[ https://issues.apache.org/jira/browse/HBASE-26767?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17496975#comment-17496975 ]
Sergey Soldatov commented on HBASE-26767: ----------------------------------------- [~elserj] You are absolutely right. I was observing this issue with the Kerberos authn. The same connection was used for different logins and after a while when the cache got overflowed the service started to return authn failures (401/403/400) > Rest server should not use a large Header Cache. > ------------------------------------------------ > > Key: HBASE-26767 > URL: https://issues.apache.org/jira/browse/HBASE-26767 > Project: HBase > Issue Type: Bug > Components: REST > Affects Versions: 2.4.9 > Reporter: Sergey Soldatov > Assignee: Sergey Soldatov > Priority: Major > > In the RESTServer we set the HeaderCache size to DEFAULT_HTTP_MAX_HEADER_SIZE > (65536). That's not compatible with jetty-9.4.x because the cache size is > limited by Character.MAX_VALUE - 1 (65534) there. According to the Jetty > source code comments, it's possible to have a buffer overflow in the cache > for higher values and that might lead to wrong/incomplete values returned by > cache and following incorrect header handling. > There are a couple of ways to fix it: > 1. change the value of DEFAULT_HTTP_MAX_HEADER_SIZE to 65534 > 2. make header cache size configurable and set its size separately from the > header size. > I believe that the second would give us more flexibility. -- This message was sent by Atlassian Jira (v8.20.1#820001)