Add implementation to treat message size limit exceed as an error

[senthuran16]

Purpose

$Subject. Resolves wso2/api-manager#4473

With this change, when the following is turned on:

[passthru_http]
"message.size.validation.enabled" = "true"
"valid.max.message.size.in.bytes" = "100"

and when the message payload exceeds the specified size, the response will have a HTTP Status code of 502, with the status line Response Entity Too Large.

Further the drop.message.when.size.limit.exceeded has been introduced as follows. If this property is set to true, the payload in the response body will be dropped (no entity body).

[passthru_http]
"message.size.validation.enabled" = "true"
"valid.max.message.size.in.bytes" = "100"
"drop.message.when.size.limit.exceeded" = "true" # New Property. Defaults to false

Examples with "message.size.validation.enabled" = "true"

Dropped Payload ("drop.message.when.size.limit.exceeded" = "true")

curl --location 'https://localhost:8243/mock/1.0.0/todos' -k -v \
--header 'Authorization: Bearer ey***A'
...
* using HTTP/1.x
> GET /mock/1.0.0/todos HTTP/1.1
> Host: localhost:8243
> User-Agent: curl/8.7.1
> Accept: */*
> Authorization: Bearer ey***A
>
* Request completely sent off
< HTTP/1.1 502 Response Entity Too Large
< activityid: 2a129267-4a0a-407d-9308-f7a3d5c05976
< Access-Control-Expose-Headers:
< Alt-Svc: h3=":443"; ma=2592000
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET
< Vary: Accept-Encoding
< Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction,apikey,Internal-Key,Authorization
< X-Beeceptor-Rule-Id: defaultget
< Content-Type: application/json
< Date: Fri, 21 Nov 2025 14:18:55 GMT
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact

Partial Payload Delivered ("drop.message.when.size.limit.exceeded" = "false")

curl --location 'https://localhost:8243/mock/1.0.0/todos' -k -v \
--header 'Authorization: Bearer ey***A'
...
> GET /mock/1.0.0/todos HTTP/1.1
> Host: localhost:8243
> User-Agent: curl/8.7.1
> Accept: */*
> Authorization: Bearer ey***A
>
* Request completely sent off
< HTTP/1.1 502 Response Entity Too Large
< activityid: 353bebfa-33c7-42d4-bd5f-358006723d4b
< Access-Control-Expose-Headers:
< Alt-Svc: h3=":443"; ma=2592000
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET
< Vary: Accept-Encoding
< Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction,apikey,Internal-Key,Authorization
< X-Beeceptor-Rule-Id: defaultget
< Content-Type: application/json
< Date: Fri, 21 Nov 2025 14:10:22 GMT
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
{"Message":"mlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreessssssssssssssdhhjjmlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreessssssssssssssdhhjjmlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreessssssssssssssdhhjjmlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreessssssssssssssdhhjjmlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreessssssssssssssdhhjjmlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreessssssssssssssdhhjjmlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreemlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxobgvfjsrfpqzoxdaaaqqwlxaebdreessssssssssssssdhhjjmlxjigprlkwgpavyxmwqsqpzoqfcusdywicatdbkpxgaweyamitqoxzxwnpnjendvoulvcwwybqxrtsxob

Summary by CodeRabbit

• New Features

  • Enforced HTTP response message size validation against configured limits.
  • Option to automatically drop oversized messages instead of forwarding them.
  • Oversized responses now return 502 Bad Gateway with "Response Entity Too Large".

• Bug Fixes

  • Prevents oversized-message indicators from affecting subsequent keep-alive connections, avoiding unintended drops.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds message-size-limit signalling and enforcement across the passthru transport: two new constants; TargetHandler detects oversized responses via Content-Length and marks source contexts; SourceHandler and PassThroughHttpSender inspect those marks to modify status and suppress bodies; SourceResponse gains a status-line setter; flags are cleared after use.

