API Call always get 400 Bad Request response after upgrading Spring Boot to 2.7.x

by leelight · November 10, 2022

In the past few weeks, my team met a critical issue. Our service ABC just upgraded the spring boot version from 2.2.x to 2.7.x. After testing and deployment to the production environment, we found that all tenants are working fine except one tenant Tom.

When we tried to call the APIs from ABC in the browser, the service ABC always returned the 400 Bad Request response.

We are so confused by this situation:

If the service ABC has a problem, why do other tenants have no such issue?
If the service ABC has no problem, why does after deployment only Tenant Tom have such an issue?

1. Analysis

At first, we tried to gather the log for the 400 Bad Request. But nothing special except one error message from one custom filter SwaggerBasePathRewritingFilter, which is from our gateway service DEF. It seems that all API calls go to service ABC have been caught by gateway service DEF. This error message from gateway DEF indicated that the response from the service ABC is empty content.

Then we downgrade the log level for service gateway DEF and service ABC.

logging_level_org_apache_http: TRACE

1	logging_level_org_apache_http: TRACE

Then we got a lot of trace messages from org.apache.http.wire in gateway DEF. like this, but there is no other error messages that could help us. In service ABC there is not error.

http-outgoing-9 << "HTTP/1.1 400 Bad Request[\r][\n]"

1	http-outgoing-9 << "HTTP/1.1 400 Bad Request[\r][\n]"

Then we downgraded the log level for undertow which is running in the container as an embedded server.

logging_level_io_undertow_request_io: TRACE

1	logging_level_io_undertow_request_io: TRACE

After testing, we found an error message in service ABC! This means the request has been sent from the gateway DEF to ABC but has been blocked by the Undertow server.

io.undertow.request.io: UT005014: Failed to parse request

1	io.undertow.request.io: UT005014: Failed to parse request

2. Root Cause

Finally, we have found the solution and the root cause. In the spring boot version 2.7.x, the Undertow is used in the container instead of the Jetty.

The default Max-HTTP-Header-Size as described in the Spring document is 8KB, for both Jetty and Undertow.

(https://docs.spring.io/spring-boot/docs/current/reference/html/application-properties.html#application-properties.server.server.max-http-header-size)

But other resources like baeldung and stackoverlow said the default value for Undertow is 1MB —– We have proved that this is incorrect!

BUT, for some reason, the older spring boot version DOES NOT limit the request header size to 8KB.

And unfortunately, in the tenant Tom, the JWT token with Keycloak roles in the header of the API requests is large than 8KB. We have a huge role list in the JWT token which is required in our services.

That’s the reason why ONLY tenant Tom and only service ABC which are using the new Spring Boot have a such weird issue.

3. The final solution:

Please set the following config in your application.yml file. You can set your preferred value.

server.max-http-header-size=100KB

1	server.max-http-header-size=100KB

4. Open points

why jetty in the old spring boot version does not limit requests with 8kb header? Even the spring document said it is 8kb. Maybe the jetty-to-jetty communication will ignore the header limitation?

Refer:

Spring Boot 从 2.2.5 升级到 2.7.2 之后，一堆BUG

Tags: Spring Boot

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

API Call always get 400 Bad Request response after upgrading Spring Boot to 2.7.x

You may also like...

Leave a Reply Cancel reply

Meta

Categories

API Call always get 400 Bad Request response after upgrading Spring Boot to 2.7.x

1. Analysis

2. Root Cause

3. The final solution:

4. Open points

Related posts:

You may also like...

[汇总]Spring Cloud资源

[转]怎么优雅的处理Java异常？

[汇总] Spring 项目经验

Leave a Reply Cancel reply

Meta

Categories