Re: Tomcat Large Payload Truncated
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bhavesh, On 6/29/20 22:12, Bhavesh Mistry wrote: > Hi Mark, > > Thank you for responding. I have one more question. This is > spring-boot 2 application REST API server and it does not accept > Cookie or session (timeout is set to zero).Auth happens through > Authorized header. We have set 10mb for maxPostSize. Does > maxSavePostSize takes precedence over maxPostSize ? I will set > maxSavePostSize to -1 to disable it. Sounds like what you really want to use is: Expect: 100-continue And then only send the 10MiB payload if you get a "100 Continue" respons e. > Also, I have another question. When Payload is as large as 10mb > (json post), does payload body in JVM MEMORY or offloaded to > FileInputStream ? That depends upon how you are doing authentication. When you say authentication is done "through an authorized header", are you saying that Tomcat is performing the authentication or not? Is Tomcat saving the request and asking the client to authenticate) as it does with e.g. FORM login? Or does your application reject the request with a response header and the client has to re-try with the authenticated header AND the large JSON request again? - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl796fcACgkQHPApP6U8 pFjjJw/6AwoXu4eTXa86JvHn8qP1m9fls+AMjQBM3VePfEKxa0LibjiPGxwjsy7/ SstRvv+8rJ5Tan6IdGgSFr+BsHXDgWa/4Q+PirpjIjcO7xOMlvsHC0xaA8sNSKhD DbK0sCrrKuvixX3AwUCXz0wuTHrZBFmznvVkM0rh+/XXJxq5n5yd18J36KqIaR7d a1eef8cbPkPo+ds9ci3VYsy50TtEmI6tGdjQMMko1QxnXcUHzz/pTjDN5qttE4g1 +K9CI4zG8qYVuMEvoW+679knq9UUWLeeBO71T7TQea2WJkoyMw9UY2ksH7SIstlY +GhXs8/fWQ+YdZ+eYxnkuNXOOes8L/UvC0+Ea13Y8u1eiD7INXsGhc1gTrZ+ct16 i4jGM1GYhHMxFDsXcs5uhL1/7ew+EgTR3dBuNsrYKASN/5DTpIlcIa+xpqb2uoyL Irf9jGkRbNYneI52Woopf1SGAT+hCqGt7yiN7grVdyo3pUA82xqcuM/SwLilyEru LkkS6nQz1l2YUQi2U1OYwYdt3NxlD94FmGmhzEBPaw2hYvXwrPMBYTY3iuEueOqZ 2L3DE/K/f8CX+0ogJZKMU+KbZ2itW7DL1183AwiZx9Y19i1nr6pjyb7ius+f0zkr ML9x7mYrRLyL12kkwbLdOgx/xmsflOC1WQCElJ/sib7dS6V/skg= =ty2B -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Large Payload Truncated
On 30/06/2020 03:12, Bhavesh Mistry wrote: > Hi Mark, > > Thank you for responding. I have one more question. This is spring-boot 2 > application REST API server and it does not accept Cookie or session > (timeout is set to zero).Auth happens through Authorized header. We > have set 10mb for maxPostSize. Does maxSavePostSize takes precedence over > maxPostSize ? No. They are different settings. > I will set maxSavePostSize to -1 to disable it. That is a DoS risk. > Also, I have another question. When Payload is as large as 10mb (json > post), does payload body in JVM MEMORY or offloaded to FileInputStream ? Where POST data is saved for authentication is, it is always in memory. For other POSTs, it will depend on the application configuration and/or code. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Large Payload Truncated
Hi Mark, Thank you for responding. I have one more question. This is spring-boot 2 application REST API server and it does not accept Cookie or session (timeout is set to zero).Auth happens through Authorized header. We have set 10mb for maxPostSize. Does maxSavePostSize takes precedence over maxPostSize ? I will set maxSavePostSize to -1 to disable it. Also, I have another question. When Payload is as large as 10mb (json post), does payload body in JVM MEMORY or offloaded to FileInputStream ? Thanks, a lot for your help! Thanks, Bhavesh
Re: Tomcat Large Payload Truncated
On 28/06/2020 20:14, Bhavesh Mistry wrote: > Hi All, > > > I am running embedded *tomcat*-embed-core-9.0.36.jar and large payload > *179292* and HTTPS 1.1 traffic. When I use curl command with > transfer encoding or without, both request JSON payload is truncated, and > the application can not parse it. The smaller payload works fine. > > > Both small payload and large payload I see the following exception when I > run tomcat in debug mode. Can this Exception truncate payload silently? I > have been struggling to find you why this is behavior. I would > appreciate any help you can provide. Thanks, a lot in advance. > > > Thanks, > Bhavesh Given: >> Content-Length: *179292* and > *javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated* and that small PUTs work, I suspect you need to increase maxSavePostSize on the HTTPS connector. http://tomcat.apache.org/tomcat-9.0-doc/config/http.html Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org