Add support for configuring Tomcat connector's max parameter count

See gh-43286
2024-11-26 10:39:46 +08:00 · 2024-11-26 10:39:46 +08:00 · 0d3e0245a2
parent 25050386bc
commit 0d3e0245a2
4 changed files with 49 additions and 10 deletions
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
@ -513,13 +513,11 @@ public class ServerProperties {
 		 */
 		private DataSize maxHttpResponseHeaderSize = DataSize.ofKilobytes(8);
-		public DataSize getMaxHttpFormPostSize() {
+		/**
-			return this.maxHttpFormPostSize;
+		 * Maximum number of parameters (GET plus POST) that will be automatically parsed
-		}
+		 * by the container. A value of less than 0 means no limit.
-
+		 */
-		public void setMaxHttpFormPostSize(DataSize maxHttpFormPostSize) {
+		private int maxParameterCount = 10000;
 			this.maxHttpFormPostSize = maxHttpFormPostSize;
 		}
 		public Accesslog getAccesslog() {
 			return this.accesslog;
@ -669,6 +667,22 @@ public class ServerProperties {
 			this.maxHttpResponseHeaderSize = maxHttpResponseHeaderSize;
 		}
 		public DataSize getMaxHttpFormPostSize() {
 			return this.maxHttpFormPostSize;
 		}
 		public void setMaxHttpFormPostSize(DataSize maxHttpFormPostSize) {
 			this.maxHttpFormPostSize = maxHttpFormPostSize;
 		}
 		public int getMaxParameterCount() {
 			return this.maxParameterCount;
 		}
 		public void setMaxParameterCount(int maxParameterCount) {
 			this.maxParameterCount = maxParameterCount;
 		}
 		/**
 		 * Tomcat access log properties.
 		 */
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizer.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizer.java
@ -119,6 +119,8 @@ public class TomcatWebServerFactoryCustomizer
 			.asInt(DataSize::toBytes)
 			.when((maxHttpFormPostSize) -> maxHttpFormPostSize != 0)
 			.to((maxHttpFormPostSize) -> customizeMaxHttpFormPostSize(factory, maxHttpFormPostSize));
 		map.from(properties::getMaxParameterCount)
 			.to((maxParameterCount) -> customizeMaxParameterCount(factory, maxParameterCount));
 		map.from(properties::getAccesslog)
 			.when(ServerProperties.Tomcat.Accesslog::isEnabled)
 			.to((enabled) -> customizeAccessLog(factory));
@ -292,6 +294,10 @@ public class TomcatWebServerFactoryCustomizer
 		factory.addConnectorCustomizers((connector) -> connector.setMaxPostSize(maxHttpFormPostSize));
 	}
 	private void customizeMaxParameterCount(ConfigurableTomcatWebServerFactory factory, int maxParameterCount) {
 		factory.addConnectorCustomizers((connector) -> connector.setMaxParameterCount(maxParameterCount));
 	}
 	private void customizeAccessLog(ConfigurableTomcatWebServerFactory factory) {
 		ServerProperties.Tomcat tomcatProperties = this.serverProperties.getTomcat();
 		AccessLogValve valve = new AccessLogValve();
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java
@ -199,7 +199,7 @@ class ServerPropertiesTests {
 	}
 	@Test
-	void testCustomizeUriEncoding() {
+	void testCustomizeTomcatUriEncoding() {
 		bind("server.tomcat.uri-encoding", "US-ASCII");
 		assertThat(this.properties.getTomcat().getUriEncoding()).isEqualTo(StandardCharsets.US_ASCII);
 	}
@ -235,17 +235,23 @@ class ServerPropertiesTests {
 	}
 	@Test
-	void customizeMaxKeepAliveRequests() {
+	void testCustomizeTomcatMaxKeepAliveRequests() {
 		bind("server.tomcat.max-keep-alive-requests", "200");
 		assertThat(this.properties.getTomcat().getMaxKeepAliveRequests()).isEqualTo(200);
 	}
 	@Test
-	void customizeMaxKeepAliveRequestsWithInfinite() {
+	void testCustomizeTomcatMaxKeepAliveRequestsWithInfinite() {
 		bind("server.tomcat.max-keep-alive-requests", "-1");
 		assertThat(this.properties.getTomcat().getMaxKeepAliveRequests()).isEqualTo(-1);
 	}
 	@Test
 	void testCustomizeTomcatMaxParameterCount() {
 		bind("server.tomcat.max-parameter-count", "100");
 		assertThat(this.properties.getTomcat().getMaxParameterCount()).isEqualTo(100);
 	}
 	@Test
 	void testCustomizeTomcatMinSpareThreads() {
 		bind("server.tomcat.threads.min-spare", "10");
@ -379,6 +385,12 @@ class ServerPropertiesTests {
 			.isEqualTo(getDefaultConnector().getMaxPostSize());
 	}
 	@Test
 	void tomcatMaxParameterCountMatchesConnectorDefault() {
 		assertThat(this.properties.getTomcat().getMaxParameterCount())
 			.isEqualTo(getDefaultConnector().getMaxParameterCount());
 	}
 	@Test
 	void tomcatBackgroundProcessorDelayMatchesEngineDefault() {
 		assertThat(this.properties.getTomcat().getBackgroundProcessorDelay())
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java
@ -194,6 +194,13 @@ class TomcatWebServerFactoryCustomizerTests {
 			.isEqualTo(DataSize.ofMegabytes(10).toBytes()));
 	}
 	@Test
 	void customMaxParameterCount() {
 		bind("server.tomcat.max-parameter-count=100");
 		customizeAndRunServer(
 				(server) -> assertThat(server.getTomcat().getConnector().getMaxParameterCount()).isEqualTo(100));
 	}
 	@Test
 	void customMaxRequestHttpHeaderSizeIgnoredIfNegative() {
 		bind("server.max-http-request-header-size=-1");