You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Kerckhof, Steven" <St...@allscripts.com> on 2018/03/20 18:02:45 UTC
Receive HTTP 413 Request Entity Too Large on Tomcat 8.5.24
I am receiving the following exception message in the Tomcat log when attempting to do a multi-part upload:
20 Mar 2018 10:21:13 [https-openssl-nio2-443-exec-9] DEBUG org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor - Found operation: submitBatch
20 Mar 2018 10:21:13 [https-openssl-nio2-443-exec-9] DEBUG org.apache.cxf.attachment.AttachmentDeserializer - The attachment header size has exceeded the configured parameter: 300
20 Mar 2018 10:21:14 [https-openssl-nio2-443-exec-9] WARN org.apache.cxf.jaxrs.impl.WebApplicationExceptionMapper - javax.ws.rs.WebApplicationException: HTTP 413 Request Entity Too Large
at org.apache.cxf.jaxrs.ext.MessageContextImpl.get(MessageContextImpl.java:84)
I have found numerous posts that address this issue for Tomcat 8.5 and I have tried a number of them, but none worked. I added maxHttpHeaderSize="122880000" to my SSL Connector config in server.xml but this made no difference.
Here is my SSL Connector config:
<Connector
port="443"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
scheme="https"
secure="true"
SSLEnabled="true"
maxThreads="150"
server=" "
allowTrace="false">
<SSLHostConfig
honorCipherOrder="true"
certificateVerification="false"
sslProtocol="TLSv1.2"
protocols="TLSv1.1+TLSv1.2"
ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA">
<Certificate
certificateKeystoreFile="..\ssl\keystore"
certificateKeystorePassword="aBlueSkyMeans0%RainToday" />
</SSLHostConfig>
</Connector>
So I went back to https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#SSL_and_Tomcat and took a closer look and noticed a couple of things:
1 - My Connector tag config is missing the "sslImplementationName" attribute.
2 - The default ProtocolHandler implementation created by Tomcat from my Connector definition is ["https-openssl-nio2-443"] which is a configuration not mentioned in the doc.
It seems the only supported ProtocolHandler implementations are:
["https-jsse-nio-443"]
["https-jsse-nio2-443"]
["https-openssl-nio-443"]
When I added the " sslImplementationName" attribute as documented to support one of the above three supported protocols, everything worked fine.
My question is this:
Can someone tell me for certain whether or not my original Connector configuration (which resulted in the Tomcat creating a default ["https-openssl-nio2-443"] PotocolHandler) *should* work?
If this *is* a supported configuration, I would prefer to use it over the other three.
Thanks.
Steven Kerckhof
Senior Software Engineer
OneContent Software Development
O: +1.678.722.3738 M: +1.770.880.1037
Steven.Kerckhof@allscripts.com<ma...@allscripts.com> | @allscripts<https://twitter.com/Allscripts>
Allscripts: Building open, connected communities of health
__________________________________________________
RE: Receive HTTP 413 Request Entity Too Large on Tomcat 8.5.24
Posted by "Kerckhof, Steven" <St...@allscripts.com>.
Many thanks Mark.
Steven Kerckhof
Senior Software Engineer
OneContent Software Development
O: +1.678.722.3738 M: +1.770.880.1037
Steven.Kerckhof@allscripts.com | @allscripts
Allscripts: Building open, connected communities of health
__________________________________________________
-----Original Message-----
From: Mark Thomas <ma...@apache.org>
Sent: Tuesday, March 20, 2018 3:19 PM
To: users@tomcat.apache.org
Subject: Re: Receive HTTP 413 Request Entity Too Large on Tomcat 8.5.24
On 20/03/18 18:02, Kerckhof, Steven wrote:
> I am receiving the following exception message in the Tomcat log when attempting to do a multi-part upload:
> 20 Mar 2018 10:21:13 [https-openssl-nio2-443-exec-9] DEBUG
> org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor - Found operation:
> submitBatch
> 20 Mar 2018 10:21:13 [https-openssl-nio2-443-exec-9] DEBUG
> org.apache.cxf.attachment.AttachmentDeserializer - The attachment
> header size has exceeded the configured parameter: 300
> 20 Mar 2018 10:21:14 [https-openssl-nio2-443-exec-9] WARN org.apache.cxf.jaxrs.impl.WebApplicationExceptionMapper - javax.ws.rs.WebApplicationException: HTTP 413 Request Entity Too Large
> at
> org.apache.cxf.jaxrs.ext.MessageContextImpl.get(MessageContextImpl.jav
> a:84)
Look at where the exception is coming from. That is nothing to do with Tomcat. You need to look at your CXF configuration.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Receive HTTP 413 Request Entity Too Large on Tomcat 8.5.24
Posted by Mark Thomas <ma...@apache.org>.
On 20/03/18 18:02, Kerckhof, Steven wrote:
> I am receiving the following exception message in the Tomcat log when attempting to do a multi-part upload:
> 20 Mar 2018 10:21:13 [https-openssl-nio2-443-exec-9] DEBUG org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor - Found operation: submitBatch
> 20 Mar 2018 10:21:13 [https-openssl-nio2-443-exec-9] DEBUG org.apache.cxf.attachment.AttachmentDeserializer - The attachment header size has exceeded the configured parameter: 300
> 20 Mar 2018 10:21:14 [https-openssl-nio2-443-exec-9] WARN org.apache.cxf.jaxrs.impl.WebApplicationExceptionMapper - javax.ws.rs.WebApplicationException: HTTP 413 Request Entity Too Large
> at org.apache.cxf.jaxrs.ext.MessageContextImpl.get(MessageContextImpl.java:84)
Look at where the exception is coming from. That is nothing to do with
Tomcat. You need to look at your CXF configuration.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [OT] Receive HTTP 413 Request Entity Too Large on Tomcat 8.5.24
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Steven,
On 3/20/18 2:02 PM, Kerckhof, Steven wrote:
> I am receiving the following exception message in the Tomcat log
> when attempting to do a multi-part upload: 20 Mar 2018 10:21:13
> [https-openssl-nio2-443-exec-9] DEBUG
> org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor - Found
> operation: submitBatch 20 Mar 2018 10:21:13
> [https-openssl-nio2-443-exec-9] DEBUG
> org.apache.cxf.attachment.AttachmentDeserializer - The attachment
> header size has exceeded the configured parameter: 300 20 Mar 2018
> 10:21:14 [https-openssl-nio2-443-exec-9] WARN
> org.apache.cxf.jaxrs.impl.WebApplicationExceptionMapper -
> javax.ws.rs.WebApplicationException: HTTP 413 Request Entity Too
> Large at
> org.apache.cxf.jaxrs.ext.MessageContextImpl.get(MessageContextImpl.jav
a:84)
>
> I have found numerous posts that address this issue for Tomcat 8.5
> and I have tried a number of them, but none worked. I added
> maxHttpHeaderSize="122880000" to my SSL Connector config in
> server.xml but this made no difference.
>
> Here is my SSL Connector config: <Connector port="443"
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
> scheme="https" secure="true" SSLEnabled="true" maxThreads="150"
> server=" " allowTrace="false"> <SSLHostConfig
> honorCipherOrder="true" certificateVerification="false"
> sslProtocol="TLSv1.2" protocols="TLSv1.1+TLSv1.2"
> ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
...
You might get better mileage out of the OpenSSL-style cipher suite
configuration, instead of listing each and every cipher suite you'd
like to support. Looks like
ciphers="ECDHE:ECDH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA" would
work, here, although it might re-order your ciphers a little bit.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqyZTgACgkQHPApP6U8
pFgCWRAAkOxj19+kyixkJT801WAqymTEvyV3+Pi8wUq9k0eW2emLcHwJXKa7LH3R
V0bXsLOO21dYGcOl4q+PVKsSei905Hhj6DTz9LvETibvoWUslZS8dzCWLWDEdNAZ
9u4iXMSaBrrm7DMmSpdkstdqeoYp7HmCbjJvx6ZPD9J+FQNOqTu+Q4b1GgOZDJB/
5TBND7iAphmc9+/PmlzDEmJ1RSP9+BgEPsyfTr9qL8sVz1T/pODv+atTOdviY9p4
em30PVKRa4k+xm6117iwhSIG/a5jAskGuPW4hr2KUWfjSt8jCsYiIoQ4uvK/2a5K
2nIBs6o6tkkRrgbM/FbQxX3rfn4k3Xo0hzBd/XbZ0pdqvE23Tt9aw0kDu+BRdCDY
qOwtmCT2jGW2Mgu19qfj0pudMI3NR/dGSsQsRrT/Y1at7AVHGBH5hTehzBy9hHqC
QkejxVAQ/fXsCyfUGDUn/WKdmKO6kUOPEIrzpUfv5B7veRV0rca9dkRL5yA1wgbH
1CLEUA3wy5Z432+5iUffivhajlInkDz2ou9ACk5XqtIKorD9EFyGfIow+4Ptgpr+
PqDxErVpa0AlU2Aqnyjnrj9muoKasLlLvFhAImfzDZcBUecQXmCN/rQxmVizs8C5
fk8yJaj1DQrZMizFo9jopvtYLv24lZ7HkIAxrCuME3Jjw7Vf5w0=
=rXDf
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org