Menu
▾
▴
[Unicore-cvs-commits] SF.net SVN: unicore:[11612] gateway/trunk
|
From: <go...@us...> - 2011-10-28 12:59:54
|
Revision: 11612
http://unicore.svn.sourceforge.net/unicore/?rev=11612&view=rev
Author: golbi
Date: 2011-10-28 12:59:44 +0000 (Fri, 28 Oct 2011)
Log Message:
-----------
Added a possibility to configure the SOAP header size limit.
Modified Paths:
--------------
gateway/trunk/Changes.txt
gateway/trunk/src/main/conf/gateway.properties
gateway/trunk/src/main/doc/manual.txt
gateway/trunk/src/main/java/eu/unicore/gateway/base/RawMessageExchange.java
gateway/trunk/src/main/java/eu/unicore/gateway/base/Servlet.java
gateway/trunk/src/main/java/eu/unicore/gateway/properties/GatewayProperties.java
gateway/trunk/src/main/java/eu/unicore/gateway/util/BufferingProxyReader.java
gateway/trunk/src/main/package/distributions/Default/src/etc/unicore/gateway/gateway.properties
gateway/trunk/src/test/java/eu/unicore/gateway/TestBufferingProxyReader.java
gateway/trunk/src/test/java/eu/unicore/gateway/TestInsertConsignor.java
gateway/trunk/src/test/java/eu/unicore/gateway/TestPOSTProcessingPerf.java
gateway/trunk/src/test/java/eu/unicore/gateway/TestParseHeaders.java
gateway/trunk/src/test/java/eu/unicore/gateway/TestParseWrongHeaders.java
Modified: gateway/trunk/Changes.txt
===================================================================
--- gateway/trunk/Changes.txt 2011-10-28 12:18:28 UTC (rev 11611)
+++ gateway/trunk/Changes.txt 2011-10-28 12:59:44 UTC (rev 11612)
@@ -1,6 +1,10 @@
Change log for the UNICORE 6 Gateway
====================================
+6.?.?
+-----
+ - Added a possibility to configure the maximum SOAP header size.
+
6.4.2
-----
- Fixed logging of connection errors (more details in case of failures, clear expiration
Modified: gateway/trunk/src/main/conf/gateway.properties
===================================================================
--- gateway/trunk/src/main/conf/gateway.properties 2011-10-28 12:18:28 UTC (rev 11611)
+++ gateway/trunk/src/main/conf/gateway.properties 2011-10-28 12:59:44 UTC (rev 11612)
@@ -16,7 +16,6 @@
http.connection.maxPerService = 20
# HTTP client configuration END
-
#If the network behind gateway is secure leave the following settings unchanged
# (yes - it is the usual case). However if you wish to secure consignor
# assertions issued by gateway by signing them, change the following to true.
@@ -64,5 +63,8 @@
# (needs extension jar files installed in the lib directory!)
#proxyValidator=<class name>
+# Maximum size of an accepted SOAP header, in bytes. It is extremely rare
+# that changing the default value is necessary.
+soapMaxHeader=102400
Modified: gateway/trunk/src/main/doc/manual.txt
===================================================================
--- gateway/trunk/src/main/doc/manual.txt 2011-10-28 12:18:28 UTC (rev 11611)
+++ gateway/trunk/src/main/doc/manual.txt 2011-10-28 12:59:44 UTC (rev 11612)
@@ -1,6 +1,6 @@
UNICORE Gateway
===============
-:revnumber: 1.0.2
+:revnumber: 1.0.3
:Author: UNICORE Team
:Email: uni...@li...
:numbered:
@@ -294,8 +294,8 @@
This will scale up to higher numbers of concurrent connections than the default connector.
-Controlling the number of concurrent connections
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Scalability settings
+~~~~~~~~~~~~~~~~~~~~
The gateway acts as a https client for the VSites behind it.
The number of concurrent calls is limited, and controlled by two parameters
@@ -307,6 +307,23 @@
http.connection.maxPerService=20
----
+You can also control the limit on the maximum SOAP header size which is allowed by the
+gateway. *Typically you don't have to touch this parameter*. However if your clients
+do produce very big SOAP headers and gateway blocks them you can increase the limit. Note
+that such a giant SOAP header usually means that the client is not behaving in a sane way,
+e.g. is trying to perform a DoS attack.
+
+----
+# maximum size of an accepted SOAP header, in bytes
+soapMaxHeader=102400
+----
+
+Note that gateway may consume this amount of memory (plus some extra amount
+for other data) for each opened connection. Therefore, this value multiplied by
+the number of maximum allowed connections, should be significantly lower, then the total
+memory available for the gateway.
