You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@chemistry.apache.org by Florian Müller <fm...@apache.org> on 2014/05/15 19:16:58 UTC
Re: Question regarding 100 KB limitation, XMLUtils.readText(parser, XMLConstraints.MAX_STRING_LENGTH)
Hi Slawek,
The same code is used on the server side and protects servers from DoS
attacks. Clients shouldn't be allowed to send an infinite long property
value and with that consuming all resources of the server.
On the client side, you could argue that you are only connecting to
trusted servers. But server bugs happen and so it also protects the
client (which could also be a server).
The size of 100kb is an arbitrary choice and actually pretty generous.
Most ECM repository cannot store a property value of that size. Also, a
string of that size would be better managed as content, not as a
property value.
- Florian
> Hello,
>
>
>
> My name is Slawek Karczewski and I'm working with apache chemistry
> opencmis
> version 0.10.0, trying to send the xml representation of a email
> document.
>
> I have encountered problem which comes from the limitation of text
> field
> length while parsing xml document, when uploading xml document to
> Nuxeo
> repository over cmis.
>
>
>
> I'm using createDocument method from Session interface from
> org.apache.chemistry.opencmis.cleint.api:
>
>
>
> (Map<String, ?> properties, ObjectId folderId, ContentStream
> contentStream,
>
> VersioningState versioningState);
>
>
>
> The limitation is defined in XMLConstraints.java class:
>
> public class XMLConstraints {
>
>
>
> public static final int MAX_STRING_LENGTH = 100 * 1024;
>
> .
>
> }
>
>
>
> And the exception is thrown from XMLUtils line (275):
>
> if (sb.length() + len > maxLength) {
>
> throw new
> CmisInvalidArgumentException("String limit
> exceeded!");
>
>
>
> from call :
>
> return XMLUtils.readText(parser, XMLConstraints.MAX_STRING_LENGTH);
>
>
>
> and stack trace which I'm getting:
>
>
> org.apache.chemistry.opencmis.commons.exceptions.CmisConnectionException:
> Parsing exception!
> at
>
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubSer
> vice.parse(AbstractAtomPubService.java:590)
> at
>
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.ObjectServiceImpl.
> createDocument(ObjectServiceImpl.java:126)
> at
>
> org.apache.chemistry.opencmis.client.runtime.SessionImpl.createDocument(Sess
> ionImpl.java:751)
> at
>
> org.apache.chemistry.opencmis.client.runtime.SessionImpl.createDocument(Sess
> ionImpl.java:882)
> at
>
> pl.com.enigma.arch.repository.cmis.mailmanagement.MailManagementImpl.createM
> ailHandler(MailManagementImpl.java:353)
> at
>
> pl.com.enigma.arch.repository.cmis.mailmanagement.MailManagementImpl.createM
> ail(MailManagementImpl.java:157)
> at
>
> pl.com.enigma.arch.repository.cmis.mailmanagement.MailManagementImpl.createM
> ail(MailManagementImpl.java:120)
> at
>
> pl.com.enigma.arch.repository.webservices.mailmanagement.MailManagementServi
> ceWSImpl.createMail(MailManagementServiceWSImpl.java:79)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57
> )
> at
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
> .java:43)
> at java.lang.reflect.Method.invoke(Method.java:601)
> at
>
> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInv
> oker.java:180)
> at
>
> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:9
> 6)
> at
>
> org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.invoke(AbstractJAXWSMethodIn
> voker.java:178)
> at
>
> org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:66)
> at
>
> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:7
> 5)
> at
>
> org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInt
> erceptor.java:58)
> at
>
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at
> java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> at
>
> org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.jav
> a:37)
> at
>
> org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceIn
> vokerInterceptor.java:107)
> at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain
> .java:271)
> at
>
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationOb
> server.java:121)
> at
>
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDes
> tination.java:238)
> at
>
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(Servlet
> Controller.java:218)
> at
>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.
