i have a problem with Wildlfy 10/11/12. I sucessfully set wf in domain mode with http management, using complete AD authentification. I can not set remoting port 4447 for use AD auth. I tested it with local mgmt-users.properties and mgmt-groups.properties and everything worked fine.
Now I'm testing this:
1) Ldap works for http://127.0.0.1:9990/console/ (me user have all ad groups)
2) Ldap works with jconsole service:jmx:remote+http://127.0.0.1:9990 (Domain Controller)
3) Not working AD auth, with local mgmt-users everything works fine:
service:jmx:remote+http://127.0.0.1:4447
service:jmx:remote://127.0.0.1:4447
Why i need this? I need to monitor datasource stats from each server. Monitoring over HC does not give me these datas. This config uses 2 ldaps: one for http management and another for testing remoting port (RemotingRealm). Can you please help me to set use both ldaps?
I used this howto for Enable remoting in Domain mode:
https://kb.novaordis.com/index.php/JMX_Access_to_Domain_Mode_EAP_7_Server_Node
Coplete domain and host files:
https://tomashermanek.cz/download/domain.xml
https://tomashermanek.cz/download/host.xml
domain.xml
...
<management>
<access-control provider="rbac">
<role-mapping>
<role name="SuperUser">
<include>
<group name="_wildfly_adm"/>
</include>
</role>
<role name="Administrator">
<include>
<group name="_wildfly_adm"/>
</include>
</role>
<role name="Auditor">
<include>
<group name="_wildfly_audit"/>
</include>
</role>
<role name="Deployer">
<include>
<group name="_wildfly_deploy"/>
</include>
</role>
<role name="Maintainer">
<include>
<group name="_wildfly_maintain"/>
</include>
</role>
<role name="Monitor">
<include>
<group name="_wildfly_monit"/>
</include>
</role>
<role name="Operator">
<include>
<group name="_wildfly_ops"/>
</include>
</role>
</role-mapping>
</access-control>
</management>
...
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
<expose-resolved-model/>
<expose-expression-model/>
<remoting-connector use-management-endpoint="false"/>
<sensitivity non-core-mbeans="true"/>
</subsystem>
<subsystem xmlns
...
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
<connector name="remoting-connector" socket-binding="remoting" security-realm="RemotingRealm"/>
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
</subsystem>
...
<socket-binding-groups>
<socket-binding-group name="ha-sockets" default-interface="public">
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
<socket-binding name="http" port="${jboss.http.port:8080}"/>
<socket-binding name="https" port="${jboss.https.port:8443}"/>
<socket-binding name="jgroups-mping" interface="private" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
<socket-binding name="jgroups-tcp" interface="private" port="7600"/>
<socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
<socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<socket-binding name="remoting" port="4447"/>
<outbound-socket-binding name="mail-smtp">
<remote-destination host="localhost" port="25"/>
</outbound-socket-binding>
</socket-binding-group>
host.xml
...
<security-realm name="LdapRealm">
<authentication>
<ldap connection="ldap" base-dn="DC=example,DC=com" recursive="true">
<username-filter attribute="sAMAccountName"/>
</ldap>
</authentication>
<authorization>
<ldap connection="ldap">
<group-search group-dn-attribute="cn" group-name-attribute="cn">
<group-to-principal search-by="DISTINGUISHED_NAME" base-dn="OU=Groups,OU=Corp-Restricted,DC=example,DC=internal">
<membership-filter principal-attribute="member"/>
</group-to-principal>
</group-search>
</ldap>
</authorization>
</security-realm>
<security-realm name="RemotingRealm">
<authentication>
<ldap connection="ldap" base-dn="DC=example,DC=com" recursive="true">
<username-filter attribute="sAMAccountName"/>
</ldap>
</authentication>
<authorization>
<ldap connection="ldap">
<group-search group-dn-attribute="cn" group-name-attribute="cn">
<group-to-principal search-by="DISTINGUISHED_NAME" base-dn="OU=Groups,OU=Corp-Restricted,DC=example,DC=internal">
<membership-filter principal-attribute="member"/>
</group-to-principal>
</group-search>
</ldap>
</authorization>
</security-realms>
<outbound-connections>
<ldap name="ldap" url="ldap://ldap.server.one">
<properties>
<property name="java.naming.security.principal" value="search_user"/>
<property name="java.naming.security.credentials" value="password" />
<property name="java.naming.security.authentication" value="simple" />
</properties>
</ldap>
</outbound-connections>
...
