mirror of https://github.com/apache/activemq.git
[AMQ-7327] Use maxFrameSize to limit HTTP content length
This commit is contained in:
parent
d0b0a6495e
commit
50a94cbf12
|
@ -48,9 +48,11 @@ public class HttpTransportFactory extends TransportFactory {
|
||||||
Map<String, Object> jettyOptions = IntrospectionSupport.extractProperties(options, "jetty.");
|
Map<String, Object> jettyOptions = IntrospectionSupport.extractProperties(options, "jetty.");
|
||||||
Map<String, Object> httpOptions = IntrospectionSupport.extractProperties(options, "http.");
|
Map<String, Object> httpOptions = IntrospectionSupport.extractProperties(options, "http.");
|
||||||
Map<String, Object> transportOptions = IntrospectionSupport.extractProperties(options, "transport.");
|
Map<String, Object> transportOptions = IntrospectionSupport.extractProperties(options, "transport.");
|
||||||
|
Map<String, Object> wireFormatOptions = IntrospectionSupport.extractProperties(options, "wireFormat.");
|
||||||
result.setJettyOptions(jettyOptions);
|
result.setJettyOptions(jettyOptions);
|
||||||
result.setTransportOption(transportOptions);
|
result.setTransportOption(transportOptions);
|
||||||
result.setHttpOptions(httpOptions);
|
result.setHttpOptions(httpOptions);
|
||||||
|
result.setWireFormatOptions(wireFormatOptions);
|
||||||
return result;
|
return result;
|
||||||
} catch (URISyntaxException e) {
|
} catch (URISyntaxException e) {
|
||||||
throw IOExceptionSupport.create(e);
|
throw IOExceptionSupport.create(e);
|
||||||
|
|
|
@ -18,6 +18,7 @@ package org.apache.activemq.transport.http;
|
||||||
|
|
||||||
import java.net.InetSocketAddress;
|
import java.net.InetSocketAddress;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import org.apache.activemq.command.BrokerInfo;
|
import org.apache.activemq.command.BrokerInfo;
|
||||||
|
@ -38,6 +39,7 @@ public class HttpTransportServer extends WebTransportServerSupport {
|
||||||
|
|
||||||
private TextWireFormat wireFormat;
|
private TextWireFormat wireFormat;
|
||||||
private final HttpTransportFactory transportFactory;
|
private final HttpTransportFactory transportFactory;
|
||||||
|
private Map<String, Object> wireFormatOptions = new HashMap<>();
|
||||||
|
|
||||||
public HttpTransportServer(URI uri, HttpTransportFactory factory) {
|
public HttpTransportServer(URI uri, HttpTransportFactory factory) {
|
||||||
super(uri);
|
super(uri);
|
||||||
|
@ -93,6 +95,7 @@ public class HttpTransportServer extends WebTransportServerSupport {
|
||||||
contextHandler.setAttribute("wireFormat", getWireFormat());
|
contextHandler.setAttribute("wireFormat", getWireFormat());
|
||||||
contextHandler.setAttribute("transportFactory", transportFactory);
|
contextHandler.setAttribute("transportFactory", transportFactory);
|
||||||
contextHandler.setAttribute("transportOptions", transportOptions);
|
contextHandler.setAttribute("transportOptions", transportOptions);
|
||||||
|
contextHandler.setAttribute("wireFormatOptions", wireFormatOptions);
|
||||||
|
|
||||||
//AMQ-6182 - disabling trace by default
|
//AMQ-6182 - disabling trace by default
|
||||||
configureTraceMethod((ConstraintSecurityHandler) contextHandler.getSecurityHandler(),
|
configureTraceMethod((ConstraintSecurityHandler) contextHandler.getSecurityHandler(),
|
||||||
|
@ -171,6 +174,10 @@ public class HttpTransportServer extends WebTransportServerSupport {
|
||||||
super.setTransportOption(transportOptions);
|
super.setTransportOption(transportOptions);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void setWireFormatOptions(Map<String, Object> wireFormatOptions) {
|
||||||
|
this.wireFormatOptions = wireFormatOptions;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isSslServer() {
|
public boolean isSslServer() {
|
||||||
return false;
|
return false;
|
||||||
|
|
|
@ -60,6 +60,7 @@ public class HttpTunnelServlet extends HttpServlet {
|
||||||
private ConcurrentMap<String, BlockingQueueTransport> clients = new ConcurrentHashMap<String, BlockingQueueTransport>();
|
private ConcurrentMap<String, BlockingQueueTransport> clients = new ConcurrentHashMap<String, BlockingQueueTransport>();
|
||||||
private final long requestTimeout = 30000L;
|
private final long requestTimeout = 30000L;
|
||||||
private HashMap<String, Object> transportOptions;
|
private HashMap<String, Object> transportOptions;
