AMQ-8029 - Place a bound on the data read in MessageServletSupport

This commit is contained in:
Colm O hEigeartaigh 2020-08-31 10:39:04 +01:00
parent c0e6d47121
commit 66cb8d4cfb
6 changed files with 23 additions and 16 deletions

View File

@ -161,21 +161,6 @@ public class HttpTunnelServlet extends HttpServlet {
return true;
}
protected String readRequestBody(HttpServletRequest request) throws IOException {
StringBuffer buffer = new StringBuffer();
BufferedReader reader = request.getReader();
while (true) {
String line = reader.readLine();
if (line == null) {
break;
} else {
buffer.append(line);
buffer.append("\n");
}
}
return buffer.toString();
}
protected BlockingQueueTransport getTransportChannel(HttpServletRequest request, HttpServletResponse response) throws IOException {
String clientID = request.getHeader("clientID");
if (clientID == null) {

View File

@ -52,6 +52,7 @@
<feature>http</feature>
<feature version="${project.version}">activemq-client</feature>
<bundle>mvn:org.apache.activemq/activemq-karaf/${project.version}</bundle>
<bundle dependency="true">mvn:commons-io/commons-io/${commons-io-version}</bundle>
<bundle dependency="true">mvn:commons-collections/commons-collections/${commons-collections-version}</bundle>
<bundle dependency='true'>mvn:commons-lang/commons-lang/${commons-lang-version}</bundle>
<bundle dependency="true">mvn:commons-codec/commons-codec/1.9</bundle>

View File

@ -74,6 +74,7 @@
javax.management*,
javax.transaction*;version="[1,3)",
javax.naming*;resolution:=optional,
org.apache.commons.io*;resolution:=optional,
org.apache.commons.pool*;resolution:=optional,
org.apache.commons.net*;resolution:=optional,
com.sun*;resolution:=optional,

View File

@ -54,6 +54,10 @@
<groupId>${project.groupId}</groupId>
<artifactId>activemq-pool</artifactId>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>activemq-unit-tests</artifactId>

View File

@ -19,6 +19,7 @@ package org.apache.activemq.web;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
@ -34,6 +35,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.command.ActiveMQQueue;
import org.apache.activemq.command.ActiveMQTopic;
import org.apache.commons.io.input.BoundedInputStream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -58,6 +60,12 @@ import org.slf4j.LoggerFactory;
public abstract class MessageServletSupport extends HttpServlet {
private static final transient Logger LOG = LoggerFactory.getLogger(MessageServletSupport.class);
/**
* A configuration tag to specify the maximum message size (in bytes) for the servlet. The default
* is given by DEFAULT_MAX_MESSAGE_SIZE below.
*/
private static final String MAX_MESSAGE_SIZE_TAG = "maxMessageSize";
private static final Long DEFAULT_MAX_MESSAGE_SIZE = 100000L;
private boolean defaultTopicFlag = true;
private Destination defaultDestination;
@ -68,6 +76,7 @@ public abstract class MessageServletSupport extends HttpServlet {
private int defaultMessagePriority = 5;
private long defaultMessageTimeToLive;
private String destinationOptions;
private long maxMessageSize = DEFAULT_MAX_MESSAGE_SIZE;
public void init(ServletConfig servletConfig) throws ServletException {
super.init(servletConfig);
@ -91,6 +100,11 @@ public abstract class MessageServletSupport extends HttpServlet {
}
}
String maxMessageSizeConfigured = servletConfig.getInitParameter(MAX_MESSAGE_SIZE_TAG);
if (maxMessageSizeConfigured != null) {
maxMessageSize = Long.parseLong(maxMessageSizeConfigured);
}
// lets check to see if there's a connection factory set
WebClient.initContext(getServletContext());
}
@ -344,7 +358,8 @@ public abstract class MessageServletSupport extends HttpServlet {
if (answer == null && contentType != null) {
LOG.debug("Content-Type={}", contentType);
// lets read the message body instead
BufferedReader reader = request.getReader();
BoundedInputStream boundedInputStream = new BoundedInputStream(request.getInputStream(), maxMessageSize);
BufferedReader reader = new BufferedReader(new InputStreamReader(boundedInputStream));
StringBuilder buffer = new StringBuilder();
while (true) {
String line = reader.readLine();

View File

@ -182,6 +182,7 @@
<include>${pom.groupId}:activeio-core</include>
<include>commons-beanutils:commons-beanutils</include>
<include>commons-collections:commons-collections</include>
<include>commons-io:commons-io</include>
<include>org.apache.commons:commons-dbcp2</include>
<include>org.apache.commons:commons-pool2</include>
<include>commons-codec:commons-codec</include>