public abstract class HttpObjectDecoder extends ByteToMessageDecoder
ByteBuf
s into HttpMessage
s and
HttpContent
s.
Name | Default value | Meaning |
---|---|---|
maxInitialLineLength |
4096 | The maximum length of the initial line
(e.g. "GET / HTTP/1.0" or "HTTP/1.0 200 OK" )
If the length of the initial line exceeds this value, a
TooLongHttpLineException will be raised. |
maxHeaderSize |
8192 | The maximum length of all headers. If the sum of the length of each
header exceeds this value, a TooLongHttpHeaderException will be raised. |
maxChunkSize |
8192 | The maximum length of the content or each chunk. If the content length
(or the length of each chunk) exceeds this value, the content or chunk
will be split into multiple HttpContent s whose length is
maxChunkSize at maximum. |
Name | Default value | Meaning |
---|---|---|
allowDuplicateContentLengths |
false | When set to false , will reject any messages that contain multiple Content-Length header fields.
When set to true , will allow multiple Content-Length headers only if they are all the same decimal value.
The duplicated field-values will be replaced with a single valid Content-Length field.
See RFC 7230, Section 3.3.2. |
allowPartialChunks |
true | If the length of a chunk exceeds the ByteBuf s readable bytes and allowPartialChunks
is set to true , the chunk will be split into multiple HttpContent s.
Otherwise, if the chunk size does not exceed maxChunkSize and allowPartialChunks
is set to false , the ByteBuf is not decoded into an HttpContent until
the readable bytes are greater or equal to the chunk size. |
maxChunkSize
or
the transfer encoding of the HTTP message is 'chunked', this decoder
generates one HttpMessage
instance and its following
HttpContent
s per single HTTP message to avoid excessive memory
consumption. For example, the following HTTP message:
GET / HTTP/1.1 Transfer-Encoding: chunked 1a abcdefghijklmnopqrstuvwxyz 10 1234567890abcdef 0 Content-MD5: ... [blank line]triggers
HttpRequestDecoder
to generate 3 objects:
HttpRequest
,HttpContent
whose content is 'abcdefghijklmnopqrstuvwxyz'
,LastHttpContent
whose content is '1234567890abcdef'
, which marks
the end of the content.HttpContent
s by yourself for your
convenience, insert HttpObjectAggregator
after this decoder in the
ChannelPipeline
. However, please note that your server might not
be as memory efficient as without the aggregator.
Without header validation, your system can become vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') .
This recommendation stands even when both peers in the HTTP exchange are trusted, as it helps with defence-in-depth.
ByteToMessageDecoder.Cumulator
ChannelHandler.Sharable
Modifier and Type | Field and Description |
---|---|
static boolean |
DEFAULT_ALLOW_DUPLICATE_CONTENT_LENGTHS |
static boolean |
DEFAULT_ALLOW_PARTIAL_CHUNKS |
static boolean |
DEFAULT_CHUNKED_SUPPORTED |
static int |
DEFAULT_INITIAL_BUFFER_SIZE |
static int |
DEFAULT_MAX_CHUNK_SIZE |
static int |
DEFAULT_MAX_HEADER_SIZE |
static int |
DEFAULT_MAX_INITIAL_LINE_LENGTH |
static boolean |
DEFAULT_VALIDATE_HEADERS |
protected HttpHeadersFactory |
headersFactory |
protected HttpHeadersFactory |
trailersFactory |
protected boolean |
validateHeaders
Deprecated.
|
COMPOSITE_CUMULATOR, MERGE_CUMULATOR
Modifier | Constructor and Description |
---|---|
protected |
HttpObjectDecoder()
Creates a new instance with the default
maxInitialLineLength (4096) , maxHeaderSize (8192) , and
maxChunkSize (8192) . |
protected |
HttpObjectDecoder(HttpDecoderConfig config)
Creates a new instance with the specified configuration.
|
protected |
HttpObjectDecoder(int maxInitialLineLength,
int maxHeaderSize,
int maxChunkSize,
boolean chunkedSupported)
Deprecated.
Use
HttpObjectDecoder(HttpDecoderConfig) instead. |
protected |
HttpObjectDecoder(int maxInitialLineLength,
int maxHeaderSize,
int maxChunkSize,
boolean chunkedSupported,
boolean validateHeaders)
Deprecated.
