Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1967F9143 for ; Wed, 5 Oct 2011 09:45:05 +0000 (UTC) Received: (qmail 66741 invoked by uid 500); 5 Oct 2011 09:45:01 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 66561 invoked by uid 500); 5 Oct 2011 09:45:01 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 66552 invoked by uid 99); 5 Oct 2011 09:45:01 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Oct 2011 09:45:01 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of aw@ice-sa.com designates 212.85.38.228 as permitted sender) Received: from [212.85.38.228] (HELO tor.combios.es) (212.85.38.228) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Oct 2011 09:44:52 +0000 Received: from [192.168.245.129] (p549E0B25.dip0.t-ipconnect.de [84.158.11.37]) by tor.combios.es (Postfix) with ESMTPA id 6306BDA0196 for ; Wed, 5 Oct 2011 11:44:30 +0200 (CEST) Message-ID: <4E8C26E7.4080004@ice-sa.com> Date: Wed, 05 Oct 2011 11:44:07 +0200 From: =?ISO-8859-1?Q?Andr=E9_Warnier?= Reply-To: Tomcat Users List User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: AW: ISAPI Redicect - Request Entitiy too large References: <739CCB2D4BF8FD48985D6E158AD327B81E9EF1F757@DC01.tecracerde.local> <4E8C1219.6030604@ice-sa.com> <739CCB2D4BF8FD48985D6E158AD327B81E9EF1F763@DC01.tecracerde.local> <4E8C265E.4010108@ice-sa.com> In-Reply-To: <4E8C265E.4010108@ice-sa.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org Addendum : can you increase the log level of isapi_redirect on the IIS server, and try again ? it may show us a bit more about what is happening. Andr� Warnier wrote: > Alexander Diedler wrote: >> Hello, >> We use the IIS integrated (Windows) domain authentication, which is >> passed >> to the Tomcat and then we check the given String with our user >> database in >> the app and if username and password match, the user was "automatically" >> logged in (SSO). >> > > Ok, basically thanks. I just wanted to know if the NTLM authentication > dialog could explain some extra-large headers. > But in this case, apparently not, since the authentication dialog > happens between the browser and IIS, and should not even be seen in Tomcat. > (Apart from the final "Authorization:" header). > > One item in your above explanation does not fit : "username and > password" cannot be. There is no way that the IIS authentication would > produce a user password that you can pass on to Tomcat. Userid yes, > password no. > (But it does not matter for the current issue). > > Anyway, what about a difference between the workstations for which it > happens, and the ones for which it does not ? any visible OS/browser > difference ? > > >> Greetings >> Alexander >> -----Urspr�ngliche Nachricht----- >> Von: Andr� Warnier [mailto:aw@ice-sa.com] Gesendet: Mittwoch, 5. >> Oktober 2011 10:15 >> An: Tomcat Users List >> Betreff: Re: ISAPI Redicect - Request Entitiy too large >> >> Alexander Diedler wrote: >>> Hello @ll, >>> >>> I have installed a new Windows 2008 R2 x64 Server with IIS7 and Tomcat >>> 6.0.32 x64 Edition. We use SSO Authentication from IIS to the Tomcat. >> >> Which SSO mechanism ? >> >>> Suddenly, we got on some clients, but not on every client (that�s >>> stupid!) the following error: >>> >>> >>> >>> Request Entity Too large! >> >> which does look strange, considering that there is a "Content-length: 0" >> header below. >> >> It looks a bit as if a HTTP *header* in the request was too large. >> >> Repeat question : can you be a bot more specific about the authentication >> mechanism used ? >> Also, if you can determine a difference, what is the difference >> between the >> clients where it happens, and the ones where it does not ? >> >> >>> The HTTP method does not allow the data transmitted, or the data volume >>> exceeds the capacity limit. >>> >>> >>> Jakarata/ISAPI/isapi_redirector/1.2.32 () >>> >>> >>> >>> The isapi.log contains the following messages in debug mode: >>> >>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] >>> find_match::jk_uri_worker_map.c (863): Found a wildchar match >>> '/jci/*=worker1' >>> >>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] >>> HttpFilterProc::jk_isapi_plugin.c (1978): check if [/jci/] points to the >>> web-inf directory >>> >>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] >>> HttpFilterProc::jk_isapi_plugin.c (1994): [/jci/] is a servlet url - >> should >>> redirect to worker1 >>> >>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] >>> HttpFilterProc::jk_isapi_plugin.c (2034): fowarding escaped URI [/jci/] >>> >>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] >> wc_maintain::jk_worker.c >>> (339): Maintaining worker worker1 >>> >>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] >>> init_ws_service::jk_isapi_plugin.c (3022): Reading extension header >>> HTTP_TOMCATWORKER0000000180000000: worker1 >>> >>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] >>> init_ws_service::jk_isapi_plugin.c (3023): Reading extension header >>> HTTP_TOMCATWORKERIDX0000000180000000: 3 >>> >>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] >>> init_ws_service::jk_isapi_plugin.c (3024): Reading extension header >>> HTTP_TOMCATURI0000000180000000: /jci/ >>> >>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] >>> init_ws_service::jk_isapi_plugin.c (3025): Reading extension header >>> HTTP_TOMCATQUERY0000000180000000: (null) >>> >>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] >>> init_ws_service::jk_isapi_plugin.c (3085): Applying service extensions >>> >>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] >>> init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header >>> Connection : Keep-Alive >>> >>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] >>> init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header >>> Content-Length : 0 >>> >>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug] >>> init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header >> Accept >>> : */* >>> >>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] >>> init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header >>> Accept-Encoding : gzip, deflate >>> >>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] >>> init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header >>> Accept-Language : de-DE >>> >>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] >>> init_ws_service::jk_isapi_plugin.c (3309): >>> >>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] >>> init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header >>> Host >> : >>> b0621s008 >>> >>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] >>> init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header >>> User-Agent : Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; >>> Trident/4.0; SLCC2; .NET CLR 2.0.50727) >>> >>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] >>> init_ws_service::jk_isapi_plugin.c (3344): Service protocol=HTTP/1.1 >>> method=GET host=fe80::3d83:4ce1:6ac:83dd%11 >> addr=fe80::3d83:4ce1:6ac:83dd%11 >>> name=b0621s008 port=80 auth=Negotiate user=DOMAIN\USERNAME uri=/jci/ >>> >>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] >>> init_ws_service::jk_isapi_plugin.c (3356): Service request headers=8 >>> attributes=0 chunked=no content-length=0 available=0 >>> >>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] >>> wc_get_worker_for_name::jk_worker.c (116): found a worker worker1 >>> >>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] >>> HttpExtensionProc::jk_isapi_plugin.c (2228): got a worker for name >>> worker1 >>> >>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] >>> ajp_get_endpoint::jk_ajp_common.c (3161): acquired connection pool >>> slot=0 >>> after 0 retries >>> >>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [error] >>> ajp_marshal_into_msgb::jk_ajp_common.c (469): failed appending the >>> header >>> value >>> >>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [info] >>> ajp_service::jk_ajp_common.c (2431): Creating AJP message failed, >>> without >>> recovery >>> >>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [error] >>> HttpExtensionProc::jk_isapi_plugin.c (2261): service() failed with http >>> error 413 >>> >>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] >>> ajp_reset_endpoint::jk_ajp_common.c (807): (worker1) resetting endpoint >> with >>> socket -1 (socket shutdown) >>> >>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug] >> ajp_done::jk_ajp_common.c >>> (3078): recycling connection pool slot=0 for worker worker1 >>> >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >> For additional commands, e-mail: users-help@tomcat.apache.org >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org