Issue #11266 - allow context attributes to be used to configure max form (content size / keys) #11274
Conversation
…orm (content size / keys) + Allows these common configurations to be set via `WEB-INF/web.xml` without the need for a `WEB-INF/jetty-web.xml` Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
| @@ -215,8 +216,8 @@ private enum ProtectedTargetType | |||
| private String[] _vconnectors; // connector portion, matching _vhosts array | |||
| private Logger _logger; | |||
| private boolean _allowNullPathInfo; | |||
| private int _maxFormKeys = Integer.getInteger(MAX_FORM_KEYS_KEY, DEFAULT_MAX_FORM_KEYS); | |||
| private int _maxFormContentSize = Integer.getInteger(MAX_FORM_CONTENT_SIZE_KEY, DEFAULT_MAX_FORM_CONTENT_SIZE); | |||
| private int _maxFormKeys = MAX_FORM_UNSET; | |||
There was a problem hiding this comment.
This change would prevent the use of System properties being used, which would be removal of long released behaviour. You could just add in support for the context attributes, or we could punt this in favour of a different solution for jetty-web.xml.
There was a problem hiding this comment.
The support for these two System properties was just moved to the doStart() location, not removed.
There was a problem hiding this comment.
I see it now in doStart(). However, I don't think we should be doing this development in jetty-10, if we're doing it, it should be in jetty-12.
There was a problem hiding this comment.
This was a possible solution for what was brought up in Issue #11274, which meant it should be done in Jetty 10 thru Jetty 12.
But the OP (@vmassol) made some good points (see #11266 (comment)) and has convinced me that the approach in this PR isn't a great solution.
I'm totally OK with this being only for Jetty 12.
Want me to recreate this for Jetty 12 only? or drop it as a concept?
There was a problem hiding this comment.
IMHO we should do it for 12, and also update the doco for it with the new context attributes.
There was a problem hiding this comment.
Will do, and I'll add unit tests!
| @@ -215,8 +216,8 @@ private enum ProtectedTargetType | |||
| private String[] _vconnectors; // connector portion, matching _vhosts array | |||
| private Logger _logger; | |||
| private boolean _allowNullPathInfo; | |||
| private int _maxFormKeys = Integer.getInteger(MAX_FORM_KEYS_KEY, DEFAULT_MAX_FORM_KEYS); | |||
| private int _maxFormContentSize = Integer.getInteger(MAX_FORM_CONTENT_SIZE_KEY, DEFAULT_MAX_FORM_CONTENT_SIZE); | |||
| private int _maxFormKeys = MAX_FORM_UNSET; | |||
There was a problem hiding this comment.
I see it now in doStart(). However, I don't think we should be doing this development in jetty-10, if we're doing it, it should be in jetty-12.
|
Closing, will be a feature introduced in Jetty 12 instead. |
|
@joakime Hello. Thanks again for working on this. Do you know if the feature has now been integrated in Jetty 12 or not yet? I checked the release notes but couldn't see it (but I could have missed it). For the context, we're still stuck with #11266 and any solution would work for us, even context attributes :) thx! |
|
@joakime gentle ping to know if this feature has been added in Jetty 12, see #11274 (comment) Thx! |
See replacement PR #11898 |
PROOF OF CONCEPT
This is likely incomplete and certainly not tested (yet).
WEB-INF/web.xmlwithout the need for aWEB-INF/jetty-web.xmlThe configuration in the
WEB-INF/web.xmlwould look like this ...