Use
HttpObjectDecoder(HttpDecoderConfig) instead. |
protected |
HttpObjectDecoder(int maxInitialLineLength,
int maxHeaderSize,
int maxChunkSize,
boolean chunkedSupported,
boolean validateHeaders,
int initialBufferSize)
Deprecated.
Use
HttpObjectDecoder(HttpDecoderConfig) instead. |
protected |
HttpObjectDecoder(int maxInitialLineLength,
int maxHeaderSize,
int maxChunkSize,
boolean chunkedSupported,
boolean validateHeaders,
int initialBufferSize,
boolean allowDuplicateContentLengths)
Deprecated.
Use
HttpObjectDecoder(HttpDecoderConfig) instead. |
protected |
HttpObjectDecoder(int maxInitialLineLength,
int maxHeaderSize,
int maxChunkSize,
boolean chunkedSupported,
boolean validateHeaders,
int initialBufferSize,
boolean allowDuplicateContentLengths,
boolean allowPartialChunks)
Deprecated.
Use
HttpObjectDecoder(HttpDecoderConfig) instead. |
Modifier and Type | Method and Description |
---|---|
protected abstract HttpMessage |
createInvalidMessage() |
protected abstract HttpMessage |
createMessage(String[] initialLine) |
protected void |
decode(ChannelHandlerContext ctx,
ByteBuf buffer,
List<Object> out)
Decode the from one
ByteBuf to an other. |
protected void |
decodeLast(ChannelHandlerContext ctx,
ByteBuf in,
List<Object> out)
Is called one last time when the
ChannelHandlerContext goes in-active. |
protected void |
handlerRemoved0(ChannelHandlerContext ctx)
Gets called after the
ByteToMessageDecoder was removed from the actual context and it doesn't handle
events anymore. |
protected void |
handleTransferEncodingChunkedWithContentLength(HttpMessage message)
Invoked when a message with both a "Transfer-Encoding: chunked" and a "Content-Length" header field is detected.
|
protected boolean |
isContentAlwaysEmpty(HttpMessage msg) |
protected abstract boolean |
isDecodingRequest() |
protected boolean |
isSwitchingToNonHttp1Protocol(HttpResponse msg)
Returns true if the server switched to a different protocol than HTTP/1.0 or HTTP/1.1, e.g.
|
protected boolean |
isValidating(HttpHeadersFactory headersFactory) |
void |
reset()
Resets the state of the decoder so that it is ready to decode a new message.
|
protected String |
splitFirstWordInitialLine(byte[] asciiContent,
int start,
int length) |
protected AsciiString |
splitHeaderName(byte[] sb,
int start,
int length) |
protected String |
splitSecondWordInitialLine(byte[] asciiContent,
int start,
int length) |
protected String |
splitThirdWordInitialLine(byte[] asciiContent,
int start,
int length) |
void |
userEventTriggered(ChannelHandlerContext ctx,
Object evt)
Calls
ChannelHandlerContext.fireUserEventTriggered(Object) to forward
to the next ChannelInboundHandler in the ChannelPipeline . |
actualReadableBytes, callDecode, channelInactive, channelRead, channelReadComplete, discardSomeReadBytes, handlerRemoved, internalBuffer, isSingleDecode, setCumulator, setDiscardAfterReads, setSingleDecode
channelActive, channelRegistered, channelUnregistered, channelWritabilityChanged, exceptionCaught
ensureNotSharable, handlerAdded, isSharable
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
handlerAdded
public static final int DEFAULT_MAX_INITIAL_LINE_LENGTH
public static final int DEFAULT_MAX_HEADER_SIZE
public static final boolean DEFAULT_CHUNKED_SUPPORTED
public static final boolean DEFAULT_ALLOW_PARTIAL_CHUNKS
public static final int DEFAULT_MAX_CHUNK_SIZE
public static final boolean DEFAULT_VALIDATE_HEADERS
public static final int DEFAULT_INITIAL_BUFFER_SIZE
public static final boolean DEFAULT_ALLOW_DUPLICATE_CONTENT_LENGTHS
@Deprecated protected final boolean validateHeaders
protected final HttpHeadersFactory headersFactory
protected final HttpHeadersFactory trailersFactory
protected HttpObjectDecoder()
maxInitialLineLength (4096)
, maxHeaderSize (8192)
, and
maxChunkSize (8192)
.@Deprecated protected HttpObjectDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean chunkedSupported)
HttpObjectDecoder(HttpDecoderConfig)
instead.@Deprecated protected HttpObjectDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean chunkedSupported, boolean validateHeaders)
