Package io.netty.handler.codec.http
Class HttpRequestDecoder
- java.lang.Object
-
- io.netty.channel.ChannelHandlerAdapter
-
- io.netty.channel.ChannelInboundHandlerAdapter
-
- io.netty.handler.codec.ByteToMessageDecoder
-
- io.netty.handler.codec.http.HttpObjectDecoder
-
- io.netty.handler.codec.http.HttpRequestDecoder
-
- All Implemented Interfaces:
ChannelHandler
,ChannelInboundHandler
public class HttpRequestDecoder extends HttpObjectDecoder
DecodesByteBuf
s intoHttpRequest
s andHttpContent
s.Parameters that prevents excessive memory consumption
Name Meaning maxInitialLineLength
The maximum length of the initial line (e.g. "GET / HTTP/1.0"
) If the length of the initial line exceeds this value, aTooLongHttpLineException
will be raised.maxHeaderSize
The maximum length of all headers. If the sum of the length of each header exceeds this value, a TooLongHttpHeaderException
will be raised.maxChunkSize
The maximum length of the content or each chunk. If the content length exceeds this value, the transfer encoding of the decoded request will be converted to 'chunked' and the content will be split into multiple HttpContent
s. If the transfer encoding of the HTTP request is 'chunked' already, each chunk will be split into smaller chunks if the length of the chunk exceeds this value. If you prefer not to handleHttpContent
s in your handler, insertHttpObjectAggregator
after this decoder in theChannelPipeline
.Parameters that control parsing behavior
Name Default value Meaning allowDuplicateContentLengths
false When set to false
, will reject any messages that contain multiple Content-Length header fields. When set totrue
, will allow multiple Content-Length headers only if they are all the same decimal value. The duplicated field-values will be replaced with a single valid Content-Length field. See RFC 7230, Section 3.3.2.allowPartialChunks
true If the length of a chunk exceeds the ByteBuf
s readable bytes andallowPartialChunks
is set totrue
, the chunk will be split into multipleHttpContent
s. Otherwise, if the chunk size does not exceedmaxChunkSize
andallowPartialChunks
is set tofalse
, theByteBuf
is not decoded into anHttpContent
until the readable bytes are greater or equal to the chunk size.Header Validation
It is recommended to always enable header validation.Without header validation, your system can become vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') .
This recommendation stands even when both peers in the HTTP exchange are trusted, as it helps with defence-in-depth.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class io.netty.handler.codec.ByteToMessageDecoder
ByteToMessageDecoder.Cumulator
-
Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler
ChannelHandler.Sharable
-
-
Field Summary
-
Fields inherited from class io.netty.handler.codec.http.HttpObjectDecoder
DEFAULT_ALLOW_DUPLICATE_CONTENT_LENGTHS, DEFAULT_ALLOW_PARTIAL_CHUNKS, DEFAULT_CHUNKED_SUPPORTED, DEFAULT_INITIAL_BUFFER_SIZE, DEFAULT_MAX_CHUNK_SIZE, DEFAULT_MAX_HEADER_SIZE, DEFAULT_MAX_INITIAL_LINE_LENGTH, DEFAULT_VALIDATE_HEADERS, headersFactory, trailersFactory, validateHeaders
-
Fields inherited from class io.netty.handler.codec.ByteToMessageDecoder
COMPOSITE_CUMULATOR, MERGE_CUMULATOR
-
-
Constructor Summary
Constructors Constructor Description HttpRequestDecoder()
Creates a new instance with the defaultmaxInitialLineLength (4096)
,maxHeaderSize (8192)
, andmaxChunkSize (8192)
.HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize)
Creates a new instance with the specified parameters.HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders)
Deprecated.Prefer theHttpRequestDecoder(HttpDecoderConfig)
constructor, to always have header validation enabled.HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize)
Deprecated.Prefer theHttpRequestDecoder(HttpDecoderConfig)
constructor, to always have header validation enabled.HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize, boolean allowDuplicateContentLengths)
Deprecated.Prefer theHttpRequestDecoder(HttpDecoderConfig)
constructor, to always have header validation enabled.HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize, boolean allowDuplicateContentLengths, boolean allowPartialChunks)
Deprecated.Prefer theHttpRequestDecoder(HttpDecoderConfig)
constructor, to always have header validation enabled.HttpRequestDecoder(HttpDecoderConfig config)
