[
https://issues.apache.org/jira/browse/GERONIMO-4874?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12757719#action_12757719
]
Jack Cai commented on GERONIMO-4874:
------------------------------------
Thanks for the comments!
Currently there are two types of "broken" that need to be taken care of:
1. If the outputstream is used when writting out the page, need to take care of
the case where the bytes of one charactor is written in multiple batches
2. Need to take care of the case where the keyword (i.e. </body>) is
written in multiple batches, just as Jarek described
Both cases are currently handled using NIO buffers.
For 1, I will decode as much bytes as possible into characters and buffer the
incomplete bytes for the next decoding/scanning operation. See the code of
SubstituteResponseOutputStream.decodeBuffer().
For 2, I will push back the last 6 characters back to the buffer for the next
scanning operation. See the code of SubstituteUtil.processSubstitute().
Hope this explains.
> Improve the console filter performance
> --------------------------------------
>
> Key: GERONIMO-4874
> URL: https://issues.apache.org/jira/browse/GERONIMO-4874
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: console
> Affects Versions: 2.1.4, 2.1.5, 2.2, 3.0
> Environment: All
> Reporter: Jack Cai
> Priority: Minor
> Attachments: GERONIMO-4874.patch, GERONIMO-4874_0918.patch
>
>
> Current console filter for blocking XSRF attack does not scale well as it
> need to read all the output into a string and then do some text replacement.
> This will use a lot of memory in extreme cases. See the discussion [1].
> [1] http://www.nabble.com/XSRFHandler-question-td24545409s134.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
