2

We are maintaining a spring mvc (2.5.6) web application running on Tomcat 6.0.14

There is a bug in our app that caused one text field to increase its size resulting in a post of 3.000.000 bytes of text.

We will fix this bug, but what bothers me is that when the post size gets this big the method ServletRequest.getParameter fails silently and returns null. There is no sign of any error on the logs.

Is this spring mvc fault?

Is this a tomcat misconfiguration?

Why can't I see any exception in the logs?

Improve this question

2 Answers 2

Reset to default
2

Is this spring mvc fault?

Is this a tomcat misconfiguration?

Neither. You are exceeding the default value of Tomcat's maxPostSize which is 2Mb.

Reference: http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#Common_Attributes

By the way, 6.0.14 is really old. You should upgrade to the latest (6.0.33 or 7.0.21) ASAP to get fixes for the recently reported denial of service flaw, and earlier security problems.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Shouldn't It throw an IlegalStateException: post too large?
@Serhii - IMO No. Unless the Servlet spec says when and where and exception should be thrown, an implementation (like Tomcat) that did this would simply be creating portability issues for the webapp code. The purpose of this config option is to protect the server / webapp against malicious attack. Tomcat's behavior of making it appear that there were no parameters at all is a pretty safe option. If you have coded your webapp defensively, you will already cope with missing / empty parameters.
Probably tomcat 5 did throw that exception. I've checked tomcat 6.0.14 source and it fails silently, with just a debug log to the context logger.
1

Well the default size for POST is 2MB in apache tomcat.

You can change the maxPostSize parameter in the Connector tag in the Tomcat's server.xml.

Refer:http://tomcat.apache.org/tomcat-6.0-doc/config/http.html

Improve this answer

1 Comment

Shouldn't It throw an IlegalStateException: post too large?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.