All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.netty.handler.codec.http.HttpServerCodec Maven / Gradle / Ivy

Go to download

This artifact provides a single jar that contains all classes required to use remote Jakarta Enterprise Beans and Jakarta Messaging, including all dependencies. It is intended for use by those not using maven, maven users should just import the Jakarta Enterprise Beans and Jakarta Messaging BOM's instead (shaded JAR's cause lots of problems with maven, as it is very easy to inadvertently end up with different versions on classes on the class path).

There is a newer version: 35.0.0.Final
Show newest version
/*
 * Copyright 2012 The Netty Project
 *
 * The Netty Project licenses this file to you under the Apache License,
 * version 2.0 (the "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at:
 *
 *   https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations
 * under the License.
 */
package io.netty.handler.codec.http;

import io.netty.buffer.ByteBuf;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.CombinedChannelDuplexHandler;

import java.util.ArrayDeque;
import java.util.List;
import java.util.Queue;

import static io.netty.handler.codec.http.HttpObjectDecoder.DEFAULT_MAX_CHUNK_SIZE;
import static io.netty.handler.codec.http.HttpObjectDecoder.DEFAULT_MAX_HEADER_SIZE;
import static io.netty.handler.codec.http.HttpObjectDecoder.DEFAULT_MAX_INITIAL_LINE_LENGTH;
import static io.netty.handler.codec.http.HttpObjectDecoder.DEFAULT_VALIDATE_HEADERS;

/**
 * A combination of {@link HttpRequestDecoder} and {@link HttpResponseEncoder}
 * which enables easier server side HTTP implementation.
 *
 * 

Header Validation

* * It is recommended to always enable header validation. *

* Without header validation, your system can become vulnerable to * * CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') * . *

* This recommendation stands even when both peers in the HTTP exchange are trusted, * as it helps with defence-in-depth. * * @see HttpClientCodec */ public final class HttpServerCodec extends CombinedChannelDuplexHandler implements HttpServerUpgradeHandler.SourceCodec { /** A queue that is used for correlating a request and a response. */ private final Queue queue = new ArrayDeque(); /** * Creates a new instance with the default decoder options * ({@code maxInitialLineLength (4096)}, {@code maxHeaderSize (8192)}, and * {@code maxChunkSize (8192)}). */ public HttpServerCodec() { this(DEFAULT_MAX_INITIAL_LINE_LENGTH, DEFAULT_MAX_HEADER_SIZE, DEFAULT_MAX_CHUNK_SIZE); } /** * Creates a new instance with the specified decoder options. */ public HttpServerCodec(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize) { this(new HttpDecoderConfig() .setMaxInitialLineLength(maxInitialLineLength) .setMaxHeaderSize(maxHeaderSize) .setMaxChunkSize(maxChunkSize)); } /** * Creates a new instance with the specified decoder options. * * @deprecated Prefer the {@link #HttpServerCodec(HttpDecoderConfig)} constructor, * to always enable header validation. */ @Deprecated public HttpServerCodec(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders) { this(new HttpDecoderConfig() .setMaxInitialLineLength(maxInitialLineLength) .setMaxHeaderSize(maxHeaderSize) .setMaxChunkSize(maxChunkSize) .setValidateHeaders(validateHeaders)); } /** * Creates a new instance with the specified decoder options. * * @deprecated Prefer the {@link #HttpServerCodec(HttpDecoderConfig)} constructor, to always enable header * validation. */ @Deprecated public HttpServerCodec(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize) { this(new HttpDecoderConfig() .setMaxInitialLineLength(maxInitialLineLength) .setMaxHeaderSize(maxHeaderSize) .setMaxChunkSize(maxChunkSize) .setValidateHeaders(validateHeaders) .setInitialBufferSize(initialBufferSize)); } /** * Creates a new instance with the specified decoder options. * * @deprecated Prefer the {@link #HttpServerCodec(HttpDecoderConfig)} constructor, * to always enable header validation. */ @Deprecated public HttpServerCodec(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize, boolean allowDuplicateContentLengths) { this(new HttpDecoderConfig() .setMaxInitialLineLength(maxInitialLineLength) .setMaxHeaderSize(maxHeaderSize) .setMaxChunkSize(maxChunkSize) .setValidateHeaders(validateHeaders) .setInitialBufferSize(initialBufferSize) .setAllowDuplicateContentLengths(allowDuplicateContentLengths)); } /** * Creates a new instance with the specified decoder options. * * @deprecated Prefer the {@link #HttpServerCodec(HttpDecoderConfig)} constructor, * to always enable header validation. */ @Deprecated public HttpServerCodec(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize, boolean allowDuplicateContentLengths, boolean allowPartialChunks) { this(new HttpDecoderConfig() .setMaxInitialLineLength(maxInitialLineLength) .setMaxHeaderSize(maxHeaderSize) .setMaxChunkSize(maxChunkSize) .setValidateHeaders(validateHeaders) .setInitialBufferSize(initialBufferSize) .setAllowDuplicateContentLengths(allowDuplicateContentLengths) .setAllowPartialChunks(allowPartialChunks)); } /** * Creates a new instance with the specified decoder configuration. */ public HttpServerCodec(HttpDecoderConfig config) { init(new HttpServerRequestDecoder(config), new HttpServerResponseEncoder()); } /** * Upgrades to another protocol from HTTP. Removes the {@link HttpRequestDecoder} and * {@link HttpResponseEncoder} from the pipeline. */ @Override public void upgradeFrom(ChannelHandlerContext ctx) { ctx.pipeline().remove(this); } private final class HttpServerRequestDecoder extends HttpRequestDecoder { HttpServerRequestDecoder(HttpDecoderConfig config) { super(config); } @Override protected void decode(ChannelHandlerContext ctx, ByteBuf buffer, List out) throws Exception { int oldSize = out.size(); super.decode(ctx, buffer, out); int size = out.size(); for (int i = oldSize; i < size; i++) { Object obj = out.get(i); if (obj instanceof HttpRequest) { queue.add(((HttpRequest) obj).method()); } } } } private final class HttpServerResponseEncoder extends HttpResponseEncoder { private HttpMethod method; @Override protected void sanitizeHeadersBeforeEncode(HttpResponse msg, boolean isAlwaysEmpty) { if (!isAlwaysEmpty && HttpMethod.CONNECT.equals(method) && msg.status().codeClass() == HttpStatusClass.SUCCESS) { // Stripping Transfer-Encoding: // See https://tools.ietf.org/html/rfc7230#section-3.3.1 msg.headers().remove(HttpHeaderNames.TRANSFER_ENCODING); return; } super.sanitizeHeadersBeforeEncode(msg, isAlwaysEmpty); } @Override protected boolean isContentAlwaysEmpty(@SuppressWarnings("unused") HttpResponse msg) { method = queue.poll(); return HttpMethod.HEAD.equals(method) || super.isContentAlwaysEmpty(msg); } } }