jetty.xml set maxFormContentSize not effect

[boommanpro]

Jetty version(s)

jetty-9.4.20.v20190813

https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.20.v20190813

Java version/vendor

java version "1.8.0_191"
Java(TM) SE Runtime Environment (build 1.8.0_191-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.191-b12, mixed mode)

OS type/version
windows 10

Description

in documentation/jetty-documentation/src/main/asciidoc/old_docs/security/configuring-form-size.adoc description:

==== Configuring Form Limits for the Server

If a context does not have specific form limits configured, then the server attributes are inspected to see if a server wide limit has been set on the size or keys.
The following XML shows how these attributes can be set in `jetty.xml`:

[source, xml, subs="{sub-order}"]
----
<configure class="org.eclipse.jetty.server.Server">

  ...

  <Call name="setAttribute">
    <Arg>org.eclipse.jetty.server.Request.maxFormContentSize</Arg>
    <Arg>100000</Arg>
   </Call>
  <Call name="setAttribute">
    <Arg>org.eclipse.jetty.server.Request.maxFormKeys</Arg>
    <Arg>2000</Arg>
   </Call>
</configure>

----

How to reproduce?

java -jar jetty-runner.jar --config jetty.xml --config jetty-https.xml simple.war

jetty.xml

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://www.eclipse.org/jetty/configure_9_3.dtd">
<configure class="org.eclipse.jetty.server.Server">
  <Call name="setAttribute">
    <Arg>org.eclipse.jetty.server.Request.maxFormContentSize</Arg>
    <Arg>100000</Arg>
   </Call>
  <Call name="setAttribute">
    <Arg>org.eclipse.jetty.server.Request.maxFormKeys</Arg>
    <Arg>2000</Arg>
   </Call>
</configure>

the jetty.xml setAttribute no effect, I found issue

#4311
#4373

in org.eclipse.jetty.server.handler.ContextHandler
and commit id 8418f56

i found this class file org.eclipse.jetty.server.handler.ContextHandler#doStart method remove

 if (_maxFormKeys == NOT_INITIALIZED)
            _maxFormKeys = lookup("org.eclipse.jetty.server.Request.maxFormKeys", DEFAULT_MAX_FORM_KEYS);

        if (_maxFormContentSize == NOT_INITIALIZED)
            _maxFormContentSize = lookup("org.eclipse.jetty.server.Request.maxFormContentSize", DEFAULT_MAX_FORM_CONTENT_SIZE);

so the jetty.xml Call setAttribute no effect, I think the doc should be that

 <Call class="java.lang.System"name="setProperty">

<Arg>org.eclipse.jetty.server.Request.maxFormContentSize</Arg>

<Arg> 50000 </Arg>

</Call>

If the above configuration is deemed correct, I will mention one pr

[joakime]

You are using an old version of Jetty (version 9.4.20), upgrade (to at least 9.4.46) and try again.
I don't think 9.4.20 supported what you are attempting to do.

Note: Jetty 9.x is entering End of Community support at the start of next month. (See: #7958)
You should be transitioning to Jetty 10+ soon.

[joakime]

Also, Java 1.8_191 expired back on Feb 15, 2019.
That JVM should not be used in production, for any reason.
Especially so if you are using it on the public internet.

See https://www.oracle.com/java/technologies/javase/8u191-relnotes.html

[boommanpro]

You are using an old version of Jetty (version 9.4.20), upgrade (to at least 9.4.46) and try again. I don't think 9.4.20 supported what you are attempting to do.

Note: Jetty 9.x is entering End of Community support at the start of next month. (See: #7958) You should be transitioning to Jetty 10+ soon.

I try jetty-runner-9.4.46.v20220331.jar to run project, use

    <Call name="setAttribute">
    <Arg>org.eclipse.jetty.server.Request.maxFormContentSize</Arg>
    <Arg>200</Arg>
   </Call>

no effect

but use this config effect

   <Call class="java.lang.System" name="setProperty">
     <Arg>org.eclipse.jetty.server.Request.maxFormContentSize</Arg>
     <Arg>200</Arg>
    </Call>

[boommanpro]

You are using an old version of Jetty (version 9.4.20), upgrade (to at least 9.4.46) and try again. I don't think 9.4.20 supported what you are attempting to do.

Note: Jetty 9.x is entering End of Community support at the start of next month. (See: #7958) You should be transitioning to Jetty 10+ soon.

You are using an old version of Jetty (version 9.4.20), upgrade (to at least 9.4.46) and try again. I don't think 9.4.20 supported what you are attempting to do.
Note: Jetty 9.x is entering End of Community support at the start of next month. (See: #7958) You should be transitioning to Jetty 10+ soon.

I try jetty-runner-9.4.46.v20220331.jar to run project, use

    <Call name="setAttribute">
    <Arg>org.eclipse.jetty.server.Request.maxFormContentSize</Arg>
    <Arg>200</Arg>
   </Call>

no effect

but use this config effect

   <Call class="java.lang.System" name="setProperty">
     <Arg>org.eclipse.jetty.server.Request.maxFormContentSize</Arg>
     <Arg>200</Arg>
    </Call>

so i think should to modify the doc ( documentation/jetty-documentation/src/main/asciidoc/old_docs/security/configuring-form-size.adoc ) content

  <Call class="java.lang.System" name="setProperty">
     <Arg>org.eclipse.jetty.server.Request.maxFormContentSize</Arg>
     <Arg>200</Arg>
    </Call>

[rafaljot]

@BoomManPro

Change

<configure class="org.eclipse.jetty.server.Server">
...
</configure>

for:

<Configure class="org.eclipse.jetty.server.Server">
...
</Configure>

[github-actions]

This issue has been automatically marked as stale because it has been a
full year without activity. It will be closed if no further activity occurs.
Thank you for your contributions.

[github-actions]

This issue has been closed due to it having no activity.