oglueck 2004/09/17 01:00:51 Modified: httpclient/src/java/org/apache/commons/httpclient HttpMethodBase.java httpclient/src/java/org/apache/commons/httpclient/params HttpMethodParams.java Log: add API Doc about buffering add a warning if the buffered content length is unknown or > 1 MB add config parameter for the above warning trigger limit optimization of buffer allocation PR: 31246, 30388 Reviewed by: Oleg Kalnichevski Revision Changes Path 1.215 +29 -6 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodBase.java Index: HttpMethodBase.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodBase.java,v retrieving revision 1.214 retrieving revision 1.215 diff -u -r1.214 -r1.215 --- HttpMethodBase.java 16 Sep 2004 06:46:30 -0000 1.214 +++ HttpMethodBase.java 17 Sep 2004 08:00:51 -0000 1.215 @@ -181,6 +181,9 @@ /** Actual cookie policy */ private CookieSpec cookiespec = null; + + /** Default initial size of the response buffer if content length is unknown. */ + private static final int DEFAULT_INITIAL_BUFFER_SIZE = 4*1024; // 4 kB // ----------------------------------------------------------- Constructors @@ -667,6 +670,11 @@ * Returns the response body of the HTTP method, if any, as an array of bytes. * If response body is not available or cannot be read, returns <tt>null</tt> * + * Note: This will cause the entire response body to be buffered in memory. A + * malicious server may easily exhaust all the VM memory. It is strongly + * recommended, to use getResponseAsStream if the content length of the response + * is unknown or resonably large. + * * @return The response body. * * @throws IOException If an I/O (transport) problem occurs while obtaining the @@ -676,8 +684,18 @@ if (this.responseBody == null) { InputStream instream = getResponseBodyAsStream(); if (instream != null) { + long contentLength = getResponseContentLength(); + if (contentLength > Integer.MAX_VALUE) { //guard below cast from overflow + throw new IOException("Content too large to be buffered: "+ contentLength +" bytes"); + } + int limit = getParams().getIntParameter(HttpMethodParams.BUFFER_WARN_TRIGGER_LIMIT, 1024*1024); + if ((contentLength == -1) || (contentLength > limit)) { + LOG.warn("Going to buffer response body of large or unknown size. " + +"Using getResponseAsStream instead is recommended."); + } LOG.debug("Buffering response body"); - ByteArrayOutputStream outstream = new ByteArrayOutputStream(); + ByteArrayOutputStream outstream = new ByteArrayOutputStream( + contentLength > 0 ? (int) contentLength : DEFAULT_INITIAL_BUFFER_SIZE); byte[] buffer = new byte[4096]; int len; while ((len = instream.read(buffer)) > 0) { @@ -717,7 +735,12 @@ * If response body is not available or cannot be read, returns <tt>null</tt> * The string conversion on the data is done using the character encoding specified * in <tt>Content-Type</tt> header. - * + * + * Note: This will cause the entire response body to be buffered in memory. A + * malicious server may easily exhaust all the VM memory. It is strongly + * recommended, to use getResponseAsStream if the content length of the response + * is unknown or resonably large. + * * @return The response body. * * @throws IOException If an I/O (transport) problem occurs while obtaining the 1.15 +13 -4 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/params/HttpMethodParams.java Index: HttpMethodParams.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/params/HttpMethodParams.java,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- HttpMethodParams.java 14 Sep 2004 20:11:32 -0000 1.14 +++ HttpMethodParams.java 17 Sep 2004 08:00:51 -0000 1.15 @@ -249,6 +249,15 @@ public static final String RETRY_HANDLER = "http.method.retry-handler"; /** + * Sets the maximum buffered response size (in bytes) that triggers no warning. Buffered + * responses exceeding this size will trigger a warning in the log. + * <p> + * This parameter expects a value if type [EMAIL PROTECTED] Integer}. + * </p> + */ + public static final String BUFFER_WARN_TRIGGER_LIMIT = "http.method.response.buffer.warnlimit"; + + /** * Creates a new collection of parameters with the collection returned * by [EMAIL PROTECTED] #getDefaultParams()} as a parent. The collection will defer * to its parent for a default value if a particular parameter is not
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]