+
+
Proxy certificate support
~~~~~~~~~~~~~~~~~~~~~~~~~
Modified: gateway/trunk/src/main/java/eu/unicore/gateway/base/RawMessageExchange.java
===================================================================
--- gateway/trunk/src/main/java/eu/unicore/gateway/base/RawMessageExchange.java 2011-10-28 12:18:28 UTC (rev 11611)
+++ gateway/trunk/src/main/java/eu/unicore/gateway/base/RawMessageExchange.java 2011-10-28 12:59:44 UTC (rev 11612)
@@ -50,10 +50,10 @@
private static XMLInputFactory inFact = XMLInputFactory2.newInstance();
- public RawMessageExchange(Reader r, Writer w) throws XMLStreamException
+ public RawMessageExchange(Reader r, Writer w, int maxHeader) throws XMLStreamException
{
reader = new BufferingProxyReader(r, LogUtil.getLogger("gateway.trafficdump",
- RawMessageExchange.class));
+ RawMessageExchange.class), maxHeader);
writer = w;
setHeaderPresent(false);
eventReader = inFact.createXMLEventReader(reader);
Modified: gateway/trunk/src/main/java/eu/unicore/gateway/base/Servlet.java
===================================================================
--- gateway/trunk/src/main/java/eu/unicore/gateway/base/Servlet.java 2011-10-28 12:18:28 UTC (rev 11611)
+++ gateway/trunk/src/main/java/eu/unicore/gateway/base/Servlet.java 2011-10-28 12:59:44 UTC (rev 11612)
@@ -329,7 +329,9 @@
handleRegistration(req,res);
}
else{
- RawMessageExchange exchange = new RawMessageExchange(req.getReader(),res.getWriter());
+ int maxHeaderSize = properties.getMaxSoapHeader();
+ RawMessageExchange exchange = new RawMessageExchange(req.getReader(),
+ res.getWriter(), maxHeaderSize);
String contentType = req.getHeader("Content-type");
exchange.setProperty(RawMessageExchange.CONTENT_TYPE, contentType);
if(contentType!=null){
Modified: gateway/trunk/src/main/java/eu/unicore/gateway/properties/GatewayProperties.java
===================================================================
--- gateway/trunk/src/main/java/eu/unicore/gateway/properties/GatewayProperties.java 2011-10-28 12:18:28 UTC (rev 11611)
+++ gateway/trunk/src/main/java/eu/unicore/gateway/properties/GatewayProperties.java 2011-10-28 12:59:44 UTC (rev 11612)
@@ -70,13 +70,17 @@
public static final String KEY_CONN_MAX_TOTAL = "http.connection.maxTotal";
public static final String KEY_CONN_MAX_PERHOST = "http.connection.maxPerService";
+ public static final String KEY_MAX_HEADER = "soapMaxHeader";
+
// defaults for the consignor SAML assertion
public static final int DEFAULT_TOLERANCE = 30;
public static final int DEFAULT_VALIDITY = 60;
public static final boolean DEFAULT_SIGN = false;
// default proxy validator class name
public static final String DEFAULT_PROXY_VALIDATOR = "eu.unicore.proxy.RFC3820ProxyValidator";
-
+ // default limit for the SOAP header size
+ public static final int DEFAULT_MAX_HDR = 102400;
+
private static final Set<String> REQ_PROPERTIES = new HashSet<String>();
static
{
@@ -211,6 +215,11 @@
return getStringProperty(KEY_REG_INCL, null);
}
+ public int getMaxSoapHeader()
+ {
+ return getPropertyAsInt(KEY_MAX_HEADER, 1024, 1024000000, DEFAULT_MAX_HDR, log);
+ }
+
public void setProperty(String key,String value){
properties.setProperty(key, value);
}
Modified: gateway/trunk/src/main/java/eu/unicore/gateway/util/BufferingProxyReader.java
===================================================================
--- gateway/trunk/src/main/java/eu/unicore/gateway/util/BufferingProxyReader.java 2011-10-28 12:18:28 UTC (rev 11611)
+++ gateway/trunk/src/main/java/eu/unicore/gateway/util/BufferingProxyReader.java 2011-10-28 12:59:44 UTC (rev 11612)
@@ -32,10 +32,10 @@
private CharArrayWriterExt buffer;
private int bufPtr;
private int markedPos;
- private static final int MAX_HDR = 102400;
+ private int maxHeader;
