serverProperties.getOrDeduceUseForwardHeaders());
+			if (serverProperties.getMaxHttpHeaderSize() > 0) {
+				customizeMaxHttpHeaderSize(factory,
+						serverProperties.getMaxHttpHeaderSize());
+			}
+			if (serverProperties.getMaxHttpPostSize() > 0) {
+				customizeMaxHttpPostSize(factory, serverProperties.getMaxHttpPostSize());
+			}
+		}
+
+		private void customizeMaxHttpHeaderSize(
+				JettyEmbeddedServletContainerFactory factory,
+				final int maxHttpHeaderSize) {
+			factory.addServerCustomizers(new JettyServerCustomizer() {
+
+				@Override
+				public void customize(Server server) {
+					for (org.eclipse.jetty.server.Connector connector : server
+							.getConnectors()) {
+						for (ConnectionFactory connectionFactory : connector
+								.getConnectionFactories()) {
+							if (connectionFactory instanceof HttpConfiguration.ConnectionFactory) {
+								customize(
+										(HttpConfiguration.ConnectionFactory) connectionFactory);
+							}
+						}
+					}
+
+				}
+
+				private void customize(HttpConfiguration.ConnectionFactory factory) {
+					HttpConfiguration configuration = factory.getHttpConfiguration();
+					configuration.setRequestHeaderSize(maxHttpHeaderSize);
+					configuration.setResponseHeaderSize(maxHttpHeaderSize);
+				}
+
+			});
+		}
+
+		private void customizeMaxHttpPostSize(
+				JettyEmbeddedServletContainerFactory factory, final int maxHttpPostSize) {
+			factory.addServerCustomizers(new JettyServerCustomizer() {
+
+				@Override
+				public void customize(Server server) {
+					setHandlerMaxHttpPostSize(maxHttpPostSize, server.getHandlers());
+				}
+
+				private void setHandlerMaxHttpPostSize(int maxHttpPostSize,
+						Handler... handlers) {
+					for (Handler handler : handlers) {
+						if (handler instanceof ContextHandler) {
+							((ContextHandler) handler)
+									.setMaxFormContentSize(maxHttpPostSize);
+						}
+						else if (handler instanceof HandlerWrapper) {
+							setHandlerMaxHttpPostSize(maxHttpPostSize,
+									((HandlerWrapper) handler).getHandler());
+						}
+						else if (handler instanceof HandlerCollection) {
+							setHandlerMaxHttpPostSize(maxHttpPostSize,
+									((HandlerCollection) handler).getHandlers());
+						}
+					}
+				}
+
+			});
 		}

 	}
@ -986,6 +1125,41 @@ public class ServerProperties
 				factory.setAccessLogEnabled(this.accesslog.enabled);
 			}
 			factory.setUseForwardHeaders(serverProperties.getOrDeduceUseForwardHeaders());
+			if (serverProperties.getMaxHttpHeaderSize() > 0) {
+				customizeMaxHttpHeaderSize(factory,
+						serverProperties.getMaxHttpHeaderSize());
+			}
+			if (serverProperties.getMaxHttpPostSize() > 0) {
+				customizeMaxHttpPostSize(factory, serverProperties.getMaxHttpPostSize());
+			}
+		}
+
+		private void customizeMaxHttpHeaderSize(
+				UndertowEmbeddedServletContainerFactory factory,
+				final int maxHttpHeaderSize) {
+			factory.addBuilderCustomizers(new UndertowBuilderCustomizer() {
+
+				@Override
+				public void customize(Builder builder) {
+					builder.setServerOption(UndertowOptions.MAX_HEADER_SIZE,
+							maxHttpHeaderSize);
+				}
+
+			});
+		}
+
+		private void customizeMaxHttpPostSize(
+				UndertowEmbeddedServletContainerFactory factory,
+				final int maxHttpPostSize) {
+			factory.addBuilderCustomizers(new UndertowBuilderCustomizer() {
+
+				@Override
+				public void customize(Builder builder) {
+					builder.setServerOption(UndertowOptions.MAX_ENTITY_SIZE,
+							(long) maxHttpPostSize);
+				}
+
+			});
 		}

