Re: POST request with timeout acts weird
Op maandag, 5 oktober 2009 00:47 schreef André Warnier a...@ice-sa.com: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ronald, On 10/2/2009 9:20 AM, Ronald Klop wrote: But I don't send any data. My servlet than waits in getParameterMap(), because that try's to read the inputstream and parse the parameters. After 20 seconds (Connector has connectionTimeout=2) the reading of the inputstream ends, but my application just gets an empty Map in stead of some TimeoutException. What leads you to believe that a TimeoutException would be thrown? The documentation for the HTTP connector's connectionTimeout attribute says: The number of milliseconds this Connector will wait, after accepting a connection, for the request URI line to be presented. The default value is 6 (i.e. 60 seconds). You provided the URI line within plenty of time. If you didn't enter anything, Tomcat would disconnect. Since you did, it doesn't. ... Doesn't the fact that the read on the inputstream returns, imply that there is actually a timeout, even if it is not returned to the webapp ? And, to Ronald : if the request is a POST, and it has a Content-length, and you get an empty parameter map after 20 seconds, can't you just reject the request as invalid ? And, curiosity : if you set the Connector timeout to 30 seconds, does your inputstream then return after 30 seconds too ? Yes it implies there is a timeout, but it is kind of guessing if it was a timeout or really an empty ParameterMap for the webapp. This can be workarounded by always including a dummyvar in the parameters as Christopher Shultz mentions or checking the Content-Length. But maybe Tomcat can do something better internally. Yes if I set the connector timeout to 30 seconds it returns after 30 seconds. My other workaround is doing a GET ajax in stead of POST. For this case the url wouldn't be too long for Internet Explorer and than more data is send at once over the network. Ronald.
Re: POST request with timeout acts weird
Op zondag, 4 oktober 2009 22:23 schreef Christopher Schultz
ch...@christopherschultz.net:
Ronald,
On 10/2/2009 9:20 AM, Ronald Klop wrote:
But I don't send any data. My servlet than waits in getParameterMap(),
because that try's to read the inputstream and parse the parameters.
After 20 seconds (Connector has connectionTimeout=2) the reading
of the inputstream ends, but my application just gets an empty Map in
stead of some TimeoutException.
What leads you to believe that a TimeoutException would be thrown? The
documentation for the HTTP connector's connectionTimeout attribute says:
The number of milliseconds this Connector will wait, after accepting a
connection, for the request URI line to be presented. The default value
is 6 (i.e. 60 seconds).
You provided the URI line within plenty of time. If you didn't enter
anything, Tomcat would disconnect. Since you did, it doesn't.
Why? And how should I handle this?
Honestly, I'm not sure if there's a way to check to see if all bytes
advertised in Content-Length were actually consumed by a request.
(The real problem is that IE has some issue's and that some of my
customers sometimes send synchronous ajax calls which don't send any
data. I'm investigating that too. If somebody has a tip about that it is
also appreciated.)
Technically speaking, the HTTP spec does not require the Content-Length
to be correct(!). I think this is something that your webapp is just
going to have to tolerate.
Perhaps you could add a parameter to all your requests like 'last=true'
and always make that the last parameter submitted. If the last parameter
has the value true then the POST was sane. Otherwise, reject the
request. Just a thought.
- -chris
There is even more fun about the documentation of connectionTimeout. It states
that it waits for the URI after accepting the connection, but in my example
Tomcat is not waiting for the URI, but for data from the request. So
connectionTimeout does much more than what is mentioned in the documentation.
I know about the issue of interpreting the Content-Length in comination with
charsets and Content-Encoding and Transfer-Encoding.
But I guess Tomcat does something like this.
Socket s = ...;
s.setSoTimeout(2);
InputStream in = s.getInputStream();
try {
in.read();
} catch (SocketTimeoutException e) {
// Ignore and give (part of the) data to the Servlet, because the specs of
getParameter(...) gives us no room for bubbling up this exception.
}
I will verify if this is correct in the code, but I hope to illustrate what I
puzzled by. I can't handle this situation without workarounds, while the
problem is so simple.
I think the lazy evaluation of the POST parameters in Tomcat is making it very
difficult to give good errors. But don't take this wrong. I'm not telling that
the advantages of lazy evalution are bigger of smaller.
Ronald.
