> -----Original Message----- > From: Konstantin Preißer [mailto:kpreis...@apache.org] > Sent: Monday, October 7, 2013 4:10 PM > To: 'Tomcat Developers List' > Subject: RE: 8.0.x / 7.0.x progress > > Hi Mark, > > > -----Original Message----- > > From: Mark Thomas [mailto:ma...@apache.org] > > Sent: Monday, October 7, 2013 3:53 PM > > To: Tomcat Developers List > > Subject: Re: 8.0.x / 7.0.x progress > > > > > > To me this reads that by default (value = -1), there is no limit when > > processing whole messages, so I think Tomcat should handle such large > > messages when not using methods to read partial messages. > > > > > > Am I missing something? > > > > DoS via a single large message that triggers an OOME. > > Yes, that can happen if there is no value specified for the maximum message > size. (I thought it would be the application's responsibility so set a > reasonable > limit there, e.g. with the maxMessageSize attribute). > > But what I meant was, that the javadoc specifies that "-1" is the default > value > which means that there is no limit when receiving the message (as a whole), > and the ChatAnnotation does not specify a value in its OnMessage > annotation. So Tomcat does not seem to implement this default value. > > Also, when I change the value to something like this: > > @OnMessage(maxMessageSize = 10000000L) > > so that Tomcat should be able to receive 10 MB messages, but it still does not > receive the 10000 characters string message.
Sorry - I think I missed something regarding the buffer size in the session. When setting session.setMaxTextMessageBufferSize(1000000); (e.g. in onOpen method), then Tomcat does indeed receive messages with such size, and it calls the @OnMessage method I also noticed that when using @OnMessage with maxMessageSize that is lower than the one set in session.setMaxTextMessageBufferSize, the message will be rejected. So it seems that first the limit from session.setMaxTextMessageBufferSize(...) is applied, and then the limit from @OnMessage(maxMessageSize = ...) is applied. Is this correct? Note that for the BIO connector, this does not seem to work - there Tomcat does not call the OnMessage method when such large message is received (and I also was not able to receive partial messages), whereas for NIO it works. Regards, Konstantin Preißer --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
