Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Limiting page size [DATAREST-195] #523

Closed
spring-projects-issues opened this issue Nov 22, 2013 · 5 comments
Closed

Limiting page size [DATAREST-195] #523

spring-projects-issues opened this issue Nov 22, 2013 · 5 comments
Assignees
Labels
type: bug

Comments

@spring-projects-issues
Copy link

@spring-projects-issues spring-projects-issues commented Nov 22, 2013

Sri opened DATAREST-195 and commented

Currently SDR allows to set the page "size" parameter without limiting it. From an unscrupulous user making requests with large "size" parameter could bring down the app. It would be nice to limit "size" parameter at global level as well as individual resource level


Issue Links:

  • DATACMNS-408 Guard against invalid values when resolving pagination and sorting parameters from web requests

  • DATACMNS-335 PageableHandlerMethodArgumentResolver should allow configuring maximum page size

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Nov 24, 2013

Oliver Drotbohm commented

By default the maximum page size is set to 2000 (through the default setting in PageableHandlerMethodArgumentResolver. To customize this, override the pageableResolver() method in RepositoryRestMvcConfiguration and configure setMaxPageSize(…) according to your needs

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Dec 2, 2013

Sri commented

Thank you. Suggested solution works well by silently ignoring the page size setting of the request if the number is more than the max size we set on the resolver. Would it be appropriate to throw some error message rather than silently ignoring the page size?

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Dec 5, 2013

Oliver Drotbohm commented

Does it really make sense to throw an exception over gracefully falling back to something reasonable? We can of course add a flag to rather trigger the former behavior but I think people prefer the server to do "the right thing" than to force the client to resubmit the request.

Assume you write a client submitting an unreasonable large page size. You now receive an error, saying: "May allowed page size is X". What do you usually do? Re-trigger the request with exactly that size. That's why we currently fall back to the configured max page size

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Dec 5, 2013

Sri commented

For my use-case your solution works. I leave rest to community

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Jan 24, 2014

Oliver Drotbohm commented

Will be fixed transitively by the fixes in the linked tickets

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type: bug
Projects
None yet
Development

No branches or pull requests

2 participants