From 9f617be909310db73db93e0b8c11308deac06f1a Mon Sep 17 00:00:00 2001 From: Usman Date: Wed, 6 Feb 2019 20:40:17 +0000 Subject: [PATCH 1/2] maxFramePayloadLength property in ReactorNettyWebSocketClient Closes gh-22367 --- .../client/ReactorNettyWebSocketClient.java | 20 ++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/spring-webflux/src/main/java/org/springframework/web/reactive/socket/client/ReactorNettyWebSocketClient.java b/spring-webflux/src/main/java/org/springframework/web/reactive/socket/client/ReactorNettyWebSocketClient.java index d709a0208eb..3c6a70198c8 100644 --- a/spring-webflux/src/main/java/org/springframework/web/reactive/socket/client/ReactorNettyWebSocketClient.java +++ b/spring-webflux/src/main/java/org/springframework/web/reactive/socket/client/ReactorNettyWebSocketClient.java @@ -37,16 +37,17 @@ import org.springframework.web.reactive.socket.adapter.ReactorNettyWebSocketSess * {@link WebSocketClient} implementation for use with Reactor Netty. * * @author Rossen Stoyanchev + * @author Usman Arshad * @since 5.0 */ public class ReactorNettyWebSocketClient implements WebSocketClient { private static final Log logger = LogFactory.getLog(ReactorNettyWebSocketClient.class); + private int maxFramePayloadLength = 65536; private final HttpClient httpClient; - /** * Default constructor. */ @@ -63,7 +64,6 @@ public class ReactorNettyWebSocketClient implements WebSocketClient { this.httpClient = httpClient; } - /** * Return the configured {@link HttpClient}. */ @@ -71,6 +71,20 @@ public class ReactorNettyWebSocketClient implements WebSocketClient { return this.httpClient; } + /** + * Return the configured maxFramePayloadLength used by the configured {@link HttpClient}. + * Default value of 65536 if not set. + */ + public int getMaxFramePayloadLength() { + return maxFramePayloadLength; + } + + /** + * Sets the maxFramePayloadLength to be used by the configured {@link HttpClient}. + */ + public void setMaxFramePayloadLength(int maxFramePayloadLength) { + this.maxFramePayloadLength = maxFramePayloadLength; + } @Override public Mono execute(URI url, WebSocketHandler handler) { @@ -81,7 +95,7 @@ public class ReactorNettyWebSocketClient implements WebSocketClient { public Mono execute(URI url, HttpHeaders requestHeaders, WebSocketHandler handler) { return getHttpClient() .headers(nettyHeaders -> setNettyHeaders(requestHeaders, nettyHeaders)) - .websocket(StringUtils.collectionToCommaDelimitedString(handler.getSubProtocols())) + .websocket(StringUtils.collectionToCommaDelimitedString(handler.getSubProtocols()), getMaxFramePayloadLength()) .uri(url.toString()) .handle((inbound, outbound) -> { HttpHeaders responseHeaders = toHttpHeaders(inbound); From 2d4247b2dada711111eff9cc81e5da58e09742bb Mon Sep 17 00:00:00 2001 From: Rossen Stoyanchev Date: Tue, 12 Mar 2019 15:58:25 -0400 Subject: [PATCH 2/2] Polish --- .../client/ReactorNettyWebSocketClient.java | 35 ++++++++++++------- 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/spring-webflux/src/main/java/org/springframework/web/reactive/socket/client/ReactorNettyWebSocketClient.java b/spring-webflux/src/main/java/org/springframework/web/reactive/socket/client/ReactorNettyWebSocketClient.java index 3c6a70198c8..85b37db1337 100644 --- a/spring-webflux/src/main/java/org/springframework/web/reactive/socket/client/ReactorNettyWebSocketClient.java +++ b/spring-webflux/src/main/java/org/springframework/web/reactive/socket/client/ReactorNettyWebSocketClient.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,23 +31,24 @@ import org.springframework.util.StringUtils; import org.springframework.web.reactive.socket.HandshakeInfo; import org.springframework.web.reactive.socket.WebSocketHandler; import org.springframework.web.reactive.socket.WebSocketSession; +import org.springframework.web.reactive.socket.adapter.NettyWebSocketSessionSupport; import org.springframework.web.reactive.socket.adapter.ReactorNettyWebSocketSession; /** * {@link WebSocketClient} implementation for use with Reactor Netty. * * @author Rossen Stoyanchev - * @author Usman Arshad * @since 5.0 */ public class ReactorNettyWebSocketClient implements WebSocketClient { private static final Log logger = LogFactory.getLog(ReactorNettyWebSocketClient.class); - private int maxFramePayloadLength = 65536; + private int maxFramePayloadLength = NettyWebSocketSessionSupport.DEFAULT_FRAME_MAX_SIZE; private final HttpClient httpClient; + /** * Default constructor. */ @@ -72,19 +73,28 @@ public class ReactorNettyWebSocketClient implements WebSocketClient { } /** - * Return the configured maxFramePayloadLength used by the configured {@link HttpClient}. - * Default value of 65536 if not set. + * Configure the maximum allowable frame payload length. Setting this value + * to your application's requirement may reduce denial of service attacks + * using long data frames. + *

Corresponds to the argument with the same name in the constructor of + * {@link io.netty.handler.codec.http.websocketx.WebSocketServerHandshakerFactory + * WebSocketServerHandshakerFactory} in Netty. + *

By default set to 65536 (64K). + * @param maxFramePayloadLength the max length for frames. + * @since 5.2 + */ + public void setMaxFramePayloadLength(int maxFramePayloadLength) { + this.maxFramePayloadLength = maxFramePayloadLength; + } + + /** + * Return the configured {@link #setMaxFramePayloadLength(int) maxFramePayloadLength}. + * @since 5.2 */ public int getMaxFramePayloadLength() { return maxFramePayloadLength; } - /** - * Sets the maxFramePayloadLength to be used by the configured {@link HttpClient}. - */ - public void setMaxFramePayloadLength(int maxFramePayloadLength) { - this.maxFramePayloadLength = maxFramePayloadLength; - } @Override public Mono execute(URI url, WebSocketHandler handler) { @@ -93,9 +103,10 @@ public class ReactorNettyWebSocketClient implements WebSocketClient { @Override public Mono execute(URI url, HttpHeaders requestHeaders, WebSocketHandler handler) { + String protocols = StringUtils.collectionToCommaDelimitedString(handler.getSubProtocols()); return getHttpClient() .headers(nettyHeaders -> setNettyHeaders(requestHeaders, nettyHeaders)) - .websocket(StringUtils.collectionToCommaDelimitedString(handler.getSubProtocols()), getMaxFramePayloadLength()) + .websocket(protocols, getMaxFramePayloadLength()) .uri(url.toString()) .handle((inbound, outbound) -> { HttpHeaders responseHeaders = toHttpHeaders(inbound);