Connector Common Attributes 属性源码分析之一

本文开始对Connector的Common Attributes逐一进行源码分析;


1.allowTrace

allowTrace

A boolean value which can be used to enable or disable the TRACE HTTP method. 

If not specified, this attribute is set to false.

trace方法,是类似于post,get方法的http一种请求类型,定义在http1.1协议中的一种:

Trace专门用于远程对服务器状态进行诊断,跟踪请求信息;

我们看看HTTP协议的描述:

在Tomcat的源码中,该属性实现默认是不允许客户端随意探查服务器的,默认是关闭的,因为这很有可能造成危险,

因此在解析request的请求的时候,需要根据配置进行判断:

 

当Connector配置了allowTrace之后,会在allow中加入该字符串,这样当浏览器端的请求发出doTrace,服务器端可以解析;

关于HttpServlet的实现很简单,所有的自定义的Servlet都会继承该方法:

就是基于请求头信息进行打印;


2.asyncTimeout

asyncTimeout

The default timeout for asynchronous requests in milliseconds. If not specified, this attribute is set to the Servlet specification default of 30000 (30 seconds).

控制异步请求的超时的秒数;

我们先看一个异步servlet的例子:


在这个例子中,我们开启servlet异步任务AsyncContext,开启完成我们一般会给上下文设置timeout时间;

而这个属性asyncTimeout就是默认的设置,在request.startAsync生成AsyncContext上下文的时候,这个属性会默认进行设置,默认的值是3000:



3.enableLookUps

enableLookups

Set to true if you want calls to request.getRemoteHost() to perform DNS lookups in order to return the actual host name of the remote client.

Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance). 

By default, DNS lookups are disabled.

我们通常进行request.getRemoteHost,其实返回的是IP地址;

之所以这么设计,是因为返回一个IP是很容易的,无论哪一个通道,我们都很容易就能从客户端拿到IP地址;

但是,有时候就需要host的域名,这就需要DNS查询了,虽然DNS很耗时;


我们从代码可以看出来,其实执行DNS查询,JDK帮了一个大忙,InetAddress.getHostname会在JDK层面向DNS地址进行发包,然后返回host的名字;

上述的通道是Http11Processor,也就是JIOEndpoint,BIO通道的实现;

NIO,NIO2的实现也类似,而APR的由于socket都不是java的,只能通过JNI调用,通过posix的socket进行获取地址:


其中Address就是tomcat-native中的类;


4.maxHeaderCount / maxParameterCount / maxPostSize / maxSavePostSize 

maxHeaderCount

The maximum number of headers in a request that are allowed by the container. A request that contains more headers than the specified limit will be rejected. A value of less than 0 means no limit. If not specified, a default of 100 is used.


Tomcat可以解析的最大header的长度,超出抛异常;

maxParameterCount

The maximum number of parameter and value pairs (GET plus POST) which will be automatically parsed by the container. Parameter and value pairs beyond this limit will be ignored. A value of less than 0 means no limit. If not specified, a default of 10000 is used. Note that FailedRequestFilter filter can be used to reject requests that hit the limit.


Tomcat可以解析的最大parameter的长度,超出抛异常;

maxPostSize

The maximum size in bytes of the POST which will be handled by the container FORM URL parameter parsing. The limit can be disabled by setting this attribute to a value less than zero. If not specified, this attribute is set to 2097152 (2 megabytes). Note that the FailedRequestFilter can be used to reject requests that exceed this limit.


Tomcat可以解析的最大提交body体的长度,超出抛异常;

maxSavePostSize

The maximum size in bytes of the POST which will be saved/buffered by the container during FORM or CLIENT-CERT authentication. For both types of authentication, the POST will be saved/buffered before the user is authenticated. For CLIENT-CERT authentication, the POST is buffered for the duration of the SSL handshake and the buffer emptied when the request is processed. For FORM authentication the POST is saved whilst the user is re-directed to the login form and is retained until the user successfully authenticates or the session associated with the authentication request expires. The limit can be disabled by setting this attribute to -1. Setting the attribute to zero will disable the saving of POST data during authentication. If not specified, this attribute is set to 4096 (4 kilobytes).


maxSavePostSize其实和maxPostSize差不多,二者不同的是maxSavePostSize主要用于Tomcat的FORM or CLIENT-CERT authentication的;

在这个authentication期间中,客户端的reqeust是需要缓存下来的,用于authentication验证结果的判断,因此这个maxSavePostSize实际上就是这个缓存的buffer的长度;

 这一系列的max值是Connector在解析http请求的长度限制,我们就以其中最复杂的maxSavePostSize 进行一下讲解;

 maxSavePostSize 如上所述,是在服务端验证客户端的过程中,需要缓存下来request的东西;

为什么需要存储呢?

看看下图:

这个缓存的内容最终是要存储在session中的,以FormAuthenticator为例:


之所以限制大小,因为session数是有限的,不能存储太多在session中;

最后说一句的是,这个流程在验证的时候,进行校验:

本站公众号
   欢迎关注本站公众号,获取更多程序园信息
开发小院