?
Solved

Problem with Tomcat/Tomee

Posted on 2014-10-30
3
Medium Priority
?
526 Views
Last Modified: 2014-12-01
HI,
I am trying to troubleshoot a problem with a website running under Tomcat that is used by a few hundred users.

All but one user is using the site without issue, but the problem user is getting an error message whenever they try to access the site.

"Request Entity Too Large, The HTTP Method does not allow the data transmitted, or the data volume exceeds the capacity limit"


I can access the website while logged on to the users computer with no problems, and the user gets the same error while logged on to other pc's using both Internet Explorer or Google Chrome.

the following errors appear in the jk_iis.log

[Fri Oct 31 12:48:26.703 2014] [1492:2260] ajp_marshal_into_msgb::jk_ajp_common.c (450): failed appending the header value for header 'Authorization' of length 13
[Fri Oct 31 12:48:26.703 2014] [1492:2260] HttpExtensionProc::jk_isapi_plugin.c (2328): service() failed with http error 413


some googling led me to try adding the following to workers.properties

worker.caworker.max_packet_size=65536

this was not successful

any insights into this problem would be appreciated.

regards,
Michael
0
Comment
Question by:slaterm1961
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 27

Accepted Solution

by:
mrcoffee365 earned 2000 total points
ID: 40429283
We use IIS with Tomcat without problems.  It's not a terribly common configuration, though.

You've tested to see that it's this user, and that it happens on other browsers and other computers.  My guess is that there's something wonky for this user in the Authorization header -- as the message says, so that's no surprise.

One thing that can help debug this sort of thing is a network monitor.  Windows has one, or you can install one like Ethereal (Wireshark):
http://en.wikipedia.org/wiki/Wireshark

Which version of isapi are you running?  You can try getting the latest (which is not terribly recent, but it's good to check which one you're running).  You can see that the error message is probably not packet size (although you tried changing that -- no harm, I think) because the size of 13 in the Authorization header is the error message you're getting, not packet size.
0
 

Author Comment

by:slaterm1961
ID: 40434123
It turns out that the user was a member of a great many security groups.. Half of which she didnt need to be in any longer. By pruning the uses group memberships to a more managable number i was able to solve the users problem.
0
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 40474061
Great -- thanks for posting back what you found and congrats on finding a workaround.

It sounds like a windows/isapi thing, then -- isapi having problems with a large header.  Which of course it shouldn't.  This might be related to the fact that the current isapi for tomcat is a few years old.  One would hope that if you used Apache as a front end, you wouldn't have this problem.  However, authorization headers just don't get enough testing anywhere, as you've found.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configure Web Service (server application) I. Configure security for Web Services methods First, we need to protect Session bean which implements the service: 1. Open EJB deployment descriptor (ejb-jar.xml) in the EJB project that contains you…
Most of the developers using Tomcat find it easy to configure the datasource in Server.xml and use the JNDI name in the code to get the connection.  So the default connection pool using DBCP (or any other framework) is made available and the life go…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question