Problem with Tomcat/Tomee

HI,
I am trying to troubleshoot a problem with a website running under Tomcat that is used by a few hundred users.

All but one user is using the site without issue, but the problem user is getting an error message whenever they try to access the site.

"Request Entity Too Large, The HTTP Method does not allow the data transmitted, or the data volume exceeds the capacity limit"


I can access the website while logged on to the users computer with no problems, and the user gets the same error while logged on to other pc's using both Internet Explorer or Google Chrome.

the following errors appear in the jk_iis.log

[Fri Oct 31 12:48:26.703 2014] [1492:2260] ajp_marshal_into_msgb::jk_ajp_common.c (450): failed appending the header value for header 'Authorization' of length 13
[Fri Oct 31 12:48:26.703 2014] [1492:2260] HttpExtensionProc::jk_isapi_plugin.c (2328): service() failed with http error 413


some googling led me to try adding the following to workers.properties

worker.caworker.max_packet_size=65536

this was not successful

any insights into this problem would be appreciated.

regards,
Michael
slaterm1961Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mrcoffee365Commented:
We use IIS with Tomcat without problems.  It's not a terribly common configuration, though.

You've tested to see that it's this user, and that it happens on other browsers and other computers.  My guess is that there's something wonky for this user in the Authorization header -- as the message says, so that's no surprise.

One thing that can help debug this sort of thing is a network monitor.  Windows has one, or you can install one like Ethereal (Wireshark):
http://en.wikipedia.org/wiki/Wireshark

Which version of isapi are you running?  You can try getting the latest (which is not terribly recent, but it's good to check which one you're running).  You can see that the error message is probably not packet size (although you tried changing that -- no harm, I think) because the size of 13 in the Authorization header is the error message you're getting, not packet size.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
slaterm1961Author Commented:
It turns out that the user was a member of a great many security groups.. Half of which she didnt need to be in any longer. By pruning the uses group memberships to a more managable number i was able to solve the users problem.
0
mrcoffee365Commented:
Great -- thanks for posting back what you found and congrats on finding a workaround.

It sounds like a windows/isapi thing, then -- isapi having problems with a large header.  Which of course it shouldn't.  This might be related to the fact that the current isapi for tomcat is a few years old.  One would hope that if you used Apache as a front end, you wouldn't have this problem.  However, authorization headers just don't get enough testing anywhere, as you've found.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java App Servers

From novice to tech pro — start learning today.