You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@guacamole.apache.org by GitBox <gi...@apache.org> on 2021/02/25 15:32:58 UTC

[GitHub] [guacamole-client] necouchman commented on a change in pull request #595: GUACAMOLE-1298: Automatically limit HTTP request size.

necouchman commented on a change in pull request #595:
URL: https://github.com/apache/guacamole-client/pull/595#discussion_r582926223



##########
File path: guacamole/src/main/java/org/apache/guacamole/rest/RequestSizeFilter.java
##########
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.rest;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import javax.inject.Inject;
+import javax.inject.Singleton;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.container.ResourceInfo;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.ext.Provider;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.environment.Environment;
+import org.apache.guacamole.properties.LongGuacamoleProperty;
+
+/**
+ * Filter which restricts REST API requests to a particular maximum size.
+ */
+@Singleton
+@Provider
+public class RequestSizeFilter implements ContainerRequestFilter {
+
+    /**
+     * Informs the RequestSizeFilter to NOT enforce its request size limits on
+     * requests serviced by the annotated method.
+     */
+    @Retention(RetentionPolicy.RUNTIME)
+    @Target(ElementType.METHOD)
+    public static @interface DoNotLimit {}
+
+    /**
+     * The default maximum number of bytes to accept within the entity body of
+     * any particular REST request.
+     */
+    private final long DEFAULT_MAX_REQUEST_SIZE = 2097152;

Review comment:
       Is there a reason why this size was chosen? I've not issue with it, just curious as to the rationale.

##########
File path: guacamole/src/main/java/org/apache/guacamole/GuacamoleServletContextListener.java
##########
@@ -78,33 +121,47 @@ public void contextInitialized(ServletContextEvent servletContextEvent) {
             throw new RuntimeException(e);
         }
 
+        // NOTE: The superclass implementation of contextInitialized() is
+        // expected invoke getInjector(), hence the need to call AFTER setting

Review comment:
       *to invoke




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org