Re: [undertow-dev] Equivalents to Tomcat/JBossWeb valves and options
On Tue, 2013-04-30 at 19:00 +1000, Stuart Douglas wrote:
> The most commonly used Tomcat -D option is
> org.apache.catalina.STRICT_SERVLET_COMPLIANCE=false. When it's
> discussed, it always seems to be added for the effect of not enforcing
> "any wrapped request or response object passed to an application
> dispatcher will be checked to ensure that it has wrapped the original
> request or response. (SRV.8.2 / SRV.14.2.5.1)". Undertow enforces that
> clause.
I will add this option. I think this should be modifiable per
deployment, as well as per server. For a lot of these options I am
thinking we have a servlet settings option in the config, which can then
be overridden in jboss-web.xml.
I don't really want to have things setup via system properties.
That sounds good to me, and I agree system properties should be a last
resort.
At the moment this limit is hard coded, but that should be fixed up
soon. This can only be modified on a global level, as this happens
before it is dispatched to a servlet application. We also use
SecureHashMap in some places, which will throw an exception if there are
two many hash collisions. Looks like cookie handler is vulnerable at the
moment, I will fix that up tomorrow.
That sounds good. I haven't checked if there are others around, but can
take a look.
Undertow does not re-size buffers, it uses fixed size direct buffers
for
the most part. We are still using Jasper for JSP though, so I will look
into this option.
I haven't tested, but I think the existing system property would still
get picked up. It wouldn't be as nice as proper configuration options
but I don't think it's changeable without hacking the Jasper code.
Do you want me to go through and file JIRAs for all the things I
mentioned?
--
James "Doc" Livingston
JBoss Support Engineering Group