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface>
<http-interface security-realm="LdapRealm">
<http-upgrade enabled="true"/>
<socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
LOG From server dev-001
2018-04-06 15:26:16,598 TRACE [org.wildfly.security] (default task-1) Handling NameCallback: authenticationName = tomas.hermanek
2018-04-06 15:26:16,598 TRACE [org.jboss.as.domain.management.security] (default task-1) Non caching search for 'tomas.hermanek'
2018-04-06 15:26:16,598 TRACE [org.jboss.as.domain.management.security] (default task-1) Performing recursive search
2018-04-06 15:26:16,598 TRACE [org.jboss.as.domain.management.security] (default task-1) Searching for user 'tomas.hermanek' using filter '(sAMAccountName={0})'.
2018-04-06 15:26:16,598 TRACE [org.jboss.as.domain.management.security] (default task-1) Connecting to LDAP with properties ({java.naming.provider.url=ldap://10.1.31.10, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.referral=ignore})
2018-04-06 15:26:16,621 TRACE [org.wildfly.security] (default task-1) Principal assigning: [tomas.hermanek], pre-realm rewritten: [tomas.hermanek#RemotingRealm], realm name: [PLAIN], post-realm rewritten: [tomas.hermanek#RemotingRealm], realm rewritten: [tomas.hermanek#RemotingRealm]
2018-04-06 15:26:16,621 TRACE [org.jboss.as.domain.management.security] (default task-1) Non caching search for 'tomas.hermanek'
2018-04-06 15:26:16,621 TRACE [org.jboss.as.domain.management.security] (default task-1) Performing recursive search
2018-04-06 15:26:16,621 TRACE [org.jboss.as.domain.management.security] (default task-1) Searching for user 'tomas.hermanek' using filter '(sAMAccountName={0})'.
2018-04-06 15:26:16,621 TRACE [org.jboss.as.domain.management.security] (default task-1) Connecting to LDAP with properties ({java.naming.provider.url=ldap://10.1.31.10, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.referral=ignore})
2018-04-06 15:26:16,641 TRACE [org.wildfly.security] (default task-1) Handling AuthenticationCompleteCallback: fail
2018-04-06 15:26:16,641 TRACE [org.jboss.remoting.remote.server] (default task-1) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05013: Authentication mechanism password not verified
at org.wildfly.security.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:127)
at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)
at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106)
at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:59)
at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245)
at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217)
at org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:486)
at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.lang.Thread.run(Thread.java:745)
2018-04-06 15:26:16,641 TRACE [org.jboss.remoting.remote.server] (default task-1) No more authentication attempts allowed, closing the connection
If LdapRealm an RemotingRealm are the same. And this does not work even when you replace RemotingRealm for LdapRealm, then this seems as bug.
Related
I'm currently trying to fix in issue in our JBOSS Deployment with different SOAP Endpoints, we trying to close the Webservice Interface over https(port 8443) to only allow it via CA Authentication (port 8444).
We are Using JBOSS 7.4.7 and JDK 11
Here are the JBOSS Standalone Configurations:
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="https" port="8443"/>
<socket-binding name="httpsca" port="8444"/>
</socket-binding-group>
[...]
<subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
<buffer-cache name="default"/>
<server name="default-server">
<https-listener name="https" socket-binding="https" max-post-size="0" secure="true" ssl-context="ssl"/>
<https-listener name="httpsca" socket-binding="httpsca" max-post-size="0" secure="true" ssl-context="sslca"/>
</server>
[...]
<subsystem xmlns="urn:jboss:domain:webservices:2.0" statistics-enabled="${wildfly.webservices.statistics-enabled:${wildfly.statistics-enabled:false}}">
<modify-wsdl-address>true</modify-wsdl-address>
<wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
<wsdl-port>8444</wsdl-port>
<wsdl-secure-port>8444</wsdl-secure-port>
<endpoint-config name="Standard-Endpoint-Config"/>
<endpoint-config name="Recording-Endpoint-Config"/>
<client-config name="Standard-Client-Config"/>
</subsystem>
<tls>
<key-stores>
<key-store name="test">
<credential-reference clear-text="****"/>
<implementation type="JKS"/>
<file path="ssl_keystore.jks" relative-to="jboss.server.config.dir"/>
</key-store>
<key-store name="test-trusted">
<credential-reference clear-text="****"/>
<implementation type="JKS"/>
<file path="ssl_truststore.jks" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="serverssl" key-store="test">
<credential-reference clear-text="****"/>
</key-manager>
</key-managers>
<trust-managers>
<trust-manager name="serverssl-ca" key-store="test-trusted"/>
</trust-managers>
<server-ssl-contexts>
<server-ssl-context name="test-ssl" cipher-suite-filter="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" cipher-suite-names="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" protocols="TLSv1.2 TLSv1.3" key-manager="serverssl"/>
<server-ssl-context name="test-sslca" cipher-suite-filter="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" cipher-suite-names="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" protocols="TLSv1.2 TLSv1.3" need-client-auth="true" key-manager="serverssl" trust-manager="serverssl-ca"/>
</server-ssl-contexts>
</tls>
We are having trouble setting only one Port for the WSDL Endpoint.
