REST service in POST mode that accepts XML in the request body will results HTTP 413 (Request entity too large)

Problem Description

Sending a huge request to the Rest Service (endpoint URL) using the POST Method results in the following error:

org.apache.cxf.jaxrs.impl.WebApplicationExceptionMapper - javax.ws.rs.WebApplicationException: HTTP 413 Request Entity Too Large
	at org.apache.cxf.jaxrs.utils.ExceptionUtils.toWebApplicationException(ExceptionUtils.java:106)
	at org.apache.cxf.jaxrs.provider.SourceProvider.readFrom(SourceProvider.java:107)
	at org.apache.cxf.jaxrs.utils.JAXRSUtils.readFromMessageBodyReader(JAXRSUtils.java:1348)
	at org.apache.cxf.jaxrs.utils.JAXRSUtils.readFromMessageBody(JAXRSUtils.java:1299)
	at org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameter(JAXRSUtils.java:825)
	at org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameters(JAXRSUtils.java:789)
	at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:212)
	at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:77)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:262)
	at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:234)
	at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:76)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1088)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1024)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
	at org.eclipse.jetty.server.Server.handle(Server.java:370)
	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
	at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:667)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
	at java.lang.Thread.run(Thread.java:748)

 

Steps to Reproduce

  1. Import the attached Job and run it.
  2. After the Job is run successfully, the endpoint URL should be:

    http://localhost:8090/servlet
  3. Go to the Soap UI and create a new REST service, using the endpoint URL shown above.
  4. Open the attached XML file in Notepad, copy the content and send it in the soap UI as a request.

 

Observations/Output

soapUI_response.jpg

 

 

Root Cause

CXF does not accept very large XML payloads to prevent DoS attacks. This behavior can be configured by specifying the corresponding Java system properties. In this case, the number of child elements of /requestSendNumberRange/items is about 55,000, which is more than the 50,000 allowed by default.

 

For more information, see the following URL:

https://cxf.apache.org/docs/security.html#Security-ControllingLargeRequestPayloads

 

Solution

  1. Go to Studio > Open the Route.
  2. Go to Advanced settings > JVM settings, then select Use Specific JVM arguments.
  3. Add a new entry as shown below:

    -Dorg.apache.cxf.stax.maxChildElements=100000
  4. Save the Job and run it. It should be able to process the XML file and display:

    <response>
    OK!
    </response>
Version history
Revision #:
5 of 5
Last update:
‎03-16-2018 11:09 AM
Updated by:
 
Contributors