JBoss EAP 6 continues an application processing without throwing an exception when the POST request exceeds the max-post-size limit
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 6.x
Issue
- JBoss EAP 6 continues an application processing without throwing an exception when the POST request exceeds the
max-post-sizelimit. - We have a web application which accepts a form request with the Content-Type "
application/x-www-form-urlencoded". Even if the client's POST form data exceeds themax-post-sizelimit, JBoss EAP 6 does not throw an exception and continues the application processing without the POST request data. Is this an expected behavior? Is it possible to change to throw an exception?
Resolution
For the POST request having the Content-Type "application/x-www-form-urlencoded", JBoss EAP 6 (JBossWeb) behaves differently depending on whether the POST request is chunked or not (with the "Transfer-Encoding: chunked" request header or with the "Content-Length" request header):
With the chunked POST request having the "Transfer-Encoding: chunked" header
JBossWeb throws the following IllegalStateException when exceeding the max-post-size setting. HTTP Status 500 response will be returned to the client in this scenario:
ERROR [org.apache.catalina.connector] (http-127.0.0.1:8080-1) JBWEB001018: An exception or error occurred in the container during the request processing: java.lang.IllegalStateException: JBWEB000044: Parameters were not parsed because the size of the posted data was too big. Use the maxPostSize attribute of the connector to resolve this if the application should accept large POSTs.
at org.apache.catalina.connector.Request.readChunkedPostBody(Request.java:2918) [jbossweb-7.5.27.Final-redhat-1.jar:7.5.27.Final-redhat-1]
at org.apache.catalina.connector.Request.parseParameters(Request.java:2890) [jbossweb-7.5.27.Final-redhat-1.jar:7.5.27.Final-redhat-1]
at org.apache.catalina.connector.Request.getParameterNames(Request.java:1345) [jbossweb-7.5.27.Final-redhat-1.jar:7.5.27.Final-redhat-1]
at org.apache.catalina.valves.RequestDumperValve.invoke(RequestDumperValve.java:115) [jbossweb-7.5.27.Final-redhat-1.jar:7.5.27.Final-redhat-1]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [jbossweb-7.5.27.Final-redhat-1.jar:7.5.27.Final-redhat-1]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.5.27.Final-redhat-1.jar:7.5.27.Final-redhat-1]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:656) [jbossweb-7.5.27.Final-redhat-1.jar:7.5.27.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.27.Final-redhat-1.jar:7.5.27.Final-redhat-1]
at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_171]
With the POST request having the "Content-Length" header
When the size of Content-Length exceeds the max-post-size setting, the POST data is silently dropped and JBossWeb processes the request without parsing the POST body in this scenario. Your issue is hitting this case.
You can enable DEBUG logging for org.apache.catalina.connector to see the following DEBUG log message[2] when faceing this case:
DEBUG [org.apache.catalina.connector] (http-127.0.0.1:8080-1) JBWEB001023: Parameters were not parsed because the size of the posted data was too big. Use the maxPostSize attribute of the connector to resolve this if the application should accept large POSTs.
Also, you can change this behavior to throw an exception by adding the JVM option -Dorg.apache.catalina.connector.Request.THROW_POST_TOO_LARGE=true to your standalone.conf or domain.conf:
JAVA_OPTS="$JAVA_OPTS -Dorg.apache.catalina.connector.Request.THROW_POST_TOO_LARGE=true"
or setting the system property org.apache.catalina.connector.Request.THROW_POST_TOO_LARGE to true inside the xml configuration file like described in this knowledge article.
Then, the following IllegalStateException will be thrown when the size of Content-Length of the POST request exceeds the max-post-size limit:
ERROR [org.apache.catalina.connector] (http-127.0.0.1:8080-1) JBWEB001018: An exception or error occurred in the container during the request processing: java.lang.IllegalStateException: java.lang.IllegalStateException: JBWEB000044: Parameters were not parsed because the size of the posted data was too big. Use the maxPostSize attribute of the connector to resolve this if the application should accept large POSTs.
at org.apache.catalina.connector.Request.parseParameters(Request.java:2864) [jbossweb-7.5.27.Final-redhat-1.jar:7.5.27.Final-redhat-1]
at org.apache.catalina.connector.Request.getParameterNames(Request.java:1345) [jbossweb-7.5.27.Final-redhat-1.jar:7.5.27.Final-redhat-1]
at org.apache.catalina.valves.RequestDumperValve.invoke(RequestDumperValve.java:115) [jbossweb-7.5.27.Final-redhat-1.jar:7.5.27.Final-redhat-1]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [jbossweb-7.5.27.Final-redhat-1.jar:7.5.27.Final-redhat-1]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.5.27.Final-redhat-1.jar:7.5.27.Final-redhat-1]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:656) [jbossweb-7.5.27.Final-redhat-1.jar:7.5.27.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.27.Final-redhat-1.jar:7.5.27.Final-redhat-1]
at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_171]
Caused by: java.lang.IllegalStateException: JBWEB000044: Parameters were not parsed because the size of the posted data was too big. Use the maxPostSize attribute of the connector to resolve this if the application should accept large POSTs.
... 8 more
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.