Solved

Problem with Tomcat/Tomee

Posted on 2014-10-30
3
491 Views
Last Modified: 2014-12-01
HI,
I am trying to troubleshoot a problem with a website running under Tomcat that is used by a few hundred users.

All but one user is using the site without issue, but the problem user is getting an error message whenever they try to access the site.

"Request Entity Too Large, The HTTP Method does not allow the data transmitted, or the data volume exceeds the capacity limit"


I can access the website while logged on to the users computer with no problems, and the user gets the same error while logged on to other pc's using both Internet Explorer or Google Chrome.

the following errors appear in the jk_iis.log

[Fri Oct 31 12:48:26.703 2014] [1492:2260] ajp_marshal_into_msgb::jk_ajp_common.c (450): failed appending the header value for header 'Authorization' of length 13
[Fri Oct 31 12:48:26.703 2014] [1492:2260] HttpExtensionProc::jk_isapi_plugin.c (2328): service() failed with http error 413


some googling led me to try adding the following to workers.properties

worker.caworker.max_packet_size=65536

this was not successful

any insights into this problem would be appreciated.

regards,
Michael
0
Comment
Question by:slaterm1961
  • 2
3 Comments
 
LVL 27

Accepted Solution

by:
mrcoffee365 earned 500 total points
ID: 40429283
We use IIS with Tomcat without problems.  It's not a terribly common configuration, though.

You've tested to see that it's this user, and that it happens on other browsers and other computers.  My guess is that there's something wonky for this user in the Authorization header -- as the message says, so that's no surprise.

One thing that can help debug this sort of thing is a network monitor.  Windows has one, or you can install one like Ethereal (Wireshark):
http://en.wikipedia.org/wiki/Wireshark

Which version of isapi are you running?  You can try getting the latest (which is not terribly recent, but it's good to check which one you're running).  You can see that the error message is probably not packet size (although you tried changing that -- no harm, I think) because the size of 13 in the Authorization header is the error message you're getting, not packet size.
0
 

Author Comment

by:slaterm1961
ID: 40434123
It turns out that the user was a member of a great many security groups.. Half of which she didnt need to be in any longer. By pruning the uses group memberships to a more managable number i was able to solve the users problem.
0
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 40474061
Great -- thanks for posting back what you found and congrats on finding a workaround.

It sounds like a windows/isapi thing, then -- isapi having problems with a large header.  Which of course it shouldn't.  This might be related to the fact that the current isapi for tomcat is a few years old.  One would hope that if you used Apache as a front end, you wouldn't have this problem.  However, authorization headers just don't get enough testing anywhere, as you've found.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about some of the basic and important steps to be used to improve the performance in web-sphere commerce application development. 1) Always leverage the Dyna-caching facility provided by the product 2) Remove the unwanted code …
There are numerous questions about how to setup an IBM HTTP Server to be administered from WebSphere Application Server administrative console. I do hope this article will wrap things up and become a reference for this task. You need three things…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question