 		public static class Accesslog {
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/SizeThreshold.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/SizeThreshold.java
@ -0,0 +1,52 @@
+/*
+ * Copyright 2012-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.autoconfigure.web;
+
+import org.springframework.util.Assert;
+
+/**
+ * A size threshold that can be specified in
+ *
+ * @author Phillip Webb
+ */
+class SizeThreshold {
+
+	private long inBytes;
+
+	private SizeThreshold(long inBytes) {
+		this.inBytes = inBytes;
+	}
+
+	public long getInBytes() {
+		return this.inBytes;
+	}
+
+	private static SizeThreshold parse(String size) {
+		Assert.hasLength(size, "Size must not be empty");
+		size = size.toUpperCase();
+		if (size.endsWith("KB")) {
+			return new SizeThreshold(
+					Long.valueOf(size.substring(0, size.length() - 2)) * 1024);
+		}
+		if (size.endsWith("MB")) {
+			return new SizeThreshold(
+					Long.valueOf(size.substring(0, size.length() - 2)) * 1024 * 1024);
+		}
+		return new SizeThreshold(Long.valueOf(size));
+	}
+
+}
--- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java
+++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java
@ -253,11 +253,11 @@ public class ServerPropertiesTests {
 	}

 	@Test
-	public void testCustomizeTomcatHeaderSize() throws Exception {
+	public void testCustomizeHeaderSize() throws Exception {
 		Map<String, String> map = new HashMap<String, String>();
-		map.put("server.tomcat.maxHttpHeaderSize", "9999");
+		map.put("server.maxHttpHeaderSize", "9999");
 		bindProperties(map);
-		assertThat(this.properties.getTomcat().getMaxHttpHeaderSize()).isEqualTo(9999);
+		assertThat(this.properties.getMaxHttpHeaderSize()).isEqualTo(9999);
 	}

 	@Test
--- a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
+++ b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
@ -159,6 +159,8 @@ content into your application; rather pick only the properties that you need.
 	server.context-parameters.*= # Servlet context init parameters. For instance `server.context-parameters.a=alpha`
 	server.context-path= # Context path of the application.
 	server.display-name=application # Display name of the application.
+	server.max-http-header-size=0 # Maximum size in bytes of the HTTP message header.
+	server.max-http-post-size=0 # Maximum size in bytes of the HTTP post content.
 	server.error.include-stacktrace=never # When to include a "stacktrace" attribute.
 	server.error.path=/error # Path of the error controller.
 	server.error.whitelabel.enabled=true # Enable the default error page displayed in browsers in case of a server error.
@ -168,6 +170,7 @@ content into your application; rather pick only the properties that you need.
 	server.port=8080 # Server HTTP port.
 	server.server-header= # The value sent in the server response header (uses servlet container default if empty)
 	server.servlet-path=/ # Path of the main dispatcher servlet.
+	server.use-forward-headers= # If X-Forwarded-* headers should be applied to the HttpRequest.
 	server.session.cookie.comment= # Comment for the session cookie.
 	server.session.cookie.domain= # Domain for the session cookie.
 	server.session.cookie.http-only= # "HttpOnly" flag for the session cookie.
@ -207,7 +210,6 @@ content into your application; rather pick only the properties that you need.
 			172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|\\
 			172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|\\
 			172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3} # regular expression matching trusted IP addresses.
-	server.tomcat.max-http-header-size=0 # Maximum size in bytes of the HTTP message header.
 	server.tomcat.max-threads=0 # Maximum amount of worker threads.
 	server.tomcat.min-spare-threads=0 # Minimum amount of worker threads.
 	server.tomcat.port-header=X-Forwarded-Port # Name of the HTTP header used to override the original port value.
@ -223,7 +225,6 @@ content into your application; rather pick only the properties that you need.
 	server.undertow.direct-buffers= # Allocate buffers outside the Java heap.
 	server.undertow.io-threads= # Number of I/O threads to create for the worker.
 	server.undertow.worker-threads= # Number of worker threads.
-	server.use-forward-headers= # If X-Forwarded-* headers should be applied to the HttpRequest.

 	# FREEMARKER ({sc-spring-boot-autoconfigure}/freemarker/FreeMarkerAutoConfiguration.{sc-ext}[FreeMarkerAutoConfiguration])
 	spring.freemarker.allow-request-override=false # Set whether HttpServletRequest attributes are allowed to override (hide) controller generated model attributes of the same name.