Creates a new instance with the specified configuration.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected HttpMessage
createInvalidMessage()
protected HttpMessage
createMessage(java.lang.String[] initialLine)
protected boolean
isContentAlwaysEmpty(HttpMessage msg)
protected boolean
isDecodingRequest()
protected java.lang.String
splitFirstWordInitialLine(byte[] sb, int start, int length)
protected AsciiString
splitHeaderName(byte[] sb, int start, int length)
protected java.lang.String
splitThirdWordInitialLine(byte[] sb, int start, int length)
-
Methods inherited from class io.netty.handler.codec.http.HttpObjectDecoder
decode, decodeLast, handlerRemoved0, handleTransferEncodingChunkedWithContentLength, isSwitchingToNonHttp1Protocol, isValidating, reset, splitSecondWordInitialLine, userEventTriggered
-
Methods inherited from class io.netty.handler.codec.ByteToMessageDecoder
actualReadableBytes, callDecode, channelInactive, channelRead, channelReadComplete, discardSomeReadBytes, handlerRemoved, internalBuffer, isSingleDecode, setCumulator, setDiscardAfterReads, setSingleDecode
-
Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter
channelActive, channelRegistered, channelUnregistered, channelWritabilityChanged, exceptionCaught
-
Methods inherited from class io.netty.channel.ChannelHandlerAdapter
ensureNotSharable, handlerAdded, isSharable
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface io.netty.channel.ChannelHandler
handlerAdded
-
-
-
-
Constructor Detail
-
HttpRequestDecoder
public HttpRequestDecoder()
Creates a new instance with the defaultmaxInitialLineLength (4096)
,maxHeaderSize (8192)
, andmaxChunkSize (8192)
.
-
HttpRequestDecoder
public HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize)
Creates a new instance with the specified parameters.- Parameters:
maxInitialLineLength
- the initial size of the temporary buffer used when parsing the lines of the HTTP headers.maxHeaderSize
- the maximum permitted combined size of all headers in any one request.maxChunkSize
- The maximum amount of data that the decoder will buffer before sending chunks down the pipeline.- See Also:
HttpDecoderConfig API documentation for detailed descriptions of the configuration parameters.
-
HttpRequestDecoder
@Deprecated public HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders)
Deprecated.Prefer theHttpRequestDecoder(HttpDecoderConfig)
constructor, to always have header validation enabled.
-
HttpRequestDecoder
@Deprecated public HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize)
Deprecated.Prefer theHttpRequestDecoder(HttpDecoderConfig)
constructor, to always have header validation enabled.
-
HttpRequestDecoder
@Deprecated public HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize, boolean allowDuplicateContentLengths)
Deprecated.Prefer theHttpRequestDecoder(HttpDecoderConfig)
constructor, to always have header validation enabled.
-
HttpRequestDecoder
@Deprecated public HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize, boolean allowDuplicateContentLengths, boolean allowPartialChunks)
Deprecated.Prefer theHttpRequestDecoder(HttpDecoderConfig)
constructor, to always have header validation enabled.
-
HttpRequestDecoder
public HttpRequestDecoder(HttpDecoderConfig config)
Creates a new instance with the specified configuration.
-
-
Method Detail
-
createMessage
protected HttpMessage createMessage(java.lang.String[] initialLine) throws java.lang.Exception
- Specified by:
createMessage
in classHttpObjectDecoder
- Throws:
java.lang.Exception
-
splitHeaderName
protected AsciiString splitHeaderName(byte[] sb, int start, int length)
- Overrides:
splitHeaderName
in classHttpObjectDecoder
-
splitFirstWordInitialLine
protected java.lang.String splitFirstWordInitialLine(byte[] sb, int start, int length)
- Overrides:
splitFirstWordInitialLine
in classHttpObjectDecoder
-
splitThirdWordInitialLine
protected java.lang.String splitThirdWordInitialLine(byte[] sb, int start, int length)
- Overrides:
splitThirdWordInitialLine
in classHttpObjectDecoder
-
createInvalidMessage
protected HttpMessage createInvalidMessage()
- Specified by:
createInvalidMessage
in classHttpObjectDecoder
-
isDecodingRequest
protected boolean isDecodingRequest()
- Specified by:
isDecodingRequest
in classHttpObjectDecoder
-
isContentAlwaysEmpty
protected boolean isContentAlwaysEmpty(HttpMessage msg)
- Overrides:
isContentAlwaysEmpty
in classHttpObjectDecoder
-
-