堆栈内存溢出
  简体   繁体   English

Java Jersey 2.4.1:使用固定长度扩展时的内容长度标头要求

[英]Java Jersey 2.4.1: content-length header requirement when using fixed length sreaming

 原文  2013-12-18 23:23:46       java/ jersey-2.0

问题描述

Jersey 2.4.1 gives us the ability to enable fixed length streaming. Jersey 2.4.1使我们能够启用固定长度的流。 This is very useful when uploading large files. 上传大文件时,这非常有用。 The new client property for enabling this is: HTTP_URL_CONNECTOR_FIX_LENGTH_STREAMING. 用于启用此功能的新客户端属性为:HTTP_URL_CONNECTOR_FIX_LENGTH_STREAMING。

By default, when doing uploads, the whole entity content is buffered by the connector before the bytes are sent to their destination. 默认情况下,在进行上传时,整个实体内容将由连接器缓冲,然后再将字节发送到目的地。 This means that the client will likely run out of memory when uploading large files. 这意味着,在上传大文件时,客户端可能会耗尽内存。 Enabling fixed length streaming solves this problem. 启用固定长度的流可以解决此问题。

Unfortunately this property is not honored when the content-length header is not specified (or is set to 0) in the request. 不幸的是,如果在请求中未指定content-length标头(或将其设置为0),则不会使用此属性。 My question is why? 我的问题是为什么? What problem are the Jersey runtimes trying to prevent by putting this restriction? 通过设置此限制,Jersey运行时试图解决什么问题? Is the content length information necessary to stream the data? 内容长度信息是流数据所必需的吗?

Thanks, 谢谢,

Habib 哈比卜

2 个解决方案

解决方案1
 0  2013-12-19 00:02:43

Whether fixed length streaming is actived or not, the client should set the header anyway. 不管固定长度的流是否处于活动状态,客户端都应设置头。 With fixed length you know the size without the need of buffering the content but that only makes sense if you actually set the header. 使用固定长度,您无需缓冲内容就知道大小,但这只有在您实际设置标头时才有意义。 The server doesn't care if the client buffered the content to determine the length or not. 服务器不在乎客户端是否缓冲内容以确定长度。

In HTTP, [the Content-Length field] SHOULD be sent whenever the message's length can be determined prior to being transferred, unless this is prohibited by the rules in section 4.4. 在HTTP中,只要在传输之前可以确定消息的长度,就应该发送[Content-Length字段],除非第4.4节中的规则禁止这样做。

RFC 2616, section 14.13 Content-Length RFC 2616,第14.13节内容长度

Without setting the length header, the client could start streaming indefinitely, without a buffer. 如果不设置长度标题,则客户端可以无限期地开始流传输,而无需缓冲区。 I guess this it what Jersey tries to prevent, because then the server wouldn't know when the content ends (exept some cases listed in RFC 2616, section 4.4 Message Length ). 我猜这是Jersey试图阻止的事情,因为服务器不知道内容何时结束(例如RFC 2616第4.4节“消息长度”中列出的某些情况)。

解决方案2
 0  2013-12-19 11:21:36

I forward upload requests I receive from clients to an another endpoint. 我将从客户端收到的上载请求转发到另一个端点。 I do not control the presence of the content length header in the requests I receive, and therefore may not always have a content length header to send to the end point. 我无法控制接收到的请求中内容长度标头的存在,因此可能并不总是具有要发送到终点的内容长度标头。

That said, I can see that we need to protect against the malicious case you mention above, although I initially thought this would be the backend's responsibility. 也就是说,尽管我最初认为这是后端的责任,但我可以看到我们需要保护您免受上面提到的恶意攻击。

Thanks for the clarification. 感谢您的澄清。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java Http - 发布标头内容长度 - Java Http - Post Header Content-Length Jersey 2.0 内容长度未设置 - Jersey 2.0 Content-Length not set 如何在 Java 11+ HTTPClient 中分配内容长度标头 - How to assign content-length header in Java 11+ HTTPClient 更改另一个标头时,Java HttpServletResponse问题宽度Content-Length - Java HttpServletResponse issue width Content-Length when changing another header 为什么java没有读取Content-length响应头? - Why is java not reading the Content-length response header? Java - HttpURLConnection - Content-Length未显示在请求标头中 - Java - HttpURLConnection - Content-Length isn't shown in request header 使用WireMock设置Content-Length HTTP标头作为响应 - Setting Content-Length HTTP header in response using WireMock Content-Length 标头已存在 - Content-Length header already present Tomcat WebDAV缺少Content-Length标头 - Tomcat WebDAV is missing Content-Length header Jetty 未发送 Content-Length 标头 - Jetty is not sending the Content-Length header
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM