Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-14522

[GSS](7.1.z) cannot disable 'max-post-size' check for undertow listeners

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Minor Minor
    • None
    • 7.1.0.GA
    • Undertow
    • None
    • Release Notes
    • Hide

      Set max-post-size to a large enough value or MAX_VALUE of long as a workaround:
      https://docs.oracle.com/javase/7/docs/api/java/lang/Long.html#MAX_VALUE

      Show
      Set max-post-size to a large enough value or MAX_VALUE of long as a workaround: https://docs.oracle.com/javase/7/docs/api/java/lang/Long.html#MAX_VALUE

      With EAP7.1.0.GA, there has been added a validator for 'max-post-size' attribute for listeners in undertow subsystem. This validator requires positive integer values starting with value 1. That means, you cannot disable 'max-post-size' for such listener using 0 value anymore.

      In EAP6.4 and EAP7.0, it was possible to disable 'max-post-size' check with 0 value. I understand that we might not want to allow user to set this to 0 value as it might be a potentional security risk. Still, maybe we should relax this restriction as it was possible to configure it that way in previous versions of EAP.

      Also there is a Knowledge Base article regarding to this feature, which we should update in case we won't reconsider our position.

      Just for the record - quoting question from mailing list:

      Dear Experts,

      Based on KCS, the "max-post-size" in "http-listener" from "undertow" subsystem can be disabled by setting "0" to it, it worked for EAP 6.x and 7.0 GA.

      But in EAP 7.1.0 GA, it didn't work:
      ~~~
      [standalone@localhost:9990 /] /subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=max-post-size,value=0)
      {
      "outcome" => "failed",
      "failure-description" => "WFLYCTL0117: 0 is an invalid value for parameter max-post-size. A minimum value of 1 is required",
      "rolled-back" => true
      }
      ~~~

      By comparing schemas:
      ~~~
      jboss-eap-7.0/docs/schema/wildfly-undertow_x_x.xsd:
      <xs:attribute name="max-post-size" type="xs:long" default="0"/>

      jboss-eap-7.1/docs/schema/wildfly-undertow_x_x.xsd:
      <xs:attribute name="max-post-size" type="xs:long" default="10485760"/>
      ~~~
      The behaviour changed.

      And I found WFLY-6437 and JBEAP-3974, but failed to open links inside those.

      So can I ask if "max-post-size" can be disabled in EAP 7.1.0 GA and the reason if possible?

      Best Regards,
      Zhang Xu

              rhn-support-ivassile Ilia Vassilev
              rhn-support-bmaxwell Brad Maxwell
              Peter Mackay Peter Mackay
              Peter Mackay Peter Mackay
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: