stackoom
  简体   繁体   中英

Java Jersey 2.4.1: content-length header requirement when using fixed length sreaming

 原文  2013-12-18 23:23:46       java/ jersey-2.0

Question

Jersey 2.4.1 gives us the ability to enable fixed length streaming. This is very useful when uploading large files. The new client property for enabling this is: HTTP_URL_CONNECTOR_FIX_LENGTH_STREAMING.

By default, when doing uploads, the whole entity content is buffered by the connector before the bytes are sent to their destination. This means that the client will likely run out of memory when uploading large files. Enabling fixed length streaming solves this problem.

Unfortunately this property is not honored when the content-length header is not specified (or is set to 0) in the request. My question is why? What problem are the Jersey runtimes trying to prevent by putting this restriction? Is the content length information necessary to stream the data?

Thanks,

Habib

2 answers

solution1
 0  2013-12-19 00:02:43

Whether fixed length streaming is actived or not, the client should set the header anyway. With fixed length you know the size without the need of buffering the content but that only makes sense if you actually set the header. The server doesn't care if the client buffered the content to determine the length or not.

In HTTP, [the Content-Length field] SHOULD be sent whenever the message's length can be determined prior to being transferred, unless this is prohibited by the rules in section 4.4.

RFC 2616, section 14.13 Content-Length

Without setting the length header, the client could start streaming indefinitely, without a buffer. I guess this it what Jersey tries to prevent, because then the server wouldn't know when the content ends (exept some cases listed in RFC 2616, section 4.4 Message Length ).

solution2
 0  2013-12-19 11:21:36

I forward upload requests I receive from clients to an another endpoint. I do not control the presence of the content length header in the requests I receive, and therefore may not always have a content length header to send to the end point.

That said, I can see that we need to protect against the malicious case you mention above, although I initially thought this would be the backend's responsibility.

Thanks for the clarification.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Java Http - Post Header Content-Length Jersey 2.0 Content-Length not set How to assign content-length header in Java 11+ HTTPClient Java HttpServletResponse issue width Content-Length when changing another header Why is java not reading the Content-length response header? Java - HttpURLConnection - Content-Length isn't shown in request header Setting Content-Length HTTP header in response using WireMock Content-Length header already present Tomcat WebDAV is missing Content-Length header Jetty is not sending the Content-Length header
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM