Package io.netty.handler.codec.http

Class HttpRequestDecoder

java.lang.Object

io.netty.channel.ChannelHandlerAdapter

io.netty.channel.ChannelInboundHandlerAdapter

io.netty.handler.codec.ByteToMessageDecoder

io.netty.handler.codec.http.HttpObjectDecoder

io.netty.handler.codec.http.HttpRequestDecoder

All Implemented Interfaces:

io.netty.channel.ChannelHandler, io.netty.channel.ChannelInboundHandler

public class HttpRequestDecoder
extends HttpObjectDecoder

Decodes ByteBufs into HttpRequests and HttpContents.

Parameters that prevents excessive memory consumption

Name	Meaning
maxInitialLineLength	The maximum length of the initial line (e.g. "GET / HTTP/1.0") If the length of the initial line exceeds this value, a TooLongHttpLineException will be raised.
maxHeaderSize	The maximum length of all headers. If the sum of the length of each header exceeds this value, a TooLongHttpHeaderException will be raised.
maxChunkSize	The maximum length of the content or each chunk. If the content length exceeds this value, the transfer encoding of the decoded request will be converted to 'chunked' and the content will be split into multiple HttpContents. If the transfer encoding of the HTTP request is 'chunked' already, each chunk will be split into smaller chunks if the length of the chunk exceeds this value. If you prefer not to handle HttpContents in your handler, insert HttpObjectAggregator after this decoder in the ChannelPipeline.

Parameters that control parsing behavior

Name	Default value	Meaning
allowDuplicateContentLengths	false	When set to false, will reject any messages that contain multiple Content-Length header fields. When set to true, will allow multiple Content-Length headers only if they are all the same decimal value. The duplicated field-values will be replaced with a single valid Content-Length field. See RFC 7230, Section 3.3.2.
allowPartialChunks	true	If the length of a chunk exceeds the ByteBufs readable bytes and allowPartialChunks is set to true, the chunk will be split into multiple HttpContents. Otherwise, if the chunk size does not exceed maxChunkSize and allowPartialChunks is set to false, the ByteBuf is not decoded into an HttpContent until the readable bytes are greater or equal to the chunk size.

Header Validation

It is recommended to always enable header validation.

Without header validation, your system can become vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') .

This recommendation stands even when both peers in the HTTP exchange are trusted, as it helps with defence-in-depth.

Nested Class Summary

Nested classes/interfaces inherited from class io.netty.handler.codec.ByteToMessageDecoder

io.netty.handler.codec.ByteToMessageDecoder.Cumulator

Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler

io.netty.channel.ChannelHandler.Sharable

Field Summary

Fields inherited from class io.netty.handler.codec.http.HttpObjectDecoder

DEFAULT_ALLOW_DUPLICATE_CONTENT_LENGTHS, DEFAULT_ALLOW_PARTIAL_CHUNKS, DEFAULT_CHUNKED_SUPPORTED, DEFAULT_INITIAL_BUFFER_SIZE, DEFAULT_MAX_CHUNK_SIZE, DEFAULT_MAX_HEADER_SIZE, DEFAULT_MAX_INITIAL_LINE_LENGTH, DEFAULT_VALIDATE_HEADERS, headersFactory, trailersFactory, validateHeaders

Fields inherited from class io.netty.handler.codec.ByteToMessageDecoder

COMPOSITE_CUMULATOR, MERGE_CUMULATOR

Constructor Summary

Constructors

Constructor	Description
HttpRequestDecoder()	Creates a new instance with the default maxInitialLineLength (4096), maxHeaderSize (8192), and maxChunkSize (8192).
HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize)	Creates a new instance with the specified parameters.
HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders)	Deprecated. Prefer the HttpRequestDecoder(HttpDecoderConfig) constructor, to always have header validation enabled.
HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize)	Deprecated. Prefer the HttpRequestDecoder(HttpDecoderConfig) constructor, to always have header validation enabled.
HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize, boolean allowDuplicateContentLengths)	Deprecated. Prefer the HttpRequestDecoder(HttpDecoderConfig) constructor, to always have header validation enabled.
HttpRequestDecoder(int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean validateHeaders, int initialBufferSize, boolean allowDuplicateContentLengths, boolean allowPartialChunks)	Deprecated. Prefer the HttpRequestDecoder(HttpDecoderConfig) constructor, to always have header validation enabled.
HttpRequestDecoder(HttpDecoderConfig config)	Creates a new instance with the specified configuration.

Method Summary

Modifier and Type	Method	Description
protected HttpMessage	createInvalidMessage()
protected HttpMessage	createMessage(String[] initialLine)
protected boolean	isContentAlwaysEmpty(HttpMessage msg)
protected boolean	isDecodingRequest()
protected String	splitFirstWordInitialLine(byte[] sb, int start, int length)
protected io.netty.util.AsciiString	splitHeaderName(byte[] sb, int start, int length)
protected String	splitThirdWordInitialLine(byte[] sb, int start, int length)

Methods inherited from class io.netty.handler.codec.http.HttpObjectDecoder

decode, decodeLast, handlerRemoved0, handleTransferEncodingChunkedWithContentLength, isSwitchingToNonHttp1Protocol, isValidating, reset, splitSecondWordInitialLine, userEventTriggered

Methods inherited from class io.netty.handler.codec.ByteToMessageDecoder

actualReadableBytes, callDecode, channelInactive, channelRead, channelReadComplete, discardSomeReadBytes, handlerRemoved, internalBuffer, isSingleDecode, setCumulator, setDiscardAfterReads, setSingleDecode

Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter

channelActive, channelRegistered, channelUnregistered, channelWritabilityChanged, exceptionCaught

Methods inherited from class io.netty.channel.ChannelHandlerAdapter

ensureNotSharable, handlerAdded, isSharable

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.netty.channel.ChannelHandler

handlerAdded

Constructor Detail

HttpRequestDecoder

public HttpRequestDecoder()

Creates a new instance with the default maxInitialLineLength (4096), maxHeaderSize (8192), and maxChunkSize (8192).

HttpRequestDecoder

public HttpRequestDecoder(int maxInitialLineLength,
                          int maxHeaderSize,
                          int maxChunkSize)

Creates a new instance with the specified parameters.

HttpRequestDecoder

@Deprecated
public HttpRequestDecoder(int maxInitialLineLength,
                          int maxHeaderSize,
                          int maxChunkSize,
                          boolean validateHeaders)

Deprecated.

Prefer the HttpRequestDecoder(HttpDecoderConfig) constructor, to always have header validation enabled.

HttpRequestDecoder

@Deprecated
public HttpRequestDecoder(int maxInitialLineLength,
                          int maxHeaderSize,
                          int maxChunkSize,
                          boolean validateHeaders,
                          int initialBufferSize)

Deprecated.

Prefer the HttpRequestDecoder(HttpDecoderConfig) constructor, to always have header validation enabled.

HttpRequestDecoder

@Deprecated
public HttpRequestDecoder(int maxInitialLineLength,
                          int maxHeaderSize,
                          int maxChunkSize,
                          boolean validateHeaders,
                          int initialBufferSize,
                          boolean allowDuplicateContentLengths)

Deprecated.

Prefer the HttpRequestDecoder(HttpDecoderConfig) constructor, to always have header validation enabled.

HttpRequestDecoder

@Deprecated
public HttpRequestDecoder(int maxInitialLineLength,
                          int maxHeaderSize,
                          int maxChunkSize,
                          boolean validateHeaders,
                          int initialBufferSize,
                          boolean allowDuplicateContentLengths,
                          boolean allowPartialChunks)

Deprecated.

Prefer the HttpRequestDecoder(HttpDecoderConfig) constructor, to always have header validation enabled.

HttpRequestDecoder

public HttpRequestDecoder(HttpDecoderConfig config)

Creates a new instance with the specified configuration.

Method Detail

createMessage

protected HttpMessage createMessage(String[] initialLine)
                             throws Exception

Specified by:

createMessage in class HttpObjectDecoder

Throws:

Exception

splitHeaderName

protected io.netty.util.AsciiString splitHeaderName(byte[] sb,
                                                    int start,
                                                    int length)

Overrides:

splitHeaderName in class HttpObjectDecoder

splitFirstWordInitialLine

protected String splitFirstWordInitialLine(byte[] sb,
                                           int start,
                                           int length)

Overrides:

splitFirstWordInitialLine in class HttpObjectDecoder

splitThirdWordInitialLine

protected String splitThirdWordInitialLine(byte[] sb,
                                           int start,
                                           int length)

Overrides:

splitThirdWordInitialLine in class HttpObjectDecoder

createInvalidMessage

protected HttpMessage createInvalidMessage()

Specified by:

createInvalidMessage in class HttpObjectDecoder

isDecodingRequest

protected boolean isDecodingRequest()

Specified by:

isDecodingRequest in class HttpObjectDecoder

isContentAlwaysEmpty

protected boolean isContentAlwaysEmpty(HttpMessage msg)

Overrides:

isContentAlwaysEmpty in class HttpObjectDecoder