private Logger log = null;
-
- public BufferingProxyReader(Reader reader, Logger log)
+
+ public BufferingProxyReader(Reader reader, Logger log, int maxHeader)
{
this.reader = reader;
buffer = new CharArrayWriterExt(10240);
@@ -43,9 +43,9 @@
markedPos = -1;
if (log != null && log.isTraceEnabled())
this.log = log;
+ this.maxHeader = maxHeader;
}
-
-
+
@Override
public int read(char[] cbuf, int off, int len) throws IOException
{
@@ -56,9 +56,9 @@
log.trace("[INPUT]" + new String(cbuf, off, ret));
return ret;
}
- if (len + bufPtr >= MAX_HDR)
+ if (len + bufPtr >= maxHeader)
throw new IOException("Header is too large. Gateway supports up to " +
- MAX_HDR + "b headers");
+ maxHeader + "b headers");
int readChars = reader.read(cbuf, off, len);
buffer.write(cbuf, off, readChars);
bufPtr += readChars;
Modified: gateway/trunk/src/main/package/distributions/Default/src/etc/unicore/gateway/gateway.properties
===================================================================
--- gateway/trunk/src/main/package/distributions/Default/src/etc/unicore/gateway/gateway.properties 2011-10-28 12:18:28 UTC (rev 11611)
+++ gateway/trunk/src/main/package/distributions/Default/src/etc/unicore/gateway/gateway.properties 2011-10-28 12:59:44 UTC (rev 11612)
@@ -16,7 +16,6 @@
http.connection.maxPerService = 20
# HTTP client configuration END
-
#If the network behind gateway is secure leave the following settings unchanged
# (yes - it is the usual case). However if you wish to secure consignor
# assertions issued by gateway by signing them, change the following to true.
@@ -64,5 +63,8 @@
# (needs extension jar files installed in the lib directory!)
#proxyValidator=<class name>
+# Maximum size of an accepted SOAP header, in bytes. It is extremely rare
+# that changing the default value is necessary.
+soapMaxHeader=102400
Modified: gateway/trunk/src/test/java/eu/unicore/gateway/TestBufferingProxyReader.java
===================================================================
--- gateway/trunk/src/test/java/eu/unicore/gateway/TestBufferingProxyReader.java 2011-10-28 12:18:28 UTC (rev 11611)
+++ gateway/trunk/src/test/java/eu/unicore/gateway/TestBufferingProxyReader.java 2011-10-28 12:59:44 UTC (rev 11612)
@@ -5,6 +5,7 @@
import java.io.StringReader;
import java.nio.charset.Charset;
+import eu.unicore.gateway.properties.GatewayProperties;
import eu.unicore.gateway.util.BufferingProxyReader;
import junit.framework.TestCase;
@@ -13,7 +14,8 @@
public void test1()throws Exception
{
StringReader sr = new StringReader("1234567890abcde");
- BufferingProxyReader proxy = new BufferingProxyReader(sr, null);
+ BufferingProxyReader proxy = new BufferingProxyReader(sr, null,
+ GatewayProperties.DEFAULT_MAX_HDR);
char cbuf[] = new char[5];
int r = proxy.read(cbuf);
proxy.setMarkedPos(5);
@@ -44,7 +46,8 @@
String f3 = Utils.readFile(new File("src/test/resources/f3"));
StringReader sr = new StringReader(f1+f2+f3);
- BufferingProxyReader proxy = new BufferingProxyReader(sr, null);
+ BufferingProxyReader proxy = new BufferingProxyReader(sr, null,
+ GatewayProperties.DEFAULT_MAX_HDR);
char cbuf[] = new char[f1.length()];
int r = proxy.read(cbuf);
proxy.setMarkedPos(cbuf.length);
Modified: gateway/trunk/src/test/java/eu/unicore/gateway/TestInsertConsignor.java
===================================================================
--- gateway/trunk/src/test/java/eu/unicore/gateway/TestInsertConsignor.java 2011-10-28 12:18:28 UTC (rev 11611)
+++ gateway/trunk/src/test/java/eu/unicore/gateway/TestInsertConsignor.java 2011-10-28 12:59:44 UTC (rev 11612)
@@ -9,6 +9,7 @@
import eu.unicore.gateway.ConsignorProducer;
import eu.unicore.gateway.base.RawMessageExchange;
+import eu.unicore.gateway.properties.GatewayProperties;
