Issue #283 - Support max frame length for web socket to limit chance of DOS attack
This commit is contained in:
vibul
parent
476cf97b97
commit
6009a413b9
@ -35,7 +35,7 @@ public class WebSocket00FrameDecoder extends ReplayingDecoder<VoidEnum> {
|
||||
|
||||
private static final int DEFAULT_MAX_FRAME_SIZE = 16384;
|
||||
|
||||
private final int maxFrameSize;
|
||||
private final long maxFrameSize;
|
||||
private boolean receivedClosingHandshake;
|
||||
|
||||
public WebSocket00FrameDecoder() {
|
||||
@ -49,7 +49,7 @@ public class WebSocket00FrameDecoder extends ReplayingDecoder<VoidEnum> {
|
||||
* @param maxFrameSize
|
||||
* the maximum frame size to decode
|
||||
*/
|
||||
public WebSocket00FrameDecoder(int maxFrameSize) {
|
||||
public WebSocket00FrameDecoder(long maxFrameSize) {
|
||||
this.maxFrameSize = maxFrameSize;
|
||||
}
|
||||
|
||||
|
||||
@ -82,6 +82,7 @@ public class WebSocket08FrameDecoder extends ReplayingDecoder<WebSocket08FrameDe
|
||||
private UTF8Output fragmentedFramesText;
|
||||
private int fragmentedFramesCount;
|
||||
|
||||
private long maxFramePayloadLength;
|
||||
private boolean frameFinalFlag;
|
||||
private int frameRsv;
|
||||
private int frameOpcode;
|
||||
@ -106,11 +107,15 @@ public class WebSocket08FrameDecoder extends ReplayingDecoder<WebSocket08FrameDe
|
||||
* must set this to false.
|
||||
* @param allowExtensions
|
||||
* Flag to allow reserved extension bits to be used or not
|
||||
* @param maxFramePayloadLength
|
||||
* Maximum length of a frame's payload. Setting this to an appropriate value for you application
|
||||
* helps check for denial of services attacks.
|
||||
*/
|
||||
public WebSocket08FrameDecoder(boolean maskedPayload, boolean allowExtensions) {
|
||||
public WebSocket08FrameDecoder(boolean maskedPayload, boolean allowExtensions, long maxFramePayloadLength) {
|
||||
super(State.FRAME_START);
|
||||
this.maskedPayload = maskedPayload;
|
||||
this.allowExtensions = allowExtensions;
|
||||
this.maxFramePayloadLength = maxFramePayloadLength;
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -220,6 +225,10 @@ public class WebSocket08FrameDecoder extends ReplayingDecoder<WebSocket08FrameDe
|
||||
framePayloadLength = framePayloadLen1;
|
||||
}
|
||||
|
||||
if (framePayloadLength > this.maxFramePayloadLength) {
|
||||
protocolViolation(channel, "Max frame length of " + this.maxFramePayloadLength + " has been exceeded.");
|
||||
return null;
|
||||
}
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Decoding WebSocket Frame length=" + framePayloadLength);
|
||||
}
|
||||
@ -236,10 +245,12 @@ public class WebSocket08FrameDecoder extends ReplayingDecoder<WebSocket08FrameDe
|
||||
int rbytes = actualReadableBytes();
|
||||
ChannelBuffer payloadBuffer = null;
|
||||
|
||||
int willHaveReadByteCount = framePayloadBytesRead + rbytes;
|
||||
long willHaveReadByteCount = framePayloadBytesRead + rbytes;
|
||||
|
||||
// logger.debug("Frame rbytes=" + rbytes + " willHaveReadByteCount="
|
||||
// + willHaveReadByteCount + " framePayloadLength=" +
|
||||
// framePayloadLength);
|
||||
|
||||
if (willHaveReadByteCount == framePayloadLength) {
|
||||
// We have all our content so proceed to process
|
||||
payloadBuffer = buffer.readBytes(rbytes);
|
||||
@ -422,7 +433,7 @@ public class WebSocket08FrameDecoder extends ReplayingDecoder<WebSocket08FrameDe
|
||||
protocolViolation(channel, "Invalid close frame reason text. Invalid UTF-8 bytes");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// Restore reader index
|
||||
buffer.readerIndex(idx);
|
||||
}
|
||||
|
||||
@ -66,8 +66,11 @@ public class WebSocket13FrameDecoder extends WebSocket08FrameDecoder {
|
||||
* must set this to false.