HttpObjectDecoder(HttpDecoderConfig)
instead.@Deprecated protected HttpObjectDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean chunkedSupported, boolean validateHeaders, int initialBufferSize)
HttpObjectDecoder(HttpDecoderConfig)
instead.@Deprecated protected HttpObjectDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean chunkedSupported, boolean validateHeaders, int initialBufferSize, boolean allowDuplicateContentLengths)
HttpObjectDecoder(HttpDecoderConfig)
instead.@Deprecated protected HttpObjectDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean chunkedSupported, boolean validateHeaders, int initialBufferSize, boolean allowDuplicateContentLengths, boolean allowPartialChunks)
HttpObjectDecoder(HttpDecoderConfig)
instead.protected HttpObjectDecoder(HttpDecoderConfig config)
protected void handlerRemoved0(ChannelHandlerContext ctx) throws Exception
ByteToMessageDecoder
ByteToMessageDecoder
was removed from the actual context and it doesn't handle
events anymore.handlerRemoved0
in class ByteToMessageDecoder
Exception
protected boolean isValidating(HttpHeadersFactory headersFactory)
protected void decode(ChannelHandlerContext ctx, ByteBuf buffer, List<Object> out) throws Exception
ByteToMessageDecoder
ByteBuf
to an other. This method will be called till either the input
ByteBuf
has nothing to read when return from this method or till nothing was read from the input
ByteBuf
.decode
in class ByteToMessageDecoder
ctx
- the ChannelHandlerContext
which this ByteToMessageDecoder
belongs tobuffer
- the ByteBuf
from which to read dataout
- the List
to which decoded messages should be addedException
- is thrown if an error occursprotected void decodeLast(ChannelHandlerContext ctx, ByteBuf in, List<Object> out) throws Exception
ByteToMessageDecoder
ChannelHandlerContext
goes in-active. Which means the
ByteToMessageDecoder.channelInactive(ChannelHandlerContext)
was triggered.
By default, this will just call ByteToMessageDecoder.decode(ChannelHandlerContext, ByteBuf, List)
but sub-classes may
override this for some special cleanup operation.decodeLast
in class ByteToMessageDecoder
Exception
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception
ChannelInboundHandlerAdapter
ChannelHandlerContext.fireUserEventTriggered(Object)
to forward
to the next ChannelInboundHandler
in the ChannelPipeline
.
Sub-classes may override this method to change behavior.userEventTriggered
in interface ChannelInboundHandler
userEventTriggered
in class ByteToMessageDecoder
Exception
protected boolean isContentAlwaysEmpty(HttpMessage msg)
protected boolean isSwitchingToNonHttp1Protocol(HttpResponse msg)
public void reset()
Expect: 100-continue
header.protected void handleTransferEncodingChunkedWithContentLength(HttpMessage message)
See: https://tools.ietf.org/html/rfc7230#section-3.3.3
If a message is received with both a Transfer-Encoding and a Content-Length header field, the Transfer-Encoding overrides the Content-Length. Such a message might indicate an attempt to perform request smuggling (Section 9.5) or response splitting (Section 9.4) and ought to be handled as an error. A sender MUST remove the received Content-Length field prior to forwarding such a message downstream.Also see: https://github.com/apache/tomcat/blob/b693d7c1981fa7f51e58bc8c8e72e3fe80b7b773/ java/org/apache/coyote/http11/Http11Processor.java#L747-L755 https://github.com/nginx/nginx/blob/0ad4393e30c119d250415cb769e3d8bc8dce5186/ src/http/ngx_http_request.c#L1946-L1953
protected abstract boolean isDecodingRequest()
protected abstract HttpMessage createMessage(String[] initialLine) throws Exception
Exception
protected abstract HttpMessage createInvalidMessage()
protected String splitFirstWordInitialLine(byte[] asciiContent, int start, int length)
protected String splitSecondWordInitialLine(byte[] asciiContent, int start, int length)
protected String splitThirdWordInitialLine(byte[] asciiContent, int start, int length)
protected AsciiString splitHeaderName(byte[] sb, int start, int length)
Copyright © 2008–2024 The Netty Project. All rights reserved.