[jboss-jira] [JBoss JIRA] (WFLY-2751) h:inputFile and max-file-size

Jozef Hartinger (JIRA) issues at jboss.org
Fri Jan 17 02:07:33 EST 2014 

    [ https://issues.jboss.org/browse/WFLY-2751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12936527#comment-12936527 ] 

Jozef Hartinger commented on WFLY-2751:
---------------------------------------

I suggest that you do not map the CDI Conversation Filter which will cause CDI conversations to be activated lazily. This is not in CR1. You would have to use the current SNAPSHOT or wait for FINAL.
                
> h:inputFile and max-file-size
> -----------------------------
>
>                 Key: WFLY-2751
>                 URL: https://issues.jboss.org/browse/WFLY-2751
>             Project: WildFly
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: CDI / Weld
>    Affects Versions: 8.0.0.CR1
>         Environment: Open JDK 7, Cent OS
>            Reporter: Andre Pankraz
>            Assignee: Stuart Douglas
>
> If I use h:inputFile (JSF) together with something like e.g.:
> 	<servlet>
> 		<servlet-name>Faces Servlet</servlet-name>
> 		<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
> 		<load-on-startup>1</load-on-startup>
> 		<multipart-config>
> 			<location>/tmp</location>
> 			<max-file-size>1000</max-file-size>
> 			<max-request-size>2000</max-request-size>
> 			<file-size-threshold>500</file-size-threshold>
> 		</multipart-config>
> 	</servlet>
> and I upload a file which exceeds the max-file-size, I get an exception in the attached style (below).
> I cannot really react to this exception in JSF (global exception handler will not notice this because exception not in context of faces servlet) or in web-xml exception-handlers (to generic RuntimeException, not even an IllegalArgumentException like in spec?!).
> I would expect that this heavily restricts the usability if this new JSF component? I could switch off the restrictions and write a custom validator to check the part-size, but this is not very secure - the to large file is then already written to the given folder?!
> Exception is:
> 16:08:06,837 ERROR [io.undertow.request] (default task-14) Servlet request failed HttpServerExchange{ POST /...Upload.xhtml}: java.lang.RuntimeException: java.io.IOException: UT000054: The maximum size 1000 for an individual file in a multipart request was exceeded
> 	at io.undertow.servlet.spec.HttpServletRequestImpl.parseFormData(HttpServletRequestImpl.java:705) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.spec.HttpServletRequestImpl.getParameter(HttpServletRequestImpl.java:577) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at org.jboss.weld.servlet.ConversationContextActivator.getConversationId(ConversationContextActivator.java:124) [weld-core-impl-2.1.0.Final.jar:2013-10-11 10:25]
> 	at org.jboss.weld.servlet.ConversationContextActivator.activateConversationContext(ConversationContextActivator.java:91) [weld-core-impl-2.1.0.Final.jar:2013-10-11 10:25]
> 	at org.jboss.weld.servlet.ConversationContextActivator.startConversationContext(ConversationContextActivator.java:79) [weld-core-impl-2.1.0.Final.jar:2013-10-11 10:25]
> 	at org.jboss.weld.servlet.ConversationFilter.doFilter(ConversationFilter.java:68) [weld-core-impl-2.1.0.Final.jar:2013-10-11 10:25]
> 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:56) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at de.init.xrepository.util.filter.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:29) [classes:]
> 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:56) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at de.init.xrepository.util.PageExpiryFilter.doFilter(PageExpiryFilter.java:166) [classes:]
> 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:56) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:93) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:81)
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:52) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:55) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:65) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:70) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:218) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:205) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:69) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:134) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:138) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:622) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_45]
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_45]
> 	at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
> Caused by: java.io.IOException: UT000054: The maximum size 1000 for an individual file in a multipart request was exceeded
> 	at io.undertow.server.handlers.form.MultiPartParserDefinition$MultiPartUploadHandler.data(MultiPartParserDefinition.java:246) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.util.MultipartParser$IdentityEncoding.handle(MultipartParser.java:328) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.util.MultipartParser$ParseState.entity(MultipartParser.java:306) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.util.MultipartParser$ParseState.parse(MultipartParser.java:111) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.server.handlers.form.MultiPartParserDefinition$MultiPartUploadHandler.parseBlocking(MultiPartParserDefinition.java:196) [undertow-core-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	at io.undertow.servlet.spec.HttpServletRequestImpl.parseFormData(HttpServletRequestImpl.java:703) [undertow-servlet-1.0.0.Beta20.jar:1.0.0.Beta20]
> 	... 37 more

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list