Limit the received content when handling the content as a String. #27656
Conversation
ad92a8d to
4e68ce1
Compare
|
@rmartinc - as I've been working on the other issue, I had an idea on how to limit the response size without moving to v5 of the library. The maximum response size can be configured for Maybe it is good enough for now? WDYT? |
|
@ahus1 Maybe we can add a new method in the default long getMaxConsumedResponseSize() {
return DEFAULT_MAX_CONSUMED_RESPONSE_SIZE;
}The default implementation overwrites it with the configured value if set. And then the |
74a0bf5 to
10b7444
Compare
|
@rmartinc - I've updated this PR. Please let me know if you think this is a valid approach when you have the time. Pinging also @abstractj as you've been managing the original issue. |
| return doDelete(url, client, HttpClientProvider.DEFAULT_MAX_CONSUMED_RESPONSE_SIZE); | ||
| } | ||
|
|
||
| public static SimpleHttp doDelete(String url, HttpClient client, long maxConsumedResponseSize) { |
There was a problem hiding this comment.
Maybe too many variants, IMO this one is not needed as you can always do: SimpleHttp.doDelete(url, client).setMaxConsumedResponseSize(512*1024).asJson(). But this is just a comment, you can leave as it is if you like these variants.
| if (bytesConsumed >= maxBytesToConsume) { | ||
| throw new IOException(String.format("Response is longer than %s, with max bytes to be consumed being %d", bytesConsumed, maxBytesToConsume)); |
There was a problem hiding this comment.
Just a minor thing, but this wouldn't be > insteadof >=, just to allow exact number. And I would use: Response is at least %s bytes in size, with max....
| @Override | ||
| public int read(byte[] b, int off, int len) throws IOException { | ||
| int sizeRead = delegate.read(b, off, len); | ||
| bytesConsumed += sizeRead; |
There was a problem hiding this comment.
Better do the same than in single read: if (sizeRead > 0) bytesConsumed += sizeRead;
| public void withCharset() throws IOException { | ||
| HttpResponse httpResponse = createBasicResponse(entity); | ||
| SimpleHttp.Response response = new SimpleHttp.Response(httpResponse); | ||
| SimpleHttp.Response response = new SimpleHttp.Response(httpResponse, HttpClientProvider.DEFAULT_MAX_CONSUMED_RESPONSE_SIZE); |
There was a problem hiding this comment.
I think we could add a test here too. I did something quick in this commit: rmartinc@1e65623
You can use it or something similar.
a2a8f09 to
eb80cad
Compare
rmartinc
left a comment
There was a problem hiding this comment.
Thanks for the changes! Good idea limiting SimpleHttp to the methods that pass the session. LGTM now! Let's see the tests!
eb80cad to
ec154c9
Compare
Closes keycloak#27293 Co-authored-by: rmartinc <[email protected]> Signed-off-by: rmartinc <[email protected]> Signed-off-by: Alexander Schwartz <[email protected]>
ec154c9 to
383b905
Compare
|
@abstractj - I needed to rebase the PR due to conflicts in the documentation. Please re-approve when you have the time. Thanks! |
Closes #27293