THALES GROUP LIMITED DISTRIBUTION to email recipients
Hello everyone,
I sent an HTTP GET request towards an application (MP JWT) with a big
Authorization header almost 8K hosted in TomEE Plus 9.1.3.
At TomEE level I saw this:”The server cannot or will not process the request
due to something that is perceived to be a client error (e.g., malformed
request syntax, invalid request message framing, or deceptive request
routing).</p><p><b>Exception</b></p><pre>java.lang.IllegalArgumentException:
Request header is too large”
So I have seen that, by default, the maxHttpHeaderSize HTTP Connector property
is set to 4096.
So I change this value to 16384 like below in the server.xml:
<Connector port="8080" protocol="HTTP/1.1"
maxHttpHeaderSize="16384"
connectionTimeout="20000"
redirectPort="8443" maxParameterCount="1000" xpoweredBy="false"
server="Apache TomEE" />
Then I sent again the same HTTP request with the same big Authorization HTTP
header. This time, I got nothing on TomEE side, but at client side, using curl
to send the GET HTTP request, I got:
* Mark bundle as not supporting multiuse
< HTTP/1.1 403
< Date: Sun, 09 Jun 2024 11:50:20 GMT
< Content-Length: 0
< Server: Apache TomEE
<
* Connection #0 to host localhost left intact
Any idea on what’s going wrong ?
Any idea on how can we troubleshoot this issue ? 403 returned but we don’t know
why ☹
Could it be a problem when parsing the big JWT ? How can we know at which step
the request is rejected ?
Best Regards.
