[
https://issues.apache.org/jira/browse/HBASE-26767?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17496975#comment-17496975
]
Sergey Soldatov commented on HBASE-26767:
-----------------------------------------
[~elserj] You are absolutely right. I was observing this issue with the
Kerberos authn. The same connection was used for different logins and after a
while when the cache got overflowed the service started to return authn
failures (401/403/400)
> Rest server should not use a large Header Cache.
> ------------------------------------------------
>
> Key: HBASE-26767
> URL: https://issues.apache.org/jira/browse/HBASE-26767
> Project: HBase
> Issue Type: Bug
> Components: REST
> Affects Versions: 2.4.9
> Reporter: Sergey Soldatov
> Assignee: Sergey Soldatov
> Priority: Major
>
> In the RESTServer we set the HeaderCache size to DEFAULT_HTTP_MAX_HEADER_SIZE
> (65536). That's not compatible with jetty-9.4.x because the cache size is
> limited by Character.MAX_VALUE - 1 (65534) there. According to the Jetty
> source code comments, it's possible to have a buffer overflow in the cache
> for higher values and that might lead to wrong/incomplete values returned by
> cache and following incorrect header handling.
> There are a couple of ways to fix it:
> 1. change the value of DEFAULT_HTTP_MAX_HEADER_SIZE to 65534
> 2. make header cache size configurable and set its size separately from the
> header size.
> I believe that the second would give us more flexibility.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
