Request Entity Too Large -The HTTP method does not allow the data transmitted, or the data volume exceeds the capacity limit.

3,225 views
Skip to first unread message

mvsra...@gmail.com

unread,
Dec 15, 2012, 11:42:46 PM12/15/12
to waffle...@googlegroups.com

I am getting following error on one of the server when I try to access first URL of the application with waffle implemeneted

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Request Entity Too Large!

The HTTP method does not allow the data transmitted, or the data volume exceeds the capacity limit.

Jakarta/ISAPI/isapi_redirector/1.2.30
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
We are using IIS 6.0 +ISAPI +Jboss 7.1.1 +Waffle 1.4 ( same issue with waffle 1.5 ). The application works fine some windows 2003 servers but other servers are causing the above error.
 
On google search for problem, some people suggested to add below entry to ISAPI workers.properties file

worker.ajp13.max_packet_size=65536

With that, I am getting a blank page now and jboss log shows below

23:36:19,453 INFO  [waffle.servlet.NegotiateSecurityFilter] (ajp--127.0.0.1-8009-1) GET /xxxx/jsp/sso/login.do, contentlength: 0
23:36:19,453 INFO  [waffle.servlet.NegotiateSecurityFilter] (ajp--127.0.0.1-8009-1) authorization required

 
Following is our waffle configuration in web.xml
 

<!-- ************************ Waffle Filter **************************** -->
    <filter>
        <filter-name>WaffleFilter</filter-name>
        <filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>  
        <init-param>
        <param-name>principalFormat</param-name>
        <param-value>fqn</param-value>
        </init-param>
        <init-param>
        <param-name>roleFormat</param-name>
        <param-value>both</param-value>
        </init-param>
        <init-param>
        <param-name>allowGuestLogin</param-name>
        <param-value>true</param-value>
        </init-param>
        <init-param>
        <param-name>securityFilterProviders</param-name>
        <param-value>
        waffle.servlet.spi.NegotiateSecurityFilterProvider
        </param-value>
        </init-param>
        <init-param>
        <param-name>waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols</param-name>
        <param-value>
           Negotiate
        </param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>WaffleFilter</filter-name>
        <url-pattern>/jsp/sso/*</url-pattern>
    </filter-mapping>

Can someone please help resolve the issue?

Thanks

Rao

 

Daniel Doubrovkine

unread,
Dec 16, 2012, 9:34:47 AM12/16/12
to waffle...@googlegroups.com
Get an HTTP trace from that first request - what's in it? 

Looks like the error comes from this isapi_redirector - does it ever hit Waffle code (check logs)?

On Sat, Dec 15, 2012 at 11:42 PM, <mvsra...@gmail.com> wrote:
sapi_redirector



--

dB. | Moscow - Geneva - Seattle - New York
dblock.org - @dblockdotorg


Message has been deleted
Message has been deleted

mvsra...@gmail.com

unread,
Dec 16, 2012, 2:09:45 PM12/16/12
to waffle...@googlegroups.com
Hi Daniel,
I changed the protocol to NTLM and below are HHTP trace and JBOSS log. I hope this will tell the problems
Following are 4 entries I see for HHTP trace when I request the first page of application.
 
 
Accept:image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Encoding:gzip, deflate Keep-Alive:- Content-Length:0 Authorization:- Connection:Keep-Alive User-Agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; MS-RTC EA 2) JSESSIONID:-
 

Accept:image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Encoding:gzip, deflate Keep-Alive:- Content-Length:0 Authorization:- Connection:Keep-Alive User-Agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; MS-RTC EA 2) JSESSIONID:o0CnB4xzVZUr-zECbCtuPEjf.undefined
 

Accept:image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Encoding:gzip, deflate Keep-Alive:- Content-Length:0 Authorization:- Connection:Keep-Alive User-Agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; MS-RTC EA 2) JSESSIONID:o0CnB4xzVZUr-zECbCtuPEjf.undefined
 

Accept:image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Encoding:gzip, deflate Keep-Alive:- Content-Length:0 Authorization:NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw== Connection:Keep-Alive User-Agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; MS-RTC EA 2) JSESSIONID:o0CnB4xzVZUr-zECbCtuPEjf.undefined
 
JBOSS log shows following
 
13:47:48,054 INFO [waffle.servlet.NegotiateSecurityFilter] (ajp--127.0.0.1-8009-1) GET /appcontext/jsp/sso/login.do, contentlength: 0
13:47:48,054 INFO [waffle.servlet.NegotiateSecurityFilter] (ajp--127.0.0.1-8009-1) authorization required
13:47:48,054 INFO [waffle.servlet.NegotiateSecurityFilter] (ajp--127.0.0.1-8009-1) GET /appcontext/jsp/sso/login.do, contentlength: 0
13:47:48,054 INFO [waffle.servlet.spi.NegotiateSecurityFilterProvider] (ajp--127.0.0.1-8009-1) security package: NTLM, connection id: 158.111.216.29:-1
13:47:48,054 INFO [waffle.servlet.spi.NegotiateSecurityFilterProvider] (ajp--127.0.0.1-8009-1) token buffer: 40 byte(s)
13:47:48,163 INFO [waffle.servlet.spi.NegotiateSecurityFilterProvider] (ajp--127.0.0.1-8009-1) continue token: TlRMTVNTUAACAAAABgAGADgAAAAFgomiTOq1sfBzRXEAAAAAAAAAAIYAhgA+AAAABQLODgAAAA9DAEQAQwACAAYAQwBEAEMAAQAeAEEAUABEAC0AVgAtAEQASABBAFAALQBNAEoAUAAzAAQADgBjAGQAYwAuAGcAbwB2AAMALgBhAHAAZAAtAHYALQBkAGgAYQBwAC0AbQBqAHAAMwAuAGMAZABjAC4AZwBvAHYABQAOAGMAZABjAC4AZwBvAHYAAAAAAA==
13:47:48,163 INFO [waffle.servlet.spi.NegotiateSecurityFilterProvider] (ajp--127.0.0.1-8009-1) continue required: true

Daniel Doubrovkine

unread,
Dec 16, 2012, 2:53:21 PM12/16/12
to waffle...@googlegroups.com
This is some configuration *somewhere* that believes that those headers are too large. A similar problem was described here: http://waffle.codeplex.com/discussions/222438

You'll have to hunt down the code that throws this error, but it's not in Waffle.

mvsra...@gmail.com

unread,
Dec 16, 2012, 4:19:11 PM12/16/12
to waffle...@googlegroups.com
The error(Request Entity Too Large) went away when I changed the protocol from Negotiate to NTLM. Now browser is showing the blank page
 
The HTTP trace shows the server didn't receive response from client browser after 2 401- Unauthorized status codes
The other server which is working, the The HTTP trace shows server received 200 OK status code after 2 401 Unauthorized status codes.
 
I cannot think of any setting on the first server that is preventing the authentication as both servers are configured correctly.
Both 2003 servers have JBOSS server running under localsystem account , integrated with ISS6.0 using ISAPI filters.
 
 
Some client browsers  are able to connect to first server correctly but some clients are getting blank page.
 
I am not sure if it is related to SPN on the server or browser intranet settings (I couldn't change the intranet settings on the client as adminstartor disabled those settings)
 
I will keep my investigation and keep you posted if I make any progress.
 

Daniel Doubrovkine

unread,
Dec 17, 2012, 9:36:27 AM12/17/12
to waffle...@googlegroups.com
Kerberos tickets are longer, so this sort-of makes sense. Although it's not the best workaround IMO, it just avoids the problem a bit more often.

You should now debug the auth problem the same way as you would following the normal troubleshooting steps. This could be the browser or the SPN settings alike.
Reply all
Reply to author
Forward
0 new messages