This is an automated email from the ASF dual-hosted git repository.
paulrutter pushed a commit to branch
maintenance/FELIX-6774-IT-demonstrating-the-issue
in repository https://gitbox.apache.org/repos/asf/felix-dev.git
commit 24cb75e32cf186a421de6cbeaf22100793eabc02
Author: Paul Rütter <p...@blueconic.com>
AuthorDate: Wed May 7 13:56:34 2025 +0200
FELIX-6774 `org.apache.felix.http.jetty.maxFormSize` not enforced
- Add integration test for demonstrating the issue
---
...eModeDefaultIT.java => JettyMaxFormSizeIT.java} | 44 +++++++++++++++-------
.../jetty/it/JettyUriComplianceModeDefaultIT.java | 2 +
.../jetty/it/JettyUriComplianceModeLegacyIT.java | 2 +
.../felix/http/jetty/it/JettyVirtualThreadsIT.java | 2 +
4 files changed, 36 insertions(+), 14 deletions(-)
diff --git
a/http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyUriComplianceModeDefaultIT.java
b/http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyMaxFormSizeIT.java
similarity index 73%
copy from
http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyUriComplianceModeDefaultIT.java
copy to
http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyMaxFormSizeIT.java
index b6595191e1..16b60272c9 100644
---
a/http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyUriComplianceModeDefaultIT.java
+++
b/http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyMaxFormSizeIT.java
@@ -28,6 +28,7 @@ import java.util.Map;
import javax.inject.Inject;
import jakarta.servlet.Servlet;
+import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
@@ -35,6 +36,7 @@ import jakarta.servlet.http.HttpServletResponse;
import org.eclipse.jetty.client.ContentResponse;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.client.transport.HttpClientTransportOverHTTP;
+import org.eclipse.jetty.util.Fields;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -45,9 +47,12 @@ import org.ops4j.pax.exam.spi.reactors.PerClass;
import org.osgi.framework.BundleContext;
import org.osgi.service.http.HttpService;
import org.osgi.service.servlet.whiteboard.HttpWhiteboardConstants;
+
@RunWith(PaxExam.class)
@ExamReactorStrategy(PerClass.class)
-public class JettyUriComplianceModeDefaultIT extends AbstractJettyTestSupport {
+public class JettyMaxFormSizeIT extends AbstractJettyTestSupport {
+ private static final int LIMIT_IN_BYTES = 10;
+
@Inject
protected BundleContext bundleContext;
@@ -74,19 +79,21 @@ public class JettyUriComplianceModeDefaultIT extends
AbstractJettyTestSupport {
protected Option felixHttpConfig(int httpPort) {
return newConfiguration("org.apache.felix.http")
.put("org.osgi.service.http.port", httpPort)
+ .put("org.apache.felix.http.jetty.maxFormSize",
LIMIT_IN_BYTES) // 10 bytes limit
.asOption();
}
@Before
public void setup(){
assertNotNull(bundleContext);
- bundleContext.registerService(Servlet.class, new
UriComplianceEndpoint(), new Hashtable<>(Map.of(
+ bundleContext.registerService(Servlet.class, new HelloWorldServlet(),
new Hashtable<>(Map.of(
HttpWhiteboardConstants.HTTP_WHITEBOARD_SERVLET_PATTERN, "/*"
)));
}
+
@Test
- public void testUriCompliance() throws Exception {
+ public void testFormSizeLimit() throws Exception {
HttpClientTransportOverHTTP transport = new
HttpClientTransportOverHTTP();
HttpClient httpClient = new HttpClient(transport);
httpClient.start();
@@ -94,22 +101,31 @@ public class JettyUriComplianceModeDefaultIT extends
AbstractJettyTestSupport {
Object value =
bundleContext.getServiceReference(HttpService.class).getProperty("org.osgi.service.http.port");
int httpPort = Integer.parseInt((String) value);
- URI destUriWorking = new
URI(String.format("http://localhost:%d/endpoint/working";, httpPort));
- URI destUriAmbigousPath = new URI("http://localhost:"; + httpPort +
"/endpoint/ambigousPathitem_0_http%3A%2F%2Fwww.test.com%2F0.html/abc");
+ URI uri = new URI(String.format("http://localhost:%d/endpoint";,
httpPort));
+
+ Fields formFields = new Fields();
+ formFields.add(new Fields.Field("key", "value")); // under 10 bytes
+ ContentResponse response = httpClient.FORM(uri, formFields);
- ContentResponse response = httpClient.GET(destUriWorking);
assertEquals(200, response.getStatus());
assertEquals("OK", response.getContentAsString());
- // blocked with HTTP 400 by default
- assertEquals(400, httpClient.GET(destUriAmbigousPath).getStatus());
+ Fields formFieldsLimitExceeded = new Fields();
+ formFieldsLimitExceeded.add(new Fields.Field("key",
"valueoverlimit")); // over limit of 10 bytes
+ ContentResponse responseExceeded = httpClient.FORM(uri,
formFieldsLimitExceeded);
+
+ // TODO why does this need yield a HTTP 413?
+ // Seems maxFormSize is not enforced?
+ assertEquals(413, responseExceeded.getStatus());
+
+ httpClient.close();
}
- static final class UriComplianceEndpoint extends HttpServlet {
- @Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws IOException {
- resp.setStatus(200);
- resp.getWriter().write("OK");
- }
+ static final class HelloWorldServlet extends HttpServlet {
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse
resp) throws ServletException, IOException {
+ resp.setStatus(200);
+ resp.getWriter().write("OK");
+ }
}
}
diff --git
a/http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyUriComplianceModeDefaultIT.java
b/http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyUriComplianceModeDefaultIT.java
index b6595191e1..359d3678d9 100644
---
a/http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyUriComplianceModeDefaultIT.java
+++
b/http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyUriComplianceModeDefaultIT.java
@@ -103,6 +103,8 @@ public class JettyUriComplianceModeDefaultIT extends
AbstractJettyTestSupport {
// blocked with HTTP 400 by default
assertEquals(400, httpClient.GET(destUriAmbigousPath).getStatus());
+
+ httpClient.close();
}
static final class UriComplianceEndpoint extends HttpServlet {
diff --git
a/http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyUriComplianceModeLegacyIT.java
b/http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyUriComplianceModeLegacyIT.java
index 7da80d0573..cd228e0271 100644
---
a/http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyUriComplianceModeLegacyIT.java
+++
b/http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyUriComplianceModeLegacyIT.java
@@ -79,5 +79,7 @@ public class JettyUriComplianceModeLegacyIT extends
JettyUriComplianceModeDefaul
ContentResponse response2 = httpClient.GET(destUriAmbigousPath);
assertEquals(200, response2.getStatus());
assertEquals("OK", response2.getContentAsString());
+
+ httpClient.close();
}
}
\ No newline at end of file
diff --git
a/http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyVirtualThreadsIT.java
b/http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyVirtualThreadsIT.java
index e121116be3..0b79d51195 100644
---
a/http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyVirtualThreadsIT.java
+++
b/http/jetty12/src/test/java/org/apache/felix/http/jetty/it/JettyVirtualThreadsIT.java
@@ -105,6 +105,8 @@ public class JettyVirtualThreadsIT extends
AbstractJettyTestSupport {
ContentResponse response = httpClient.GET(destUri);
assertEquals(200, response.getStatus());
assertEquals("OK", response.getContentAsString());
+
+ httpClient.close();
}
static final class ExampleEndpoint extends HttpServlet {
