[jboss-jira] [JBoss JIRA] (WFLY-2751) h:inputFile and max-file-size

Andre Pankraz (JIRA) issues at jboss.org
Tue Jan 14 10:51:33 EST 2014 

     [ https://issues.jboss.org/browse/WFLY-2751?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andre Pankraz updated WFLY-2751:
--------------------------------

    Issue Type: Bug  (was: Feature Request)

    
> h:inputFile and max-file-size
> -----------------------------
>
>                 Key: WFLY-2751
>                 URL: https://issues.jboss.org/browse/WFLY-2751
>             Project: WildFly
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: CDI / Weld
>    Affects Versions: 8.0.0.CR1
>         Environment: Open JDK 7, Cent OS
>            Reporter: Andre Pankraz
>            Assignee: Stuart Douglas
>
> If I use h:inputFile (JSF) together with something like e.g.:
> 	<servlet>
> 		<servlet-name>Faces Servlet</servlet-name>
> 		<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
> 		<load-on-startup>1</load-on-startup>
> 		<multipart-config>
> 			<location>/tmp</location>
> 			<max-file-size>1000</max-file-size>
> 			<max-request-size>2000</max-request-size>
> 			<file-size-threshold>500</file-size-threshold>
> 		</multipart-config>
> 	</servlet>
> and I upload a file which exceeds the max-file-size, I get an exception in the attached style (below).
> I cannot really react to this exception in JSF (global exception handler will not notice this because exception not in context of faces servlet) or in web-xml exception-handlers (to generic RuntimeException, not even an IllegalArgumentException like in spec?!).
> I would expect that this heavily restricts the usability if this new JSF component? I could switch off the restrictions and write a custom validator to check the part-size, but this is not very secure - the to large file is then already written to the given folder?!
> Exception is:
> 16:08:06,837 ERROR [io.undertow.request] (default task-14) Servlet request failed HttpServerExchange{ POST /...Upload.xhtml}: java.lang.RuntimeException: java.io.IOException: UT000054: The maximum size 1000 for an individual file in a multipart request was exceeded
> 	at io.undertow.servlet.spec.HttpServletRequestImpl.parseFormData(HttpServletRequestImpl.java:705) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.spec.HttpServletRequestImpl.getParameter(HttpServletRequestImpl.java:577) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at org.jboss.weld.servlet.ConversationContextActivator.getConversationId(ConversationContextActivator.java:124) [weld-core-impl-2.1.0.Final.jar:2013-10-11 10:25]
> 	at org.jboss.weld.servlet.ConversationContextActivator.activateConversationContext(ConversationContextActivator.java:91) [weld-core-impl-2.1.0.Final.jar:2013-10-11 10:25]
> 	at org.jboss.weld.servlet.ConversationContextActivator.startConversationContext(ConversationContextActivator.java:79) [weld-core-impl-2.1.0.Final.jar:2013-10-11 10:25]
> 	at org.jboss.weld.servlet.ConversationFilter.doFilter(ConversationFilter.java:68) [weld-core-impl-2.1.0.Final.jar:2013-10-11 10:25]
> 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:56) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at de.init.xrepository.util.filter.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:29) [classes:]
> 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:56) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at de.init.xrepository.util.PageExpiryFilter.doFilter(PageExpiryFilter.java:166) [classes:]
> 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:56) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:93) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:81)
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:52) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:55) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:65) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:70) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:218) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:205) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:69) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:134) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:138) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:622) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_45]
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_45]
> 	at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
> Caused by: java.io.IOException: UT000054: The maximum size 1000 for an individual file in a multipart request was exceeded
> 	at io.undertow.server.handlers.form.MultiPartParserDefinition$MultiPartUploadHandler.data(MultiPartParserDefinition.java:246) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.util.MultipartParser$IdentityEncoding.handle(MultipartParser.java:328) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.util.MultipartParser$ParseState.entity(MultipartParser.java:306) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.util.MultipartParser$ParseState.parse(MultipartParser.java:111) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.server.handlers.form.MultiPartParserDefinition$MultiPartUploadHandler.parseBlocking(MultiPartParserDefinition.java:196) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.spec.HttpServletRequestImpl.parseFormData(HttpServletRequestImpl.java:703) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	... 37 more

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list