-
Bug
-
Resolution: Done
-
Undefined
-
None
-
AMQ 7.12.1.GA
-
1
-
False
-
None
-
False
-
-
-
Currently, the default header sizes for the embedded Jetty container hosting the AMQ Console are capped at 8192 bytes. When using OpenSSO for authentication, it is possible that the list of roles / groups returned and used for the authorization header are greater than this limit, resulting in a logged error like this:
2024-07-12 11:41:32,873 DEBUG [org.eclipse.jetty.http.HttpParser] HEADER:Authorization --> VALUE
2024-07-12 11:41:32,873 DEBUG [org.eclipse.jetty.http.HttpParser] HEADER:Authorization --> IN_VALUE
2024-07-12 11:41:32,875 WARN [org.eclipse.jetty.http.HttpParser] Header is too large 8193>8192
2024-07-12 11:41:32,877 DEBUG [org.eclipse.jetty.http.HttpParser] Parse exception: HttpParser{s=HEADER,0 of 2} for HttpChannelOverHttp@57c818d5{s=HttpChannelState@17df605c{s=IDLE rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0},r=0,c=false/false,a=IDLE,uri=null,age=0}
org.eclipse.jetty.http.BadMessageException: 431: null
at org.eclipse.jetty.http.HttpParser.parseFields(HttpParser.java:1152) ~[jetty-http-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:1542) ~[jetty-http-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.server.HttpConnection.parseRequestBuffer(HttpConnection.java:403) ~[jetty-server-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:275) ~[jetty-server-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314) ~[jetty-io-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) ~[jetty-io-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558) ~[jetty-io-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379) ~[jetty-io-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146) ~[jetty-io-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) ~[jetty-io-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) ~[jetty-io-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421) ~[jetty-util-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390) ~[jetty-util-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277) ~[jetty-util-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.produce(AdaptiveExecutionStrategy.java:193) ~[jetty-util-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969) [jetty-util-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194) [jetty-util-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149) [jetty-util-10.0.20.redhat-00001.jar:10.0.20.redhat-00001]
at java.base/java.lang.Thread.run(Thread.java:829) [?:?]
and the console being inaccessible to the user. This request would expose the parameters for setting the maximum header lengths to avoid the issue.