import junit.framework.TestCase;
public class TestInsertConsignor extends TestCase
@@ -42,7 +43,8 @@
try
{
StringWriter w = new StringWriter();
- RawMessageExchange mex = new RawMessageExchange(new FileReader(f), w);
+ RawMessageExchange mex = new RawMessageExchange(new FileReader(f), w,
+ GatewayProperties.DEFAULT_MAX_HDR);
new HeadersParser("http://localhost").parseHeaders(mex);
if (checkWSA)
{
Modified: gateway/trunk/src/test/java/eu/unicore/gateway/TestPOSTProcessingPerf.java
===================================================================
--- gateway/trunk/src/test/java/eu/unicore/gateway/TestPOSTProcessingPerf.java 2011-10-28 12:18:28 UTC (rev 11611)
+++ gateway/trunk/src/test/java/eu/unicore/gateway/TestPOSTProcessingPerf.java 2011-10-28 12:59:44 UTC (rev 11612)
@@ -13,6 +13,7 @@
import eu.unicore.gateway.ConsignorProducer;
import eu.unicore.gateway.base.RawMessageExchange;
+import eu.unicore.gateway.properties.GatewayProperties;
import eu.unicore.gateway.util.StopWatch;
import junit.framework.TestCase;
@@ -37,7 +38,8 @@
try
{
watch.start();
- RawMessageExchange mex = new RawMessageExchange(fr, w);
+ RawMessageExchange mex = new RawMessageExchange(fr, w,
+ GatewayProperties.DEFAULT_MAX_HDR);
watch.snapshot();
new HeadersParser("http://localhost").parseHeaders(mex);
watch.snapshot();
Modified: gateway/trunk/src/test/java/eu/unicore/gateway/TestParseHeaders.java
===================================================================
--- gateway/trunk/src/test/java/eu/unicore/gateway/TestParseHeaders.java 2011-10-28 12:18:28 UTC (rev 11611)
+++ gateway/trunk/src/test/java/eu/unicore/gateway/TestParseHeaders.java 2011-10-28 12:59:44 UTC (rev 11612)
@@ -14,6 +14,7 @@
import eu.unicore.gateway.POSTHandler;
import eu.unicore.gateway.base.RawMessageExchange;
+import eu.unicore.gateway.properties.GatewayProperties;
import junit.framework.TestCase;
@@ -28,7 +29,8 @@
{
try{
StringWriter w=new StringWriter();
- RawMessageExchange mex = new RawMessageExchange(new FileReader(f), w);
+ RawMessageExchange mex = new RawMessageExchange(new FileReader(f), w,
+ GatewayProperties.DEFAULT_MAX_HDR);
HeadersParser hp = new HeadersParser("http://localhost");
hp.parseHeaders(mex);
assertEquals("http://localhost:8080/s1/services/hello",mex.getWsaToAddress());
@@ -76,7 +78,8 @@
String resp = readFile(f2);
StringWriter w = new StringWriter();
- RawMessageExchange mex = new RawMessageExchange(new FileReader(f), w);
+ RawMessageExchange mex = new RawMessageExchange(new FileReader(f), w,
+ GatewayProperties.DEFAULT_MAX_HDR);
ByteArrayInputStream bais = new ByteArrayInputStream(resp.getBytes());
POSTHandler.forwardResponse(bais, "utf8", mex, log);
Modified: gateway/trunk/src/test/java/eu/unicore/gateway/TestParseWrongHeaders.java
===================================================================
--- gateway/trunk/src/test/java/eu/unicore/gateway/TestParseWrongHeaders.java 2011-10-28 12:18:28 UTC (rev 11611)
+++ gateway/trunk/src/test/java/eu/unicore/gateway/TestParseWrongHeaders.java 2011-10-28 12:59:44 UTC (rev 11612)
@@ -10,6 +10,7 @@
import eu.unicore.bugsreporter.annotation.FunctionalTest;
import eu.unicore.gateway.base.RawMessageExchange;
+import eu.unicore.gateway.properties.GatewayProperties;
import eu.unicore.gateway.soap.SoapFault;
import eu.unicore.gateway.soap.SoapFault.FaultCode;
@@ -26,7 +27,8 @@
try
{
StringWriter w = new StringWriter();
- RawMessageExchange mex = new RawMessageExchange(r, w);
+ RawMessageExchange mex = new RawMessageExchange(r, w,
+ GatewayProperties.DEFAULT_MAX_HDR);
HeadersParser hp = new HeadersParser("http://localhost");
hp.parseHeaders(mex);
fail("Wrong headers parsed successfully");
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|