See https://stackoverflow.com/questions/59532671/how-to-increase-header-size-limit-tomcat-java
On Sun, Jun 9, 2024 at 2:43 PM COURTAULT Francois <francois.courta...@thalesgroup.com.invalid> wrote: > THALES GROUP LIMITED DISTRIBUTION to email recipients > > Hello, > > Please discard my last post, everything is working well: no issue. > Sorry for the inconvenience. > > Best Regards. > > -----Original Message----- > From: COURTAULT Francois <francois.courta...@thalesgroup.com.INVALID> > Sent: dimanche 9 juin 2024 14:01 > To: users@tomee.apache.org > Subject: Issue with HTTP big Authorization header > > THALES GROUP LIMITED DISTRIBUTION to email recipients > > Hello everyone, > > I sent an HTTP GET request towards an application (MP JWT) with a big > Authorization header almost 8K hosted in TomEE Plus 9.1.3. > At TomEE level I saw this:”The server cannot or will not process the > request due to something that is perceived to be a client error (e.g., > malformed request syntax, invalid request message framing, or deceptive > request > routing).</p><p><b>Exception</b></p><pre>java.lang.IllegalArgumentException: > Request header is too large” > > So I have seen that, by default, the maxHttpHeaderSize HTTP Connector > property is set to 4096. > So I change this value to 16384 like below in the server.xml: > <Connector port="8080" protocol="HTTP/1.1" > maxHttpHeaderSize="16384" > connectionTimeout="20000" > redirectPort="8443" maxParameterCount="1000" > xpoweredBy="false" server="Apache TomEE" /> > > Then I sent again the same HTTP request with the same big Authorization > HTTP header. This time, I got nothing on TomEE side, but at client side, > using curl to send the GET HTTP request, I got: > * Mark bundle as not supporting multiuse < HTTP/1.1 403 < Date: Sun, 09 > Jun 2024 11:50:20 GMT < Content-Length: 0 < Server: Apache TomEE < > * Connection #0 to host localhost left intact > > Any idea on what’s going wrong ? > Any idea on how can we troubleshoot this issue ? 403 returned but we don’t > know why ☹ Could it be a problem when parsing the big JWT ? How can we know > at which step the request is rejected ? > > Best Regards. > > >