1. If I don't set <wsdl-secure-port>, then the JBOSS throws an error because it trys to create a http endpoint which is not active at all.It also occurs if I only set the <wsdl-secure-port> and not the <wsdl-port>.
Are we doing something wrong or is that a bug from JBOSS ?
Thanks for any help and tips in advice.
I cannot run my cors header in wildfly.
Here is my standalone.xml
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<access-log/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<filter-ref name="gzipFilter" predicate="exists('%{o,Content-Type}') and regex(pattern='(?:application/javascript|text/css|text/html|text/xml|application/json)(;.*)?', value=%{o,Content-Type}, full-match=true)"/>
<filter-ref name="Access-Control-Allow-Origin"/>
<filter-ref name="Access-Control-Allow-Methods"/>
<filter-ref name="Access-Control-Allow-Headers"/>
<filter-ref name="Access-Control-Allow-Credentials"/>
</host>
</server>
<servlet-container name="default">
<jsp-config development="true" tag-pooling="false"/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
<gzip name="gzipFilter"/>
<response-header name="Access-Control-Allow-Origin" header-name="Access-Control-Allow-Origin" header-value="*"/>
<response-header name="Access-Control-Allow-Methods" header-name="Access-Control-Allow-Methods" header-value="GET, POST, OPTIONS, PUT"/>
<response-header name="Access-Control-Allow-Headers" header-name="Access-Control-Allow-Headers" header-value="accept, authorization, content-type, x-requested-with"/>
<response-header name="Access-Control-Allow-Credentials" header-name="Access-Control-Allow-Credentials" header-value="true"/>
</filters>
</subsystem>
And the result of ./standalone.sh is:
18:44:34,491 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) "WFLYCTL0193: Failed executing subsystem undertow boot operations"
18:44:34,493 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("parallel-subsystem-boot") failed - address: ([]) - failure description: "\"WFLYCTL0193: Failed executing subsystem undertow boot operations\""
18:44:34,499 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
Anyone can advise please...
You could try to increase the debug level for JBoss classes (eg "org.jboss.as" and/or ""org.jboss.as.config").
In your "standalone.xml" file:
<subsystem xmlns="urn:jboss:domain:logging:5.0">
...
<logger category="org.jboss.as.config">
<level name="DEBUG"/>
</logger>
and then restart your server
We have a web based application running on WildFly 11 (Migrated from WildFly 9 recently) and we are facing this weird issue when all the nodes in the cluster are started up.
Here is how our application is designed to login and show the home page:
Entering the URL of our application brings us the login page.
Provide valid credentials and click on login.
Backend servlet validates these creds and on successful login,
browser sends a redirect request (HTTP302) with home page URL.
So here is the problem -
For the very first user trying to login to the application (i.e steps
1 - 3 above) is redirected back to login page i.e. even though the
user entered the valid credentials.
In the back end - our home page servlet cannot find the session just
created during login process and thus the user is redirected back to
the login page.
Any login attempt after this is working fine.
We tried the same steps (i.e steps 1 - 3 above) through VPN (which is a slower network) and we did not see this issue occurring there and we also did couple of other tests to conclude that giving it some more time during the redirect on the very first login works fine. so we concluded that it could be JGroups initialization issue as this is happening only for the very first login attempt.
<channels default="ee">
<channel name="ee" stack="tcp" cluster="repl"/>
</channels>
.
<stack name="tcp">
<transport type="TCP" socket-binding="jgroups-tcp"/>
<protocol type="TCPPING">
<property name="initial_hosts">
10.0.99.11[7600],10.0.99.12[7600]
</property>
<property name="num_initial_members">
2
</property>
</protocol>
<protocol type="MERGE3"/>
<protocol type="FD_SOCK"/>
<protocol type="FD_ALL"/>
<protocol type="VERIFY_SUSPECT"/>
<protocol type="pbcast.NAKACK2"/>
<protocol type="UNICAST3"/>
<protocol type="pbcast.STABLE"/>
<protocol type="pbcast.GMS"/>
<protocol type="MFC"/>
<protocol type="FRAG2"/>
</stack>
.
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="10.0.99.12"/>
</interface>
<interface name="private">
<inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
</interface>
</interfaces>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
<socket-binding name="http" port="${jboss.http.port:8080}"/>
<socket-binding name="https" port="${jboss.https.port:8443}"/>
<socket-binding name="jgroups-mping" interface="public" port="0" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
<socket-binding name="jgroups-tcp" interface="public" port="7600"/>
<socket-binding name="jgroups-udp" interface="public" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
<socket-binding name="modcluster" port="0" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<outbound-socket-binding name="mail-smtp">
<remote-destination host="localhost" port="25"/>
</outbound-socket-binding>
<outbound-socket-binding name="10_0_99_11">
<remote-destination host="10.0.99.11" port="6666"/>
</outbound-socket-binding>
<outbound-socket-binding name="10_0_99_12">
<remote-destination host="10.0.99.12" port="6666"/>
</outbound-socket-binding>
</socket-binding-group>
Please suggest me idea's on how we can fix this or enlighten me if I'm doing something wrong here.