Changes

Cohort / File(s)	Summary
Constants modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughConstants.java	Added two public string constants: MESSAGE_SIZE_LIMIT_EXCEEDED and DROP_MESSAGE_DUE_TO_SIZE_LIMIT_EXCEEDED.
Backend response validation & flags modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/TargetHandler.java	Added DROP_MESSAGE_WHEN_SIZE_LIMIT_EXCEEDED constant and dropMessageWhenSizeLimitExceeded flag; in responseReceived compare Content-Length to configured max, set MESSAGE_SIZE_LIMIT_EXCEEDED on the source connection context (and optionally DROP_MESSAGE_DUE_TO_SIZE_LIMIT_EXCEEDED); propagate flags on error paths.
Response readiness handling modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/SourceHandler.java	In responseReady, when validation is enabled and MESSAGE_SIZE_LIMIT_EXCEEDED is present, set response status to 502 and status line to "Response Entity Too Large", then remove the attribute to avoid affecting subsequent keep-alive responses.
Response metadata API modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/SourceResponse.java	Added public setter setStatusLine(String statusLine) to update the response status line.
Response body suppression modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughHttpSender.java	In submitResponse, when DROP_MESSAGE_DUE_TO_SIZE_LIMIT_EXCEEDED is present on the connection context, set NO_ENTITY_BODY on the message context and remove the drop attribute so subsequent connections are unaffected.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Backend
    participant TargetHandler
    participant SourceConn as "Source Connection\nContext"
    participant SourceHandler
    participant SourceResponse
    participant PassThroughHttpSender
    participant Client

    Backend->>TargetHandler: responseReceived (with Content-Length)
    activate TargetHandler
    alt Content-Length > configured limit && validation enabled
        TargetHandler->>SourceConn: set MESSAGE_SIZE_LIMIT_EXCEEDED
        opt drop configured
            TargetHandler->>SourceConn: set DROP_MESSAGE_DUE_TO_SIZE_LIMIT_EXCEEDED
        end
    end
    deactivate TargetHandler

    SourceHandler->>SourceHandler: responseReady()
    activate SourceHandler
    alt SOURCE context has MESSAGE_SIZE_LIMIT_EXCEEDED
        SourceHandler->>SourceResponse: setStatusLine("Response Entity Too Large")
        SourceHandler->>SourceHandler: set status 502
        SourceHandler->>SourceConn: remove MESSAGE_SIZE_LIMIT_EXCEEDED
    end
    deactivate SourceHandler

    SourceHandler->>PassThroughHttpSender: submitResponse(SourceResponse)
    activate PassThroughHttpSender
    alt SOURCE context has DROP_MESSAGE_DUE_TO_SIZE_LIMIT_EXCEEDED
        PassThroughHttpSender->>PassThroughHttpSender: set NO_ENTITY_BODY = true
        PassThroughHttpSender->>SourceConn: remove DROP_MESSAGE_DUE_TO_SIZE_LIMIT_EXCEEDED
    end
    PassThroughHttpSender->>Client: send response (status, possibly no body)
    deactivate PassThroughHttpSender

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Pay attention to:
  • Choice and consistency of status code (502 used versus 413 from linked issue).
  • Correct propagation and cleanup of context attributes across async connection lifecycles.
  • Robustness of Content-Length parsing and handling of absent/malformed headers.
  • Initialization and defaulting of the drop-on-exceed flag in TargetHandler.

Poem

🐰
I hop along the streaming line,
I peek the length and draw a sign,
"Too large!" I mark it — headers change their tune,
The body stays home; the status hums a rune.
A tiny thump, and onward I prune.

Pre-merge checks and finishing touches

❌ Failed checks (3 warnings)

Check name	Status	Explanation	Resolution
Linked Issues check	⚠️ Warning	The PR implements size-limit validation but uses HTTP 502 instead of the proposed 413 status code from issue #4473. The PR also returns 'Response Entity Too Large' rather than 'Payload Too Large', and introduces drop.message.when.size.limit.exceeded behavior not mentioned in the issue requirements.	Verify whether the 502 status and 'Response Entity Too Large' message align with stakeholder requirements, or update the implementation to use 413 'Payload Too Large' as specified in issue #4473.
Out of Scope Changes check	⚠️ Warning	The PR introduces drop.message.when.size.limit.exceeded property and corresponding implementation logic that was not part of the linked issue requirements. The issue only specifies Content-Length checking for 413 responses, not message-dropping capabilities.	Clarify whether drop.message.when.size.limit.exceeded is in scope for issue #4473, or document it as an additional feature beyond the original issue's acceptance criteria.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Add implementation to treat message size limit exceed as an error' accurately describes the main change—implementing error handling (502 Bad Gateway) for oversized responses when message size validation is enabled.
Description check	✅ Passed	The PR description includes Purpose with a link to the related issue, Goals with clear configuration examples, and detailed behavior examples with curl output. However, several sections from the template are missing or incomplete: Approach, User stories, Release note, Documentation, Training, Certification, Marketing, Automation tests details, Security checks, Samples, Related PRs, Migrations, Test environment, and Learning.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a4b2617 and 27d9ef3.

📒 Files selected for processing (1)

• modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/TargetHandler.java (4 hunks)

🔇 Additional comments (4)

modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/TargetHandler.java (4)

28-28: LGTM - necessary import for new functionality.

The import is required for accessing the Header object used in the size validation logic.

---

93-98: LGTM - field and constant declarations are appropriate.

The new field and constant properly support the configurable behavior for dropping message bodies when size limits are exceeded.

---

131-133: LGTM - property initialization follows established patterns.

The initialization properly reads the configuration with a safe default value of false.

---

391-418: Previous concerns addressed; please clarify intended HTTP status code.

The implementation now properly handles both error conditions from the previous review:

1. ✅ NumberFormatException handling (lines 395, 412-416): Invalid Content-Length values are now caught and logged with an appropriate warning, preventing disruption to the response pipeline.

2. ✅ NPE prevention (line 402): The null check on sourceConn prevents crashes when the source connection is unavailable.

However, there remains an unresolved discrepancy regarding the HTTP status code:

• The current implementation returns 502 Bad Gateway with "Response Entity Too Large" (as referenced in SourceHandler.responseReady mentioned in past review).
• The linked issue #4473 acceptance criteria specify 413 Payload Too Large should be returned when Content-Length > limit.

Please confirm: Is the intended status code for oversized responses 502 or 413? The choice impacts client behavior—502 suggests a gateway/proxy error (potentially retriable), while 413 explicitly signals that the payload is too large (typically not retriable without reducing payload size).

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9a8400a and 5555909.

📒 Files selected for processing (5)

• modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughConstants.java (1 hunks)
• modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughHttpSender.java (1 hunks)
• modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/SourceHandler.java (1 hunks)
• modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/SourceResponse.java (1 hunks)
• modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/TargetHandler.java (4 hunks)

🧰 Additional context used

🧬 Code graph analysis (3)

modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/SourceHandler.java (1)

modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughConstants.java (1)

• PassThroughConstants (19-282)

modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughHttpSender.java (1)

modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughConstants.java (1)

• PassThroughConstants (19-282)

modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/TargetHandler.java (2)

modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughConstants.java (1)

• PassThroughConstants (19-282)

modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/TargetContext.java (1)

• TargetContext (34-258)

🔇 Additional comments (2)

modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughConstants.java (1)

279-281: New size-limit context flags look consistent

MESSAGE_SIZE_LIMIT_EXCEEDED and DROP_MESSAGE_DUE_TO_SIZE_LIMIT_EXCEEDED are named clearly and align with their usage in SourceHandler/TargetHandler/PassThroughHttpSender. No issues here.

modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/SourceResponse.java (1)

347-353: setStatusLine setter is fine

The new setStatusLine(String) cleanly exposes existing statusLine and works with the logic in start(). No functional concerns.