[
https://issues.apache.org/jira/browse/HBASE-26767?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17496947#comment-17496947
]
Josh Elser commented on HBASE-26767:
------------------------------------
Paraphrasing (please correct me if I get this wrong), but the manifestation of
this issue is authorization failures as result of this cache "breaking".
Specifically, you observed issues where the headers were getting malformed
(specifically, the Authorization SPNEGO header).
In short, this was breaking basic authentication against the REST server.
> Rest server should not use a large Header Cache.
> ------------------------------------------------
>
> Key: HBASE-26767
> URL: https://issues.apache.org/jira/browse/HBASE-26767
> Project: HBase
> Issue Type: Bug
> Components: REST
> Affects Versions: 2.4.9
> Reporter: Sergey Soldatov
> Assignee: Sergey Soldatov
> Priority: Major
>
> In the RESTServer we set the HeaderCache size to DEFAULT_HTTP_MAX_HEADER_SIZE
> (65536). That's not compatible with jetty-9.4.x because the cache size is
> limited by Character.MAX_VALUE - 1 (65534) there. According to the Jetty
> source code comments, it's possible to have a buffer overflow in the cache
> for higher values and that might lead to wrong/incomplete values returned by
> cache and following incorrect header handling.
> There are a couple of ways to fix it:
> 1. change the value of DEFAULT_HTTP_MAX_HEADER_SIZE to 65534
> 2. make header cache size configurable and set its size separately from the
> header size.
> I believe that the second would give us more flexibility.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