I want to close mail-smtp port.
<socket-binding-group name="standard-sockets"
default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<!--<outbound-socket-binding name="mail-smtp">-->
<!--<remote-destination host="localhost" port="25"/>-->
<!--</outbound-socket-binding>-->
</socket-binding-group>
Can I disable mail subsystem if I will not use mail?
<subsystem xmlns="urn:jboss:domain:mail:2.0">
<mail-session name="default" jndi-name="java:jboss/mail/Default">
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
</mail-session>
</subsystem>
If you should remove mail service, subsystem can be removed
Remove extension: <extension module="org.jboss.as.mail"/>
Remove the complete subsystem mail:
<subsystem xmlns="urn:jboss:domain:mail:2.0">
<mail-session name="default" jndi-name="java:jboss/mail/Default">
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
</mail-session>
</subsystem>
Remove outbound-socket-binding mail-smtp
<outbound-socket-binding name="mail-smtp">
<remote-destination host="localhost" port="25"/>
</outbound-socket-binding>
You can also use CLI to remove the subsystem:
/subsystem=mail:remove
/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:remove
/extension=org.jboss.as.mail:remove
:reload
I try to upload large files(400mb+) to wildfly 8.1 and i get an IOException but i dont encounter any exception with the same conditions when using jboss 7 server:
Exception:
Blocking request failed HttpServerExchange{ POST /ehub/contentstore/categories/maincategory/file/create}: java.lang.RuntimeException: java.io.IOException: Broken pipe
at io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:527)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:287)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_51]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_51]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
Caused by: java.io.IOException: Broken pipe
at sun.nio.ch.FileDispatcherImpl.write0(Native Method) [rt.jar:1.7.0_51]
at sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:47) [rt.jar:1.7.0_51]
at sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:93) [rt.jar:1.7.0_51]
at sun.nio.ch.IOUtil.write(IOUtil.java:51) [rt.jar:1.7.0_51]
at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:487) [rt.jar:1.7.0_51]
at org.xnio.nio.NioSocketConduit.write(NioSocketConduit.java:150) [xnio-nio-3.2.2.Final.jar:3.2.2.Final]
at io.undertow.server.protocol.http.HttpResponseConduit.processWrite(HttpResponseConduit.java:212)
at io.undertow.server.protocol.http.HttpResponseConduit.flush(HttpResponseConduit.java:629)
at io.undertow.conduits.FinishableStreamSinkConduit.flush(FinishableStreamSinkConduit.java:83)
at org.xnio.conduits.ConduitStreamSinkChannel.flush(ConduitStreamSinkChannel.java:162) [xnio-api-3.2.2.Final.jar:3.2.2.Final]
at io.undertow.channels.DetachableStreamSinkChannel.flush(DetachableStreamSinkChannel.java:100)
at org.xnio.channels.Channels.flushBlocking(Channels.java:63) [xnio-api-3.2.2.Final.jar:3.2.2.Final]
at io.undertow.servlet.spec.ServletOutputStreamImpl.close(ServletOutputStreamImpl.java:625)
at io.undertow.servlet.spec.HttpServletResponseImpl.closeStreamAndWriter(HttpServletResponseImpl.java:451)
at io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:525)
I increased the max-post-size but it didnt work.
standalone.xml :
<subsystem xmlns="urn:jboss:domain:undertow:1.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" max-post-size="974247881"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/8"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
I have found solution for this. I had this same issue and I solved it. It may help others.
For allowing more http request header size you need to change standalone.xml file of jboss or wildfly.
Add max-header-size attribute to default server and restart the server it will work
Standalone.conf
<subsystem xmlns="urn:jboss:domain:undertow:1.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" max-header-size="974247881"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
...
</subsystem>
It is not in "standalone.conf" file . It is "standalone.xml" file which is located in folder "standalone/configuration".
change max-post-size :
<http-listener name="default" socket-binding="http" redirect-socket="https" max-post-size="104857600"/>
<host name="default-host" alias="localhost">
see this link in jboss: https://issues.jboss.org/browse/UNDERTOW-185
max-post-size in ../wildfly/stanadalone/configuration/standalone.xml will be set.
If your wildfly stands behind webserver, e.q. nginx, you may have to set the limit there. This helped me.
Using the WildFly web console move to:
Configuration -> Subsystems -> Web(Undertow) -> Server -> default-server
click "View" button
move to "Listener" tab
edit "HTTP Listener" and "HTTPS Listener" parameter "max-post-size"