> java:198)
> at
>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.
> java:137)
> at
>
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServ
> let.java:158)
> at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractH
> TTPServlet.java:243)
> at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServ
> let.java:163)
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
> at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPSer
> vlet.java:219)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
> FilterChain.java:305)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
> ain.java:210)
> at
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
> va:222)
> at
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
> va:123)
> at
>
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase
> .java:472)
> at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171
> )
> at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
> at
>
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
> at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
> :118)
> at
>
> org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:333
> )
> at
>
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> at
>
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proce
> ssor.java:1004)
> at
>
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstrac
> tProtocol.java:589)
> at
>
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:
> 310)
> at
>
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:11
> 10)
> at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:6
> 03)
> at java.lang.Thread.run(Thread.java:722)
> Caused by:
>
> org.apache.chemistry.opencmis.commons.exceptions.CmisInvalidArgumentExceptio
> n: String limit exceeded!
> at
>
> org.apache.chemistry.opencmis.commons.impl.XMLUtils.readText(XMLUtils.java:2
> 75)
> at
>
> org.apache.chemistry.opencmis.commons.impl.XMLWalker.readText(XMLWalker.java
> :173)
> at
>
> org.apache.chemistry.opencmis.commons.impl.XMLConverter$PropertyStringXMLWal
> ker.addValue(XMLConverter.java:2605)
> at
>
> org.apache.chemistry.opencmis.commons.impl.XMLConverter$PropertyXMLWalker.re
> ad(XMLConverter.java:2591)
> at
>
> org.apache.chemistry.opencmis.commons.impl.XMLConverter$PropertyXMLWalker.re
> ad(XMLConverter.java:2559)
> at
>
> org.apache.chemistry.opencmis.commons.impl.XMLWalker.walk(XMLWalker.java:53)
> at
>
> org.apache.chemistry.opencmis.commons.impl.XMLConverter$19.read(XMLConverter
> .java:2237)
> at
>
> org.apache.chemistry.opencmis.commons.impl.XMLConverter$19.read(XMLConverter
> .java:2227)
> at
>
> org.apache.chemistry.opencmis.commons.impl.XMLWalker.walk(XMLWalker.java:53)
> at
>
> org.apache.chemistry.opencmis.commons.impl.XMLConverter$18.read(XMLConverter
> .java:2183)
> at
>
> org.apache.chemistry.opencmis.commons.impl.XMLConverter$18.read(XMLConverter
> .java:2173)
> at
>
> org.apache.chemistry.opencmis.commons.impl.XMLWalker.walk(XMLWalker.java:53)
> at
>
> org.apache.chemistry.opencmis.commons.impl.XMLConverter.convertObject(XMLCon
> verter.java:1099)
> at
>
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AtomPubParser.pars
> eElement(AtomPubParser.java:324)
> at
>
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AtomPubParser.pars
> eEntry(AtomPubParser.java:276)
> at
>
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AtomPubParser.pars
> e(AtomPubParser.java:111)
> at
>
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubSer
> vice.parse(AbstractAtomPubService.java:588)
>
>
>
>
>
> I've recompiled yours library changing the value to 50 MB. Could you
> please,
> explain me, what is the reason of the 100 kB boundary of text field
> in xml
> file ?
>
>
>
> Kind regards,
>
> Slawek Karczewski
>
> Senior Software Developer
>
>
> ENIGMA Systemy Ochrony Informacji Sp. z o. o., ul. Jutrzenki 116,
> 02-230
> Warszawa, tel. 22 570 57 10, <http://www.enigma.com.pl/>
> www.enigma.com.pl,
> <ma...@enigma.com.pl>
> slawomir.karczewski@enigma.com.pl
> Sąd Rejonowy dla m. st. Warszawy XIII Wydział Gospodarczy KRS
> 0000160395,
> NIP 526 10 29 614, REGON 011149535, kapitał zakładowy i wpłacony
> 25.718.500
> PLN