Salut,
Witold Szczerba wrote:
> 2008/5/27, Jeanfrancois Arcand <Jeanfrancois.Arcand_at_sun.com>:
>> Yes, since we are buffering the response (to avoid network operations),
>> until the buffer get full the writer will not throw any exception. I'm not
>> sure this is a bug in Grizzly....I need to look at the spec and see if the
>
> Well, I was monitoring JVM using jconsole and the memory usage was
> still. In addition to it, in the example there is explicit flush()
> operation called on that stream every x*20 characters.
>
>
>> Servlet spec mandate the write operation to thrown an IOException when the
>> client close the connection. I suspect it doesn't require it, but let me
>> double check.
>
> Even if spec. does not say anything, it seems clear to make something
> about it. Imagine servlet returning... lets say 100MB in single
> request. What if client's browser ask for it, then someone will press
> 'refresh' few times, then he or she decides to go away and shut the
> browser down? Client's go away leaving miserable server generating few
> hundred megabytes of (repeating) data just to throw it all away...
Agree this is a denial of service attack. Like Alexey as pointed out,
Grizzly is throwing an exception when trying to write to a closed
connection. If the JDK is not telling us that the connection has been
closed, it is quite difficult to handle :-) I will take a look using
Paul's example.
Thanks
-- Jeanfrancois
>
> Regards,
> Witold Szczerba
>
>
>> [1] https://jersey.dev.java.net/issues/show_bug.cgi?id=71