SpringBoot Openshift POST io.undertow.util.ParameterLimitException: UT000047: 参数数量超过最大值1000

Posted

技术标签:

【中文标题】SpringBoot Openshift POST io.undertow.util.ParameterLimitException: UT000047: 参数数量超过最大值1000【英文标题】:SpringBoot Openshift POST io.undertow.util.ParameterLimitException: UT000047: The number of parameters exceeded the maximum of 1000 【发布时间】:2021-12-13 11:22:54 【问题描述】:

我有一个部署在 RedHat OpenShift 上的 Spring Boot 应用程序。每当我有一个大的 POST 请求(约 11000 行)时,我都会收到此消息。

java.lang.RuntimeException: io.undertow.util.ParameterLimitException: UT000047: The number of parameters exceeded the maximum of 1000
    at io.undertow.server.handlers.form.FormData.add(FormData.java:95) ~[undertow-core-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.server.handlers.form.FormData.add(FormData.java:85) ~[undertow-core-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.server.handlers.form.FormEncodedDataDefinition$FormEncodedDataParser.doParse(FormEncodedDataDefinition.java:173) ~[undertow-core-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.server.handlers.form.FormEncodedDataDefinition$FormEncodedDataParser.parseBlocking(FormEncodedDataDefinition.java:252) ~[undertow-core-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.spec.HttpServletRequestImpl.parseFormData(HttpServletRequestImpl.java:825) ~[undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.spec.HttpServletRequestImpl.getParameter(HttpServletRequestImpl.java:704) ~[undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at javax.servlet.ServletRequestWrapper.getParameter(ServletRequestWrapper.java:161) ~[javax.servlet-api-4.0.1.jar!/:4.0.1]
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:84) ~[spring-web-5.1.8.RELEASE.jar!/:5.1.8.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:109) ~[spring-web-5.1.8.RELEASE.jar!/:5.1.8.RELEASE]
    at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:114) ~[spring-boot-actuator-2.1.6.RELEASE.jar!/:2.1.6.RELEASE]
    at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:104) ~[spring-boot-actuator-2.1.6.RELEASE.jar!/:2.1.6.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:109) ~[spring-web-5.1.8.RELEASE.jar!/:5.1.8.RELEASE]
    at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) ~[spring-web-5.1.8.RELEASE.jar!/:5.1.8.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:109) ~[spring-web-5.1.8.RELEASE.jar!/:5.1.8.RELEASE]
    at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) ~[undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) ~[undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) ~[undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) ~[undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) ~[undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) ~[undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) ~[undertow-core-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) ~[undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) ~[undertow-core-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) ~[undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) ~[undertow-core-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.server.handlers.GracefulShutdownHandler.handleRequest(GracefulShutdownHandler.java:69) ~[undertow-core-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) [undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) [undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) [undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) [undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) [undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) [undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) [undertow-servlet-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:364) [undertow-core-2.0.21.Final.jar!/:2.0.21.Final]
    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-2.0.21.Final.jar!/:2.0.21.Final]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_292]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_292]
    at java.lang.Thread.run(Thread.java:748) [?:1.8.0_292]

请求 json 在具有 3 个列表的请求对象中解析。并且这 3 个列表不超过 1000 个元素,即使它们被分组。

它甚至没有进入控制器。

我尝试在 yml 文件中添加此属性,但保存的 json 文件有 245kb,即使使用此属性也无法运行。

server:
  tomcat:
    max-http-post-size: 100000000 # max-http-form-post-size: 10MB for new version

我还找到了standalone.xml 文件的属性,但我不知道如何将它包含在 yml 文件中

<http-listener name="default" socket-binding="http" max-parameters="5000"/>

谢谢

【问题讨论】:

你看到的错误不是application/json请求引起的,而是application/x-www-form-urlencoded请求一千多个参数引起的。如果不是您自己生成请求,它很可能是恶意的。 【参考方案1】:

看来您使用的是 undertow 服务器,所以不要使用 server.tomcat.max-http-post-size 属性,而是尝试使用:

改为server.undertow.max-http-post-size

Here你可以找到所有可以通过spring应用程序文件配置的undertow属性的列表(只需搜索undertow)。以下是其中一些:

Name Description
server.undertow.max-cookies Maximum number of cookies that are allowed. This limit exists to prevent hash collision based DOS attacks.
server.undertow.max-headers Maximum number of headers that are allowed. This limit exists to prevent hash collision based DOS attacks.
server.undertow.max-parameters Maximum number of query or path parameters that are allowed. This limit exists to prevent hash collision based DOS attacks.

【讨论】:

以上是关于SpringBoot Openshift POST io.undertow.util.ParameterLimitException: UT000047: 参数数量超过最大值1000的主要内容,如果未能解决你的问题,请参考以下文章

在 Openshift v3 中获取与 Spring Boot 应用程序的 mysql 连接

使用Quarkus在Openshift上构建微服务的快速指南

OpenShift实战:OpenShift持久化存储Redis

OpenShift实战:OpenShift容器监控Metrics

OpenShift实战:OpenShift日志监控EFK

最新Openshift搭建