Fix: change the limit for MaxFromKeys and MaxContentSize

imShakil commented 1 year ago

Describe the issue

Gluu UI fails to add Person Authentication custom scripts due to the limit crossing of custom properties and script size. In this test, we added 44 custom scripts with 2-5 custom properties. then adding one more shows an identity error. ref ticket: 11064

Steps To Reproduce

Steps to reproduce the behavior:

Go to 'Person Authentication Script tab'
Try to add more than 45 custom scripts with 2-5 custom properties.
After 45, It shows identity errors and couldn't perform adding any new custom script.
log:

2023-04-27 05:20:36,543 INFO  [Thread-2638] [org.gluu.service.logger.LoggerService] (LoggerService.java:205) - Updated log level of '99' loggers to TRACE
2023-04-27 05:20:39,176 TRACE [qtp966739377-19] [org.gluu.oxtrust.exception.GlobalExceptionHandler] (GlobalExceptionHandler.java:58) - 400: Unable to parse form content
org.eclipse.jetty.http.BadMessageException: 400: Unable to parse form content
    at org.eclipse.jetty.server.Request.getParameters(Request.java:465) ~[?:?]
    at org.eclipse.jetty.server.Request.getParameterNames(Request.java:1058) ~[?:?]
    at com.sun.faces.context.RequestParameterMap.get(RequestParameterMap.java:56) ~[jakarta.faces-2.3.14.jar:2.3.14]
    at com.sun.faces.context.RequestParameterMap.get(RequestParameterMap.java:33) ~[jakarta.faces-2.3.14.jar:2.3.14]
    at java.util.Collections$UnmodifiableMap.get(Collections.java:1454) ~[?:?]
    at org.omnifaces.util.FacesLocal.getRequestParameter(FacesLocal.java:792) ~[omnifaces-2.6.9.jar:2.6.9]
    at org.omnifaces.cdi.viewscope.ViewScopeManager.isUnloadRequest(ViewScopeManager.java:238) ~[omnifaces-2.6.9.jar:2.6.9]
    at org.omnifaces.context.OmniExternalContext.getFlash(OmniExternalContext.java:65) ~[omnifaces-2.6.9.jar:2.6.9]
    at javax.faces.context.ExternalContextWrapper.getFlash(ExternalContextWrapper.java:1010) ~[jakarta.faces-2.3.14.jar:2.3.14]
    at com.sun.faces.lifecycle.Phase.handleBeforePhase(Phase.java:189) ~[jakarta.faces-2.3.14.jar:2.3.14]
    at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:74) ~[jakarta.faces-2.3.14.jar:2.3.14]
    at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:110) ~[jakarta.faces-2.3.14.jar:2.3.14]
    at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177) ~[jakarta.faces-2.3.14.jar:2.3.14]
    at javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:707) ~[jakarta.faces-2.3.14.jar:2.3.14]
    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:451) ~[jakarta.faces-2.3.14.jar:2.3.14]
    at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1410) ~[jetty-servlet-10.0.9.jar:10.0.9]
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764) ~[jetty-servlet-10.0.9.jar:10.0.9]
    at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1630) ~[jetty-servlet-10.0.9.jar:10.0.9]
    at org.eclipse.jetty.websocket.servlet.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:170) ~[websocket-servlet-10.0.9.jar:10.0.9]
    at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[?:?]
    at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1600) ~[?:?]
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:506) ~[?:?]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131) ~[?:?]
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578) ~[?:?]
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?]
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223) ~[?:?]
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1571) ~[?:?]
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221) ~[?:?]
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1378) ~[?:?]
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176) ~[?:?]
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:463) ~[?:?]
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1544) ~[?:?]
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174) ~[?:?]
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1300) ~[?:?]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) ~[?:?]
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:192) ~[?:?]
    at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:51) ~[?:?]
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?]
    at org.eclipse.jetty.server.Server.handle(Server.java:562) ~[?:?]
    at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505) ~[?:?]
    at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762) ~[?:?]
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497) ~[?:?]
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282) ~[?:?]
    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:319) ~[?:?]
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) ~[?:?]
    at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) ~[?:?]
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:412) ~[?:?]
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:381) ~[?:?]
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:268) ~[?:?]
    at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:138) ~[?:?]
    at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:407) ~[?:?]
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:894) ~[?:?]
    at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1038) ~[?:?]
    at java.lang.Thread.run(Thread.java:829) ~[?:?]
Caused by: java.lang.IllegalStateException: Form with too many keys [1001 > 1000]
    at org.eclipse.jetty.util.UrlEncoded.checkMaxKeys(UrlEncoded.java:638) ~[?:?]
    at org.eclipse.jetty.util.UrlEncoded.decodeUtf8To(UrlEncoded.java:445) ~[?:?]
    at org.eclipse.jetty.util.UrlEncoded.decodeTo(UrlEncoded.java:520) ~[?:?]
    at org.eclipse.jetty.server.Request.extractFormParameters(Request.java:593) ~[?:?]
    at org.eclipse.jetty.server.Request.extractContentParameters(Request.java:540) ~[?:?]
    at org.eclipse.jetty.server.Request.getParameters(Request.java:460) ~[?:?]
    ... 53 more
2023-04-27 05:20:39,477 TRACE [qtp966739377-15] [org.gluu.service.BaseCacheService] (BaseCacheService.java:37) - Request data, key 'organization_oxtrust'
2023-04-27 05:20:39,477 TRACE [qtp9667393

Expected behavior

We should be able to add more custom scripts.

Solution

According to the log, We need to change the limit for MaxFromKeys and MaxContentSize and release the new oxtrust.war file.

Screenshots

Screenshot 2023-04-27 at 11 22 14 AM Screenshot 2023-04-27 at 11 34 35 AM

iromli commented 1 year ago

Can we pass Java system property i.e. -Dorg.eclipse.jetty.server.Request.maxFormContentSize=5000000 instead of modifying xml file?

iromli commented 1 year ago

in k8s setup, pass env var GLUU_JAVA_OPTIONS=-Dorg.eclipse.jetty.server.Request.maxFormContentSize=2000000 -Dorg.eclipse.jetty.server.Request.maxFormKeys=2000 to the pod.

imShakil commented 1 year ago

is this only for cloud-native? what about Community Edition?

iromli commented 1 year ago

cc @devrimyatar

is this only for cloud-native? what about Community Edition?

GluuFederation / oxTrust