Reputation: 7461
During upgrade from Tomcat 7.0.50 to Tomcat 8.5.15 it stopped recognizing one of the POST parameters of one of my methods: what I get instead of the normal response is this message
HTTP Status [400] – [Bad Request]
Type Status Report
Message Required String parameter 'password' is not present
Description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).
Apache Tomcat/8.5.15
The method signature is:
@RequestMapping(value = "/login", method = RequestMethod.POST)
@ResponseBody
public Map<String, Object> login(
@RequestParam("password") String passwordHash,
@RequestParam("username") String loginName,
@RequestParam(value = "clientId", required = false) String clientId,
HttpServletRequest request,
HttpServletResponse response)
throws NoSuchAlgorithmException {//...
I've captured traffic from the request and, as you can see, the password
POST parameter is contained in POST x-www-form-urlencoded
parameters:
POST http://<masked>/Server/user/login HTTP/1.1
Host: <masked>
Connection: keep-alive
Content-Length: 270
Origin: http://<masked>
X-Requested-With: ShockwaveFlash/26.0.0.131
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.104 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://<masked>
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8,ru;q=0.6,he;q=0.4
Cookie: <masked>
noremember=true&password=C9TUq%2BYMIbeoW%2ByfoSCt9QJoOnmSGR8BqRKdOjufjE7%2FoHUDpPf3FHSvCUbZu4EBSKkJV2ryGs1Q77D7SFbBKZZ3joWcMTN6aTsgmPsOdW0Md1qcOkB4w4L3F53XZRlKUp2RaxCjoE0AIr%2B0WLomGFSrn8u8iTf2p4Z7Mo6ZKPA%3D&username=test%40example%2Ecom&clientId=1858390758%2E1481631908
The strange this is that it worked perfectly under Tomcat 7
How can this be helped?
Upvotes: 3
Views: 2206
Reputation: 7461
Finally the reason was found.
I've had maxPostSize="0"
parameter in server.xml
's Connector
in my old configuration of Tomcat 7.0.50 and I've copied it to the new configuration, but since Tomcat version 7.0.63 maxPostSize="0"
doesn't mean unlimited, but "empty", so maxPostSize="-1"
should be used
The meaning of the value zero for the maxPostSize has also been changed to mean a limit of zero rather than no limit to align it with maxSavePostSize and to be more intuitive. (markt)
Upvotes: 1