Re: POST request with timeout acts weird
Ronald Klop wrote: ... There is even more fun about the documentation of connectionTimeout. It states that it waits for the URI after accepting the connection, but in my example Tomcat is not waiting for the URI, but for data from the request. So connectionTimeout does much more than what is mentioned in the documentation. You can also look at it in another way, consistent with your observations so far : - Tomcat does wait after the initial connection, for connectTimeout seconds, for the URI (and, I suppose, headers) to come in. If these things do not come in in the time set, there is an error. This is documented. And it helps in fighting some specific types of DOS attacks. - but, internally and undocumented, Tomcat also uses the same connectTimeout timeout value when it is subsequently asked to read the request body (for example with getParameters()). But since the getParameters() method, (as per the Servlet Spec I guess) does not allow for a timeout exception to be returned, Tomcat merely returns an empty parameter map when this timeout occurs. It appears that there is no way to explicitly set (individually) the timeout for reading the request body, nor to get a specific error when whatever timeout is being used, is exceeded. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: POST request with timeout acts weird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 10/5/2009 8:41 AM, André Warnier wrote: - but, internally and undocumented, Tomcat also uses the same connectTimeout timeout value when it is subsequently asked to read the request body (for example with getParameters()). But since the getParameters() method, (as per the Servlet Spec I guess) does not allow for a timeout exception to be returned, Tomcat merely returns an empty parameter map when this timeout occurs. I wonder if a partial parameter map would be returned if /some/ POST parameters were sent, but the Content-Length was never satisfied (and this timeout occurred). It appears that there is no way to explicitly set (individually) the timeout for reading the request body, nor to get a specific error when whatever timeout is being used, is exceeded. The servlet API does not appear to support this. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrJ8w8ACgkQ9CaO5/Lv0PAmagCgqwpH4x9sam8CK4BoqG/hy+9A R94An3ns68z6ZPg4L5xbKxgdwxTgOe/E =k52B -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: POST request with timeout acts weird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ronald, On 10/2/2009 9:20 AM, Ronald Klop wrote: But I don't send any data. My servlet than waits in getParameterMap(), because that try's to read the inputstream and parse the parameters. After 20 seconds (Connector has connectionTimeout=2) the reading of the inputstream ends, but my application just gets an empty Map in stead of some TimeoutException. What leads you to believe that a TimeoutException would be thrown? The documentation for the HTTP connector's connectionTimeout attribute says: The number of milliseconds this Connector will wait, after accepting a connection, for the request URI line to be presented. The default value is 6 (i.e. 60 seconds). You provided the URI line within plenty of time. If you didn't enter anything, Tomcat would disconnect. Since you did, it doesn't. Why? And how should I handle this? Honestly, I'm not sure if there's a way to check to see if all bytes advertised in Content-Length were actually consumed by a request. (The real problem is that IE has some issue's and that some of my customers sometimes send synchronous ajax calls which don't send any data. I'm investigating that too. If somebody has a tip about that it is also appreciated.) Technically speaking, the HTTP spec does not require the Content-Length to be correct(!). I think this is something that your webapp is just going to have to tolerate. Perhaps you could add a parameter to all your requests like 'last=true' and always make that the last parameter submitted. If the last parameter has the value true then the POST was sane. Otherwise, reject the request. Just a thought. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrJBE4ACgkQ9CaO5/Lv0PAaowCgkQEbD1B8qsM3XR9vCHFxjMLz P6sAoJ8E+yxQvvc5/oEzqU29adlKe+59 =qmW1 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: POST request with timeout acts weird
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ronald, On 10/2/2009 9:20 AM, Ronald Klop wrote: But I don't send any data. My servlet than waits in getParameterMap(), because that try's to read the inputstream and parse the parameters. After 20 seconds (Connector has connectionTimeout=2) the reading of the inputstream ends, but my application just gets an empty Map in stead of some TimeoutException. What leads you to believe that a TimeoutException would be thrown? The documentation for the HTTP connector's connectionTimeout attribute says: The number of milliseconds this Connector will wait, after accepting a connection, for the request URI line to be presented. The default value is 6 (i.e. 60 seconds). You provided the URI line within plenty of time. If you didn't enter anything, Tomcat would disconnect. Since you did, it doesn't. ... Doesn't the fact that the read on the inputstream returns, imply that there is actually a timeout, even if it is not returned to the webapp ? And, to Ronald : if the request is a POST, and it has a Content-length, and you get an empty parameter map after 20 seconds, can't you just reject the request as invalid ? And, curiosity : if you set the Connector timeout to 30 seconds, does your inputstream then return after 30 seconds too ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
POST request with timeout acts weird
Hello,
I have made the servlet which I include below. If I send this request to it:
telnet localhost 8080
POST /timeout HTTP/1.1
Host: crm.ronald.base.nl
Content-Type: application/x-www-form-urlencoded
Content-Length: 100
But I don't send any data. My servlet than waits in getParameterMap(), because that try's
to read the inputstream and parse the parameters. After 20 seconds (Connector has
connectionTimeout=2) the reading of the inputstream ends, but my
application just gets an empty Map in stead of some TimeoutException. In this case the
browser receives a HTTP 200 OK in stead of HTTP ??? TIMEOUT.
Why? And how should I handle this?
(The real problem is that IE has some issue's and that some of my customers
sometimes send synchronous ajax calls which don't send any data. I'm
investigating that too. If somebody has a tip about that it is also
appreciated.)
Ronald.
packages test;
import ...;
public final class TimeoutTestServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Map params = req.getParameterMap();
System.out.println(params: + params);
}
}
servlet
servlet-nametimeout/servlet-name
servlet-classtest.TimeoutTestServlet/servlet-class
/servlet
servlet-mapping
servlet-nametimeout/servlet-name
url-pattern/timeout/url-pattern
/servlet-mapping
Re: POST request with timeout acts weird
Op vrijdag, 2 oktober 2009 15:20 schreef Ronald Klop
ronald-mailingl...@base.nl:
Hello,
I have made the servlet which I include below. If I send this request to it:
telnet localhost 8080
POST /timeout HTTP/1.1
Host: crm.ronald.base.nl
Content-Type: application/x-www-form-urlencoded
Content-Length: 100
But I don't send any data. My servlet than waits in getParameterMap(), because that try's
to read the inputstream and parse the parameters. After 20 seconds (Connector has
connectionTimeout=2) the reading of the inputstream ends, but my
application just gets an empty Map in stead of some TimeoutException. In this case the
browser receives a HTTP 200 OK in stead of HTTP ??? TIMEOUT.
Why? And how should I handle this?
(The real problem is that IE has some issue's and that some of my customers
sometimes send synchronous ajax calls which don't send any data. I'm
investigating that too. If somebody has a tip about that it is also
appreciated.)
Ronald.
packages test;
import ...;
public final class TimeoutTestServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Map params = req.getParameterMap();
System.out.println(params: + params);
}
}
servlet
servlet-nametimeout/servlet-name
servlet-classtest.TimeoutTestServlet/servlet-class
/servlet
servlet-mapping
servlet-nametimeout/servlet-name
url-pattern/timeout/url-pattern
/servlet-mapping
Sorry, didn't mention I user Tomcat 6.0.20 on java 1.6.
