Is there a reason why Spring MVC doesn't apply a limit to the maximum number of bytes to buffer in memory for input stream like WebFlux?

Question

For the first time I noticed this error in my Spring WebFlux application:

org.springframework.core.io.buffer.DataBufferLimitException: Exceeded limit on max bytes to buffer : 262144

So WebFlux has a limit that it checks while deserializing client payload as described in the doc. I am curious to know why this check is not done in Spring Web MVC. Is an innovation for the most recent WebFlux or is there a technical reason for that?

Answer 1

One of the features of WebFlux is its ability to process incoming requests as a stream. This means that the input request's stream could potentially be endless, leading to a possible "out of memory" problem. That's why WebFlux's Decorers and HttpMessageReaders offer a useful feature with their maxInMemorySize properties. They can calculate the size of incoming chunks and trigger a DataBufferLimitException if the accumulated size exceeds the specified limit.

As for Spring MVC, the difference is that MVC usually relies on Servlet containers (like Tomcat, etc.) to process it. Whereas WebFlux relies on Netty and processes that part by themselves. So in MVC, you can limit input request size on the servlet container level, but in WebFlux, you need this property.

The reason for its implementation can be traced back to the original issue, which can be found at: https://github.com/spring-projects/spring-framework/issues/23884

The code is available here: https://github.com/spring-projects/spring-framework/commit/871464811cc1b18d684408f71725cead20c70796