[jira] [Assigned] (CXF-3879) Add the ability to enforce a maximum attachment size

["Daniel Kulp (Assigned) (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/CXF-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Kulp reassigned CXF-3879:
--------------------------------

    Assignee: Daniel Kulp
    
> Add the ability to enforce a maximum attachment size
> ----------------------------------------------------
>
>                 Key: CXF-3879
>                 URL: https://issues.apache.org/jira/browse/CXF-3879
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS
>    Affects Versions: 2.2.12, 2.3.7, 2.4.3
>            Reporter: Sam Meder
>            Assignee: Daniel Kulp
>         Attachments: attachment-size-limit.patch
>
>
> Safe handling of multipart-* HTTP request requires the ability to cap the size of the uploaded attachments before they get cached. CXF does currently not provide an option for this (other frameworks such as the commons fileupload and the 3.0 servlet spec do provide this). I've attached a quick patch that allows one to set a option for enforcing a size limit while doing the attachment parsing (similar to the threshold and temp dir options). The biggest question imo is how to best bubble up a appropriate error. I chose to subclass IOException and then later on transform it into a 413 (request size too large) HTTP response, but would welcome input on other approaches.
> I will attach a patch against CXF 2.2, but believe that it should also apply to newer versions.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira