Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Buffering capacity exceeded... AuthenticationProtocolHandler.DEFAULT_MAX_CONTENT_LENGTH too small?


On Sun, Jun 28, 2015 at 6:07 PM, Mark Mielke <mark.mielke@xxxxxxxxx> wrote:
I am using Jetty HttpClient to access a remote JIRA install, and a remote Crucible install. Some requests are failing with "Buffering capacity exceeded ..."

I do not believe this is due to BufferingResponseListener's default maxLength of 2 MBytes. These requests are fairly small and simple. I believe it is the authentication requests which are failing, which are using WWWAuthenticationProtocolHandler, which calls AuthenticationProtocolHandler with a maxContentLength of AuthenticationProtocolHandler.DEFAULT_MAX_CONTENT_LENGTH which is only 4096.

I believe JIRA is sometimes returning HTTP 401 with an HTML body which is exceeding 4096 bytes. It may also have a number of long headers.


I did confirm with Wireshark that the first HTTP 401 response is small, and gets responded to with the WWWAuthenticationProtocolHandler having filled the right headers. Then, I'm getting an HTTP 401 response that is larger (> 4096 bytes, but not more than 1000 bytes), including full HTML. So, something unexpected is happening client side, but I still would have expected the failure to be an HTTP 401 or authorization failure, and not a "Buffering capacity exceeded ..." error. I'll figure out the application problem on my side, but I still have the question why "Buffering capacity exceeded..." is the right behaviour in this case. Why not support more than 4096 bytes? Why not the full 2 MBytes the same as the non-401 case?

Thanks!


 

Is there a reason why AuthenticationProtocolHandler.DEFAULT_MAX_CONTENT_LENGTH is so small? Why shouldn't it use the same default as a BufferingResponseListener of 2 MBytes? Since it will accept up to 2 MBytes for a regular response, why wouldn't it accept up to 2 MBytes for an HTTP 401 response?

Thanks!

P.S. I think ideally, WWWAuthenticationProtocolHandler and most others should only need to buffer the headers, and buffering the content is unnecessary. But, I guess it is tricky to implement this and it hasn't been a priority?


--
Mark Mielke <mark.mielke@xxxxxxxxx>




--
Mark Mielke <mark.mielke@xxxxxxxxx>


Back to the top