Package io.netty.handler.codec.http
Class HttpRequestDecoder
java.lang.Object
io.netty.channel.ChannelHandlerAdapter
io.netty.channel.ChannelInboundHandlerAdapter
io.netty.handler.codec.ByteToMessageDecoder
io.netty.handler.codec.http.HttpObjectDecoder
io.netty.handler.codec.http.HttpRequestDecoder
- All Implemented Interfaces:
ChannelHandler
,ChannelInboundHandler
- Direct Known Subclasses:
HttpServerCodec.HttpServerRequestDecoder
Decodes
ByteBuf
s into HttpRequest
s and HttpContent
s.
Parameters that prevents excessive memory consumption
Name | Meaning |
---|---|
maxInitialLineLength |
The maximum length of the initial line (e.g. "GET / HTTP/1.0" )
If the length of the initial line exceeds this value, a
TooLongHttpLineException will be raised. |
maxHeaderSize |
The maximum length of all headers. If the sum of the length of each
header exceeds this value, a TooLongHttpHeaderException will be raised. |
maxChunkSize |
The maximum length of the content or each chunk. If the content length
exceeds this value, the transfer encoding of the decoded request will be
converted to 'chunked' and the content will be split into multiple
HttpContent s. If the transfer encoding of the HTTP request is
'chunked' already, each chunk will be split into smaller chunks if the
length of the chunk exceeds this value. If you prefer not to handle
HttpContent s in your handler, insert HttpObjectAggregator
after this decoder in the ChannelPipeline . |
Parameters that control parsing behavior
Name | Default value | Meaning |
---|---|---|
allowDuplicateContentLengths |
false | When set to false , will reject any messages that contain multiple Content-Length header fields.
When set to true , will allow multiple Content-Length headers only if they are all the same decimal value.
The duplicated field-values will be replaced with a single valid Content-Length field.
See RFC 7230, Section 3.3.2. |
allowPartialChunks |
true | If the length of a chunk exceeds the ByteBuf s readable bytes and allowPartialChunks
is set to true , the chunk will be split into multiple HttpContent s.
Otherwise, if the chunk size does not exceed maxChunkSize and allowPartialChunks
is set to false , the ByteBuf is not decoded into an HttpContent until
the readable bytes are greater or equal to the chunk size. |
Header Validation
It is recommended to always enable header validation.Without header validation, your system can become vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') .
This recommendation stands even when both peers in the HTTP exchange are trusted, as it helps with defence-in-depth.
-
Nested Class Summary
Nested classes/interfaces inherited from class io.netty.handler.codec.ByteToMessageDecoder
ByteToMessageDecoder.Cumulator
Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler
ChannelHandler.Sharable
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final AsciiString
private static final long
private static final AsciiString
private static final long
private static final short
private static final long
private static final AsciiString
private static final AsciiString
private static final int
private static final AsciiString
private static final int
private static final long
private static final long
private static final long
private static final int
private static final int
Fields inherited from class io.netty.handler.codec.http.HttpObjectDecoder
DEFAULT_ALLOW_DUPLICATE_CONTENT_LENGTHS, DEFAULT_ALLOW_PARTIAL_CHUNKS, DEFAULT_CHUNKED_SUPPORTED, DEFAULT_INITIAL_BUFFER_SIZE, DEFAULT_MAX_CHUNK_SIZE, DEFAULT_MAX_HEADER_SIZE, DEFAULT_MAX_INITIAL_LINE_LENGTH, DEFAULT_VALIDATE_HEADERS, headersFactory, trailersFactory, validateHeaders
Fields inherited from class io.netty.handler.codec.ByteToMessageDecoder
COMPOSITE_CUMULATOR, MERGE_CUMULATOR
-
Constructor Summary
ConstructorsConstructorDescriptionCreates a new instance with the defaultmaxInitialLineLength (4096)
,maxHeaderSize (8192)
, andmaxChunkSize (8192)
.HttpRequestDecoder
(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize) Creates a new instance with the specified parameters.HttpRequestDecoder
(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders) Deprecated.HttpRequestDecoder
(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize) Deprecated.Prefer theHttpRequestDecoder(HttpDecoderConfig)
constructor, to always have header validation enabled.HttpRequestDecoder
(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize, boolean allowDuplicateContentLengths) Deprecated.Prefer theHttpRequestDecoder(HttpDecoderConfig)
constructor, to always have header validation enabled.HttpRequestDecoder
(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize, boolean allowDuplicateContentLengths, boolean allowPartialChunks) Deprecated.Prefer theHttpRequestDecoder(HttpDecoderConfig)
constructor, to always have header validation enabled.HttpRequestDecoder
(HttpDecoderConfig config) Creates a new instance with the specified configuration. -
Method Summary
Modifier and TypeMethodDescriptionprotected HttpMessage
protected HttpMessage
createMessage
(String[] initialLine) private static boolean
isAccept
(byte[] sb, int start) private static boolean
isConnection
(byte[] sb, int start) protected boolean
private static boolean
isContentLength
(byte[] sb, int start) private static boolean
isContentType
(byte[] sb, int start) protected boolean
private static boolean
isGetMethod
(byte[] sb, int start) private static boolean
isHost
(byte[] sb, int start) private static boolean
isPostMethod
(byte[] sb, int start) protected String
splitFirstWordInitialLine
(byte[] sb, int start, int length) protected AsciiString
splitHeaderName
(byte[] sb, int start, int length) protected String
splitThirdWordInitialLine
(byte[] sb, int start, int length) Methods inherited from class io.netty.handler.codec.http.HttpObjectDecoder
decode, decodeLast, handlerRemoved0, handleTransferEncodingChunkedWithContentLength, isSwitchingToNonHttp1Protocol, isValidating, reset, splitSecondWordInitialLine, userEventTriggered
Methods inherited from class io.netty.handler.codec.ByteToMessageDecoder
actualReadableBytes, callDecode, channelInactive, channelRead, channelReadComplete, discardSomeReadBytes, handlerRemoved, internalBuffer, isSingleDecode, setCumulator, setDiscardAfterReads, setSingleDecode
Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter
channelActive, channelRegistered, channelUnregistered, channelWritabilityChanged, exceptionCaught
Methods inherited from class io.netty.channel.ChannelHandlerAdapter
ensureNotSharable, handlerAdded, isSharable
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface io.netty.channel.ChannelHandler
handlerAdded
-
Field Details
-
Accept
-
Host
-
Connection
-
ContentType
-
ContentLength
-
GET_AS_INT
private static final int GET_AS_INT- See Also:
-
POST_AS_INT
private static final int POST_AS_INT- See Also:
-
HTTP_1_1_AS_LONG
private static final long HTTP_1_1_AS_LONG- See Also:
-
HTTP_1_0_AS_LONG
private static final long HTTP_1_0_AS_LONG- See Also:
-
HOST_AS_INT
private static final int HOST_AS_INT- See Also:
-
CONNECTION_AS_LONG_0
private static final long CONNECTION_AS_LONG_0- See Also:
-
CONNECTION_AS_SHORT_1
private static final short CONNECTION_AS_SHORT_1- See Also:
-
CONTENT_AS_LONG
private static final long CONTENT_AS_LONG- See Also:
-
TYPE_AS_INT
private static final int TYPE_AS_INT- See Also:
-
LENGTH_AS_LONG
private static final long LENGTH_AS_LONG- See Also:
-
ACCEPT_AS_LONG
private static final long ACCEPT_AS_LONG- See Also:
-
-
Constructor Details
-
HttpRequestDecoder
public HttpRequestDecoder()Creates a new instance with the defaultmaxInitialLineLength (4096)
,maxHeaderSize (8192)
, andmaxChunkSize (8192)
. -
HttpRequestDecoder
public HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize) Creates a new instance with the specified parameters. -
HttpRequestDecoder
@Deprecated public HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders) Deprecated.Prefer theHttpRequestDecoder(HttpDecoderConfig)
constructor, to always have header validation enabled. -
HttpRequestDecoder
@Deprecated public HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize) Deprecated.Prefer theHttpRequestDecoder(HttpDecoderConfig)
constructor, to always have header validation enabled. -
HttpRequestDecoder
@Deprecated public HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize, boolean allowDuplicateContentLengths) Deprecated.Prefer theHttpRequestDecoder(HttpDecoderConfig)
constructor, to always have header validation enabled. -
HttpRequestDecoder
@Deprecated public HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize, boolean allowDuplicateContentLengths, boolean allowPartialChunks) Deprecated.Prefer theHttpRequestDecoder(HttpDecoderConfig)
constructor, to always have header validation enabled. -
HttpRequestDecoder
Creates a new instance with the specified configuration.
-
-
Method Details
-
createMessage
- Specified by:
createMessage
in classHttpObjectDecoder
- Throws:
Exception
-
splitHeaderName
- Overrides:
splitHeaderName
in classHttpObjectDecoder
-
isAccept
private static boolean isAccept(byte[] sb, int start) -
isHost
private static boolean isHost(byte[] sb, int start) -
isConnection
private static boolean isConnection(byte[] sb, int start) -
isContentType
private static boolean isContentType(byte[] sb, int start) -
isContentLength
private static boolean isContentLength(byte[] sb, int start) -
isGetMethod
private static boolean isGetMethod(byte[] sb, int start) -
isPostMethod
private static boolean isPostMethod(byte[] sb, int start) -
splitFirstWordInitialLine
- Overrides:
splitFirstWordInitialLine
in classHttpObjectDecoder
-
splitThirdWordInitialLine
- Overrides:
splitThirdWordInitialLine
in classHttpObjectDecoder
-
createInvalidMessage
- Specified by:
createInvalidMessage
in classHttpObjectDecoder
-
isDecodingRequest
protected boolean isDecodingRequest()- Specified by:
isDecodingRequest
in classHttpObjectDecoder
-
isContentAlwaysEmpty
- Overrides:
isContentAlwaysEmpty
in classHttpObjectDecoder
-
HttpRequestDecoder(HttpDecoderConfig)
constructor, to always have header validation enabled.