|
||||
* @param allowExtensions
|
||||
* Flag to allow reserved extension bits to be used or not
|
||||
* @param maxFramePayloadLength
|
||||
* Maximum length of a frame's payload. Setting this to an appropriate value for you application
|
||||
* helps check for denial of services attacks.
|
||||
*/
|
||||
public WebSocket13FrameDecoder(boolean maskedPayload, boolean allowExtensions) {
|
||||
super(maskedPayload, allowExtensions);
|
||||
}
|
||||
public WebSocket13FrameDecoder(boolean maskedPayload, boolean allowExtensions, long maxFramePayloadLength) {
|
||||
super(maskedPayload, allowExtensions, maxFramePayloadLength);
|
||||
}
|
||||
}
|
||||
|
||||
@ -39,6 +39,8 @@ public abstract class WebSocketClientHandshaker {
|
||||
|
||||
protected final Map<String, String> customHeaders;
|
||||
|
||||
private final long maxFramePayloadLength;
|
||||
|
||||
/**
|
||||
* Base constructor
|
||||
*
|
||||
@ -51,13 +53,16 @@ public abstract class WebSocketClientHandshaker {
|
||||
* Sub protocol request sent to the server.
|
||||
* @param customHeaders
|
||||
* Map of custom headers to add to the client request
|
||||
* @param maxFramePayloadLength
|
||||
* Maximum length of a frame's payload
|
||||
*/
|
||||
public WebSocketClientHandshaker(URI webSocketUrl, WebSocketVersion version, String subprotocol,
|
||||
Map<String, String> customHeaders) {
|
||||
Map<String, String> customHeaders, long maxFramePayloadLength) {
|
||||
this.webSocketUrl = webSocketUrl;
|
||||
this.version = version;
|
||||
expectedSubprotocol = subprotocol;
|
||||
this.customHeaders = customHeaders;
|
||||
this.maxFramePayloadLength = maxFramePayloadLength;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -74,6 +79,13 @@ public abstract class WebSocketClientHandshaker {
|
||||
return version;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the max length for any frame's payload
|
||||
*/
|
||||
public long getMaxFramePayloadLength() {
|
||||
return maxFramePayloadLength;
|
||||
}
|
||||
|
||||
/**
|
||||
* Flag to indicate if the opening handshake is complete
|
||||
*/
|
||||
|
||||
@ -60,11 +60,12 @@ public class WebSocketClientHandshaker00 extends WebSocketClientHandshaker {
|
||||
* Sub protocol request sent to the server.
|
||||
* @param customHeaders
|
||||
* Map of custom headers to add to the client request
|
||||
* @param maxFramePayloadLength
|
||||
* Maximum length of a frame's payload
|
||||
*/
|
||||
public WebSocketClientHandshaker00(URI webSocketURL, WebSocketVersion version, String subprotocol,
|
||||
Map<String, String> customHeaders) {
|
||||
super(webSocketURL, version, subprotocol, customHeaders);
|
||||
|
||||
Map<String, String> customHeaders, long maxFramePayloadLength) {
|
||||
super(webSocketURL, version, subprotocol, customHeaders, maxFramePayloadLength);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -138,17 +139,16 @@ public class WebSocketClientHandshaker00 extends WebSocketClientHandshaker {
|
||||
request.addHeader(Names.UPGRADE, Values.WEBSOCKET);
|
||||
request.addHeader(Names.CONNECTION, Values.UPGRADE);
|
||||
request.addHeader(Names.HOST, wsURL.getHost());
|
||||
|
||||
|
||||
int wsPort = wsURL.getPort();
|
||||
String originValue = "http://" + wsURL.getHost();
|
||||
if (wsPort != 80 && wsPort != 443) {
|
||||
// if the port is not standard (80/443) its needed to add the port to the header.
|
||||
// if the port is not standard (80/443) its needed to add the port to the header.
|
||||
// See http://tools.ietf.org/html/rfc6454#section-6.2
|
||||
originValue = originValue + ":" + wsPort;
|
||||
}
|
||||
request.addHeader(Names.ORIGIN, originValue);
|
||||
|
||||
|
||||
request.addHeader(Names.SEC_WEBSOCKET_KEY1, key1);
|
||||
request.addHeader(Names.SEC_WEBSOCKET_KEY2, key2);
|
||||
if (getExpectedSubprotocol() != null && !getExpectedSubprotocol().equals("")) {
|
||||
@ -220,7 +220,8 @@ public class WebSocketClientHandshaker00 extends WebSocketClientHandshaker {
|
||||
String protocol = response.getHeader(Names.SEC_WEBSOCKET_PROTOCOL);
|
||||
setActualSubprotocol(protocol);
|
||||
|
||||
channel.getPipeline().replace(HttpResponseDecoder.class, "ws-decoder", new WebSocket00FrameDecoder());
|
||||
channel.getPipeline().replace(HttpResponseDecoder.class, "ws-decoder",
|
||||
new WebSocket00FrameDecoder(this.getMaxFramePayloadLength()));
|
||||
|
||||
setHandshakeComplete();
|
||||
}
|
||||
|
||||
@ -54,7 +54,7 @@ public class WebSocketClientHandshaker08 extends WebSocketClientHandshaker {
|
||||
private final boolean allowExtensions;
|
||||
|
||||
/**
|
||||
* Constructor specifying the destination web socket location and version to initiate
|
||||
* Constructor
|
||||
*
|
||||
* @param webSocketURL
|
||||
* URL for web socket communications. e.g "ws://myhost.com/mypath". Subsequent web socket frames will be
|
||||
@ -67,10 +67,12 @@ public class WebSocketClientHandshaker08 extends WebSocketClientHandshaker {
|
||||
* Allow extensions to be used in the reserved bits of the web socket frame
|
||||
* @param customHeaders
|
||||
* Map of custom headers to add to the client request
|
||||
* @param maxFramePayloadLength
|
||||
* Maximum length of a frame's payload
|
||||
*/
|
||||
public WebSocketClientHandshaker08(URI webSocketURL, WebSocketVersion version, String subprotocol,
|
||||
boolean allowExtensions, Map<String, String> customHeaders) {
|
||||
super(webSocketURL, version, subprotocol, customHeaders);
|
||||
boolean allowExtensions, Map<String, String> customHeaders, long maxFramePayloadLength) {
|
||||
super(webSocketURL, version, subprotocol, customHeaders, maxFramePayloadLength);
|
||||
this.allowExtensions = allowExtensions;
|
||||
}
|
||||
|
||||
@ -122,11 +124,11 @@ public class WebSocketClientHandshaker08 extends WebSocketClientHandshaker {
|
||||
request.addHeader(Names.CONNECTION, Values.UPGRADE);
|
||||
request.addHeader(Names.SEC_WEBSOCKET_KEY, key);
|
||||
request.addHeader(Names.HOST, wsURL.getHost());
|
||||
|
||||
|
||||
int wsPort = wsURL.getPort();
|
||||
String originValue = "http://" + wsURL.getHost();
|
||||
if (wsPort != 80 && wsPort != 443) {
|
||||
// if the port is not standard (80/443) its needed to add the port to the header.
|
||||
// if the port is not standard (80/443) its needed to add the port to the header.
|
||||
// See http://tools.ietf.org/html/rfc6454#section-6.2
|
||||
originValue = originValue + ":" + wsPort;
|
||||
}
|
||||
@ -134,7 +136,7 @@ public class WebSocketClientHandshaker08 extends WebSocketClientHandshaker {
|
||||
// Use Sec-WebSocket-Origin
|
||||
// See https://github.com/netty/netty/issues/264
|
||||
request.addHeader(Names.SEC_WEBSOCKET_ORIGIN, originValue);
|
||||
|
||||
|
||||
if (protocol != null && !protocol.equals("")) {
|
||||
request.addHeader(Names.SEC_WEBSOCKET_PROTOCOL, protocol);
|
||||
}
|
||||
@ -195,7 +197,7 @@ public class WebSocketClientHandshaker08 extends WebSocketClientHandshaker {
|
||||
throw new WebSocketHandshakeException("Invalid handshake response connection: "
|
||||
+ response.getHeader(Names.CONNECTION));
|
||||
}
|
||||
|
||||
|
||||
String accept = response.getHeader(Names.SEC_WEBSOCKET_ACCEPT);
|
||||
if (accept == null || !accept.equals(expectedChallengeResponseString)) {
|
||||
throw new WebSocketHandshakeException(String.format("Invalid challenge. Actual: %s. Expected: %s", accept,
|
||||
@ -203,7 +205,7 @@ public class WebSocketClientHandshaker08 extends WebSocketClientHandshaker {
|
||||
}
|
||||
|
||||
channel.getPipeline().replace(HttpResponseDecoder.class, "ws-decoder",
|
||||
new WebSocket08FrameDecoder(false, allowExtensions));
|
||||
new WebSocket08FrameDecoder(false, allowExtensions, this.getMaxFramePayloadLength()));
|
||||
|
||||
setHandshakeComplete();
|
||||
}
|
||||
|
||||
@ -54,7 +54,7 @@ public class WebSocketClientHandshaker13 extends WebSocketClientHandshaker {
|
||||
private final boolean allowExtensions;
|
||||
|
||||
/**
|
||||
* Constructor specifying the destination web socket location and version to initiate
|
||||
* Constructor
|
||||
*
|
||||
* @param webSocketURL
|
||||
* URL for web socket communications. e.g "ws://myhost.com/mypath". Subsequent web socket frames will be
|
||||
@ -67,13 +67,15 @@ public class WebSocketClientHandshaker13 extends WebSocketClientHandshaker {
|
||||
* Allow extensions to be used in the reserved bits of the web socket frame
|
||||
* @param customHeaders
|
||||
* Map of custom headers to add to the client request
|
||||
* @param maxFramePayloadLength
|
||||
* Maximum length of a frame's payload
|
||||
*/
|
||||
public WebSocketClientHandshaker13(URI webSocketURL, WebSocketVersion version, String subprotocol,
|
||||
boolean allowExtensions, Map<String, String> customHeaders) {
|
||||
super(webSocketURL, version, subprotocol, customHeaders);
|
||||
boolean allowExtensions, Map<String, String> customHeaders, long maxFramePayloadLength) {
|
||||
super(webSocketURL, version, subprotocol, customHeaders, maxFramePayloadLength);
|
||||
this.allowExtensions = allowExtensions;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* /**
|
||||
* <p>
|
||||
@ -200,7 +202,7 @@ public class WebSocketClientHandshaker13 extends WebSocketClientHandshaker {
|
||||
}
|
||||
|
||||
channel.getPipeline().replace(HttpResponseDecoder.class, "ws-decoder",
|
||||
new WebSocket13FrameDecoder(false, allowExtensions));
|
||||
new WebSocket13FrameDecoder(false, allowExtensions, this.getMaxFramePayloadLength()));
|
||||
|
||||
setHandshakeComplete();
|
||||
}
|
||||
|
||||
@ -41,17 +41,40 @@ public class WebSocketClientHandshakerFactory {
|
||||
*/
|
||||
public WebSocketClientHandshaker newHandshaker(URI webSocketURL, WebSocketVersion version, String subprotocol,
|
||||
boolean allowExtensions, Map<String, String> customHeaders) throws WebSocketHandshakeException {
|
||||
return newHandshaker(webSocketURL, version, subprotocol, allowExtensions, customHeaders, Long.MAX_VALUE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Instances a new handshaker
|
||||
*
|
||||
* @param webSocketURL
|
||||
* URL for web socket communications. e.g "ws://myhost.com/mypath". Subsequent web socket frames will be
|
||||
* sent to this URL.
|
||||
* @param version
|
||||
* Version of web socket specification to use to connect to the server
|
||||
* @param subprotocol
|
||||
* Sub protocol request sent to the server. Null if no sub-protocol support is required.
|
||||
* @param allowExtensions
|
||||
* Allow extensions to be used in the reserved bits of the web socket frame
|
||||
* @param customHeaders
|
||||
* Custom HTTP headers to send during the handshake
|
||||
* @param maxFramePayloadLength
|
||||
* Maximum allowable frame payload length. Setting this value to your application's requirement may
|
||||
* reduce denial of service attacks using long data frames.
|
||||
* @throws WebSocketHandshakeException
|
||||
*/
|
||||
public WebSocketClientHandshaker newHandshaker(URI webSocketURL, WebSocketVersion version, String subprotocol,
|
||||
boolean allowExtensions, Map<String, String> customHeaders, long maxFramePayloadLength) throws WebSocketHandshakeException {
|
||||
if (version == WebSocketVersion.V13) {
|
||||
return new WebSocketClientHandshaker13(webSocketURL, version, subprotocol, allowExtensions, customHeaders);
|
||||
return new WebSocketClientHandshaker13(webSocketURL, version, subprotocol, allowExtensions, customHeaders, maxFramePayloadLength);
|
||||
}
|
||||
if (version == WebSocketVersion.V08) {
|
||||
return new WebSocketClientHandshaker08(webSocketURL, version, subprotocol, allowExtensions, customHeaders);
|
||||
return new WebSocketClientHandshaker08(webSocketURL, version, subprotocol, allowExtensions, customHeaders, maxFramePayloadLength);
|
||||
}
|
||||
if (version == WebSocketVersion.V00) {
|
||||
return new WebSocketClientHandshaker00(webSocketURL, version, subprotocol, customHeaders);
|
||||
return new WebSocketClientHandshaker00(webSocketURL, version, subprotocol, customHeaders, maxFramePayloadLength);
|
||||
}
|
||||
|
||||
throw new WebSocketHandshakeException("Protocol version " + version.toString() + " not supported.");
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@ -33,9 +33,11 @@ public abstract class WebSocketServerHandshaker {
|
||||
|
||||
private final WebSocketVersion version;
|
||||
|
||||
private final long maxFramePayloadLength;
|
||||
|
||||
/**
|
||||
* Constructor specifying the destination web socket location
|
||||
*
|
||||
*
|
||||
* @param version
|
||||
* the protocol version
|
||||
* @param webSocketUrl
|
||||
@ -43,9 +45,11 @@ public abstract class WebSocketServerHandshaker {
|
||||
* sent to this URL.
|
||||
* @param subprotocols
|
||||
* CSV of supported protocols. Null if sub protocols not supported.
|
||||
* @param maxFramePayloadLength
|
||||
* Maximum length of a frame's payload
|
||||
*/
|
||||
protected WebSocketServerHandshaker(
|
||||
WebSocketVersion version, String webSocketUrl, String subprotocols) {
|
||||
protected WebSocketServerHandshaker(WebSocketVersion version, String webSocketUrl, String subprotocols,
|
||||
long maxFramePayloadLength) {
|
||||
this.version = version;
|
||||
this.webSocketUrl = webSocketUrl;
|
||||
if (subprotocols != null) {
|
||||
@ -57,6 +61,7 @@ public abstract class WebSocketServerHandshaker {
|
||||
} else {
|
||||
this.subprotocols = new String[0];
|
||||
}
|
||||
this.maxFramePayloadLength = maxFramePayloadLength;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -71,7 +76,7 @@ public abstract class WebSocketServerHandshaker {
|
||||
*/
|
||||
public Set<String> getSubprotocols() {
|
||||
Set<String> ret = new LinkedHashSet<String>();
|
||||
for (String p: this.subprotocols) {
|
||||
for (String p : this.subprotocols) {
|
||||
ret.add(p);
|
||||
}
|
||||
return ret;
|
||||
@ -84,9 +89,16 @@ public abstract class WebSocketServerHandshaker {
|
||||
return version;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the max length for any frame's payload
|
||||
*/
|
||||
public long getMaxFramePayloadLength() {
|
||||
return maxFramePayloadLength;
|
||||
}
|
||||
|
||||
/**
|
||||
* Performs the opening handshake
|
||||
*
|
||||
*
|
||||
* @param channel
|
||||
* Channel
|
||||
* @param req
|
||||
@ -96,7 +108,7 @@ public abstract class WebSocketServerHandshaker {
|
||||
|
||||
/**
|
||||
* Performs the closing handshake
|
||||
*
|
||||
*
|
||||
* @param channel
|
||||
* Channel
|
||||
* @param frame
|
||||
@ -106,7 +118,7 @@ public abstract class WebSocketServerHandshaker {
|
||||
|
||||
/**
|
||||
* Selects the first matching supported sub protocol
|
||||
*
|
||||
*
|
||||
* @param requestedSubprotocols
|
||||
* CSV of protocols to be supported. e.g. "chat, superchat"
|
||||
* @return First matching supported sub protocol. Null if not found.
|
||||
@ -117,10 +129,10 @@ public abstract class WebSocketServerHandshaker {
|
||||
}
|
||||
|
||||
String[] requesteSubprotocolArray = requestedSubprotocols.split(",");
|
||||
for (String p: requesteSubprotocolArray) {
|
||||
for (String p : requesteSubprotocolArray) {
|
||||
String requestedSubprotocol = p.trim();
|
||||
|
||||
for (String supportedSubprotocol: subprotocols) {
|
||||
for (String supportedSubprotocol : subprotocols) {
|
||||
if (requestedSubprotocol.equals(supportedSubprotocol)) {
|
||||
return requestedSubprotocol;
|
||||
}
|
||||
|
||||
@ -58,9 +58,12 @@ public class WebSocketServerHandshaker00 extends WebSocketServerHandshaker {
|
||||
* sent to this URL.
|
||||
* @param subprotocols
|
||||
* CSV of supported protocols
|
||||
* @param maxFramePayloadLength
|
||||
* Maximum allowable frame payload length. Setting this value to your application's requirement may
|
||||
* reduce denial of service attacks using long data frames.
|
||||
*/
|
||||
public WebSocketServerHandshaker00(String webSocketURL, String subprotocols) {
|
||||
super(WebSocketVersion.V00, webSocketURL, subprotocols);
|
||||
public WebSocketServerHandshaker00(String webSocketURL, String subprotocols, long maxFramePayloadLength) {
|
||||
super(WebSocketVersion.V00, webSocketURL, subprotocols, maxFramePayloadLength);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -167,7 +170,8 @@ public class WebSocketServerHandshaker00 extends WebSocketServerHandshaker {
|
||||
if (p.get(HttpChunkAggregator.class) != null) {
|
||||
p.remove(HttpChunkAggregator.class);
|
||||
}
|
||||
p.replace(HttpRequestDecoder.class, "wsdecoder", new WebSocket00FrameDecoder());
|
||||
p.replace(HttpRequestDecoder.class, "wsdecoder",
|
||||
new WebSocket00FrameDecoder(this.getMaxFramePayloadLength()));
|
||||
|
||||
ChannelFuture future = channel.write(res);
|
||||
|
||||
|
||||
@ -59,9 +59,13 @@ public class WebSocketServerHandshaker08 extends WebSocketServerHandshaker {
|
||||
* CSV of supported protocols
|
||||
* @param allowExtensions
|
||||
* Allow extensions to be used in the reserved bits of the web socket frame
|
||||
* @param maxFramePayloadLength
|
||||
* Maximum allowable frame payload length. Setting this value to your application's requirement may
|
||||
* reduce denial of service attacks using long data frames.
|
||||
*/
|
||||
public WebSocketServerHandshaker08(String webSocketURL, String subprotocols, boolean allowExtensions) {
|
||||
super(WebSocketVersion.V08, webSocketURL, subprotocols);
|
||||
public WebSocketServerHandshaker08(String webSocketURL, String subprotocols, boolean allowExtensions,
|
||||
long maxFramePayloadLength) {
|
||||
super(WebSocketVersion.V08, webSocketURL, subprotocols, maxFramePayloadLength);
|
||||
this.allowExtensions = allowExtensions;
|
||||
}
|
||||
|
||||
@ -142,7 +146,8 @@ public class WebSocketServerHandshaker08 extends WebSocketServerHandshaker {
|
||||
p.remove(HttpChunkAggregator.class);
|
||||
}
|
||||
|
||||
p.replace(HttpRequestDecoder.class, "wsdecoder", new WebSocket08FrameDecoder(true, allowExtensions));
|
||||
p.replace(HttpRequestDecoder.class, "wsdecoder",
|
||||
new WebSocket08FrameDecoder(true, allowExtensions, this.getMaxFramePayloadLength()));
|
||||
p.replace(HttpResponseEncoder.class, "wsencoder", new WebSocket08FrameEncoder(false));
|
||||
|
||||
return future;
|
||||
|
||||
@ -60,9 +60,13 @@ public class WebSocketServerHandshaker13 extends WebSocketServerHandshaker {
|
||||
* CSV of supported protocols
|
||||
* @param allowExtensions
|
||||
* Allow extensions to be used in the reserved bits of the web socket frame
|
||||
* @param maxFramePayloadLength
|
||||
* Maximum allowable frame payload length. Setting this value to your application's requirement may
|
||||
* reduce denial of service attacks using long data frames.
|
||||
*/
|
||||
public WebSocketServerHandshaker13(String webSocketURL, String subprotocols, boolean allowExtensions) {
|
||||
super(WebSocketVersion.V13, webSocketURL, subprotocols);
|
||||
public WebSocketServerHandshaker13(String webSocketURL, String subprotocols, boolean allowExtensions,
|
||||
long maxFramePayloadLength) {
|
||||
super(WebSocketVersion.V13, webSocketURL, subprotocols, maxFramePayloadLength);
|
||||
this.allowExtensions = allowExtensions;
|
||||
}
|
||||
|
||||
@ -143,7 +147,8 @@ public class WebSocketServerHandshaker13 extends WebSocketServerHandshaker {
|
||||
p.remove(HttpChunkAggregator.class);
|
||||
}
|
||||
|
||||
p.replace(HttpRequestDecoder.class, "wsdecoder", new WebSocket13FrameDecoder(true, allowExtensions));
|
||||
p.replace(HttpRequestDecoder.class, "wsdecoder",
|
||||
new WebSocket13FrameDecoder(true, allowExtensions, this.getMaxFramePayloadLength()));
|
||||
p.replace(HttpResponseEncoder.class, "wsencoder", new WebSocket13FrameEncoder(false));
|
||||
|
||||
return future;
|
||||
|
||||
@ -34,6 +34,8 @@ public class WebSocketServerHandshakerFactory {
|
||||
|
||||
private final boolean allowExtensions;
|
||||
|
||||
private final long maxFramePayloadLength;
|
||||
|
||||
/**
|
||||
* Constructor specifying the destination web socket location
|
||||
*
|
||||
@ -46,10 +48,31 @@ public class WebSocketServerHandshakerFactory {
|
||||
* Allow extensions to be used in the reserved bits of the web socket frame
|
||||
*/
|
||||
public WebSocketServerHandshakerFactory(String webSocketURL, String subprotocols, boolean allowExtensions) {
|
||||
this(webSocketURL, subprotocols, allowExtensions, Long.MAX_VALUE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructor specifying the destination web socket location
|
||||
*
|
||||
* @param webSocketURL
|
||||
* URL for web socket communications. e.g "ws://myhost.com/mypath". Subsequent web socket frames will be
|
||||
* sent to this URL.
|
||||
* @param subprotocols
|
||||
* CSV of supported protocols. Null if sub protocols not supported.
|
||||
* @param allowExtensions
|
||||
* Allow extensions to be used in the reserved bits of the web socket frame
|
||||
* @param maxFramePayloadLength
|
||||
* Maximum allowable frame payload length. Setting this value to your application's requirement may
|
||||
* reduce denial of service attacks using long data frames.
|
||||
*/
|
||||
public WebSocketServerHandshakerFactory(String webSocketURL, String subprotocols, boolean allowExtensions,
|
||||
long maxFramePayloadLength) {
|
||||
this.webSocketURL = webSocketURL;
|
||||
this.subprotocols = subprotocols;
|
||||
this.allowExtensions = allowExtensions;
|
||||
this.maxFramePayloadLength = maxFramePayloadLength;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Instances a new handshaker
|
||||
@ -63,16 +86,16 @@ public class WebSocketServerHandshakerFactory {
|
||||
if (version != null) {
|
||||
if (version.equals(WebSocketVersion.V13.toHttpHeaderValue())) {
|
||||
// Version 13 of the wire protocol - RFC 6455 (version 17 of the draft hybi specification).
|
||||
return new WebSocketServerHandshaker13(webSocketURL, subprotocols, allowExtensions);
|
||||
return new WebSocketServerHandshaker13(webSocketURL, subprotocols, allowExtensions, maxFramePayloadLength);
|
||||
} else if (version.equals(WebSocketVersion.V08.toHttpHeaderValue())) {
|
||||
// Version 8 of the wire protocol - version 10 of the draft hybi specification.
|
||||
return new WebSocketServerHandshaker08(webSocketURL, subprotocols, allowExtensions);
|
||||
return new WebSocketServerHandshaker08(webSocketURL, subprotocols, allowExtensions, maxFramePayloadLength);
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
} else {
|
||||
// Assume version 00 where version header was not specified
|
||||
return new WebSocketServerHandshaker00(webSocketURL, subprotocols);
|
||||
return new WebSocketServerHandshaker00(webSocketURL, subprotocols, maxFramePayloadLength);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -75,7 +75,7 @@ public class WebSocketServerHandshaker00Test {
|
||||
ChannelBuffer buffer = ChannelBuffers.copiedBuffer("^n:ds[4U", Charset.defaultCharset());
|
||||
req.setContent(buffer);
|
||||
|
||||
WebSocketServerHandshaker00 handsaker = new WebSocketServerHandshaker00("ws://example.com/chat", "chat");
|
||||
WebSocketServerHandshaker00 handsaker = new WebSocketServerHandshaker00("ws://example.com/chat", "chat", Long.MAX_VALUE);
|
||||
handsaker.handshake(channelMock, req);
|
||||
|
||||
Assert.assertEquals("ws://example.com/chat", res.getValue().getHeader(Names.SEC_WEBSOCKET_LOCATION));
|
||||
|
||||
@ -68,7 +68,7 @@ public class WebSocketServerHandshaker08Test {
|
||||
req.setHeader(Names.SEC_WEBSOCKET_PROTOCOL, "chat, superchat");
|
||||
req.setHeader(Names.SEC_WEBSOCKET_VERSION, "8");
|
||||
|
||||
WebSocketServerHandshaker08 handsaker = new WebSocketServerHandshaker08("ws://example.com/chat", "chat", false);
|
||||
WebSocketServerHandshaker08 handsaker = new WebSocketServerHandshaker08("ws://example.com/chat", "chat", false, Long.MAX_VALUE);
|
||||
handsaker.handshake(channelMock, req);
|
||||
|
||||
Assert.assertEquals("s3pPLMBiTxaQ9kYGzzhZRbK+xOo=", res.getValue().getHeader(Names.SEC_WEBSOCKET_ACCEPT));
|
||||
|
||||
@ -67,7 +67,7 @@ public class WebSocketServerHandshaker13Test {
|
||||
req.setHeader(Names.SEC_WEBSOCKET_ORIGIN, "http://example.com");
|
||||
req.setHeader(Names.SEC_WEBSOCKET_PROTOCOL, "chat, superchat");
|
||||
req.setHeader(Names.SEC_WEBSOCKET_VERSION, "13");
|
||||
WebSocketServerHandshaker13 handsaker = new WebSocketServerHandshaker13("ws://example.com/chat", "chat", false);
|
||||
WebSocketServerHandshaker13 handsaker = new WebSocketServerHandshaker13("ws://example.com/chat", "chat", false, Long.MAX_VALUE);
|
||||
handsaker.handshake(channelMock, req);
|
||||
|
||||
Assert.assertEquals("s3pPLMBiTxaQ9kYGzzhZRbK+xOo=", res.getValue().getHeader(Names.SEC_WEBSOCKET_ACCEPT));
|
||||
|
||||
@ -117,7 +117,7 @@ public class WebSocketClient {
|
||||
|
||||
// Send 10 messages and wait for responses
|
||||
logger.info("WebSocket Client sending message");
|
||||
for (int i = 0; i < 10; i++) {
|
||||
for (int i = 0; i < 1000; i++) {
|
||||
ch.write(new TextWebSocketFrame("Message #" + i));
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user