|
||||||
|
private HashMap<String, Object> wireFormatOptions;
|
||||||
|
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
@Override
|
@Override
|
||||||
|
@ -74,6 +75,7 @@ public class HttpTunnelServlet extends HttpServlet {
|
||||||
throw new ServletException("No such attribute 'transportFactory' available in the ServletContext");
|
throw new ServletException("No such attribute 'transportFactory' available in the ServletContext");
|
||||||
}
|
}
|
||||||
transportOptions = (HashMap<String, Object>)getServletContext().getAttribute("transportOptions");
|
transportOptions = (HashMap<String, Object>)getServletContext().getAttribute("transportOptions");
|
||||||
|
wireFormatOptions = (HashMap<String, Object>)getServletContext().getAttribute("wireFormatOptions");
|
||||||
wireFormat = (TextWireFormat)getServletContext().getAttribute("wireFormat");
|
wireFormat = (TextWireFormat)getServletContext().getAttribute("wireFormat");
|
||||||
if (wireFormat == null) {
|
if (wireFormat == null) {
|
||||||
wireFormat = createWireFormat();
|
wireFormat = createWireFormat();
|
||||||
|
@ -118,6 +120,10 @@ public class HttpTunnelServlet extends HttpServlet {
|
||||||
@Override
|
@Override
|
||||||
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
||||||
|
|
||||||
|
if (wireFormatOptions.get("maxFrameSize") != null && request.getContentLength() > Integer.parseInt(wireFormatOptions.get("maxFrameSize").toString())) {
|
||||||
|
throw new ServletException("maxFrameSize exceeded");
|
||||||
|
}
|
||||||
|
|
||||||
InputStream stream = request.getInputStream();
|
InputStream stream = request.getInputStream();
|
||||||
String contentType = request.getContentType();
|
String contentType = request.getContentType();
|
||||||
if (contentType != null && contentType.equals("application/x-gzip")) {
|
if (contentType != null && contentType.equals("application/x-gzip")) {
|
||||||
|
|
|
@ -0,0 +1,64 @@
|
||||||
|
/**
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
|
* contributor license agreements. See the NOTICE file distributed with
|
||||||
|
* this work for additional information regarding copyright ownership.
|
||||||
|
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||||
|
* (the "License"); you may not use this file except in compliance with
|
||||||
|
* the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.apache.activemq.transport.http;
|
||||||
|
|
||||||
|
import org.apache.activemq.ActiveMQConnectionFactory;
|
||||||
|
import org.apache.activemq.broker.BrokerService;
|
||||||
|
import org.apache.activemq.command.ActiveMQQueue;
|
||||||
|
import org.apache.commons.lang.StringUtils;
|
||||||
|
import org.junit.After;
|
||||||
|
import org.junit.Before;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
|
import javax.jms.Connection;
|
||||||
|
import javax.jms.JMSException;
|
||||||
|
import javax.jms.MessageProducer;
|
||||||
|
import javax.jms.Session;
|
||||||
|
import javax.jms.TextMessage;
|
||||||
|
|
||||||
|
public class HttpMaxFrameSizeTest {
|
||||||
|
|
||||||
|
protected BrokerService brokerService;
|
||||||
|
|
||||||
|
@Before
|
||||||
|
public void setup() throws Exception {
|
||||||
|
brokerService = new BrokerService();
|
||||||
|
brokerService.setPersistent(false);
|
||||||
|
brokerService.setUseJmx(false);
|
||||||
|
brokerService.deleteAllMessages();
|
||||||
|
brokerService.addConnector("http://localhost:8888?wireFormat.maxFrameSize=10");
|
||||||
|
brokerService.start();
|
||||||
|
brokerService.waitUntilStarted();
|
||||||
|
}
|
||||||
|
|
||||||
|
@After
|
||||||
|
public void teardown() throws Exception {
|
||||||
|
brokerService.stop();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test(expected = JMSException.class)
|
||||||
|
public void sendTest() throws Exception {
|
||||||
|
ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory("http://localhost:8888");
|
||||||
|
Connection connection = connectionFactory.createConnection();
|
||||||
|
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
|
||||||
|
MessageProducer producer = session.createProducer(new ActiveMQQueue("test"));
|
||||||
|
String payload = StringUtils.repeat("*", 2000);
|
||||||
|
TextMessage textMessage = session.createTextMessage(payload);
|
||||||
|
producer.send(textMessage);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue