SSL-HTTPException：通信時HTTP響應'413：請求實體太大'

Question

我在Wildfly中有一個Web服務客戶端，該客戶端正在嘗試上傳一個大約400-500kb的小文件，它工作正常，但是當我添加客戶端證書身份驗證邏輯時，它抱怨

HTTPException: HTTP response '413: Request Entity Too Large' when communicating with 

我在這里缺少什么，或者為什么它停止工作，如何修復它。 服務器使用xdoclet標記實現服務。 客戶端身份驗證是在apache級別而不是應用程序代碼完成的。

以下是代碼：

        String WS_URL = PropertiesLoader.getInstance().getMyServiceWsdlUrl();
        URL url = new URL(WS_URL);
        QName qname = new QName(PropertiesLoader.getInstance().getMyServiceNamespaceURI(), "MyService");

        //Service service = Service.create(url, qname);

        Service service = Service.create(qname);

        MyEndpoint myEndpointPort = service.getPort(MyEndpoint.class);
        //HACK: The underlying "JMess" changes our passed Endpoint URL with the hostname of the box (that we won't be able to find
        //      since everything is straight IP's...  So we update it again here... There has to be a better way...
        //((BindingProvider)myEndpointPort).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,WS_URL.replace("?wsdl",""));
        Map<String, Object> req_ctx = ((BindingProvider) myEndpointPort).getRequestContext();
        req_ctx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, WS_URL.replace("?wsdl",""));
        BindingProvider bp = (BindingProvider) myEndpointPort;
        SOAPBinding binding = (SOAPBinding) bp.getBinding();

        // Adding Client Authentication
        System.setProperty("javax.net.ssl.trustStore", PropertiesLoader.getInstance().getServerTruststore());
        System.setProperty("javax.net.ssl.trustStorePassword", PropertiesLoader.getInstance().getServerTruststorePassword());
        System.setProperty("javax.net.ssl.keyStore", PropertiesLoader.getInstance().getServerKeystore());
        System.setProperty("javax.net.ssl.keyStorePassword", PropertiesLoader.getInstance().getServerKeystorePassword());
        System.setProperty("javax.net.debug", "SSL");

        Client client=ClientProxy.getClient(myEndpointPort);
        HTTPConduit conduit = (HTTPConduit)client.getConduit();
        TLSClientParameters tlsParams = new TLSClientParameters();

        // Disabling host name check
        tlsParams.setDisableCNCheck(true);

        // Setup Truststore 
        KeyStore keyStore = KeyStore.getInstance("JKS");
        File truststore = new File(PropertiesLoader.getInstance().getServerTruststore());
        keyStore.load(new FileInputStream(truststore), PropertiesLoader.getInstance().getServerTruststorePassword().toCharArray()); 

        // Setting trust manager(s)
        TrustManagerFactory trustFactory = 
            TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); 
        trustFactory.init(keyStore); 
        TrustManager[] tm = trustFactory.getTrustManagers(); 
        tlsParams.setTrustManagers(tm);

        // Setup Keystore 
        truststore = new File(PropertiesLoader.getInstance().getServerKeystore());
        keyStore.load(new FileInputStream(truststore), PropertiesLoader.getInstance().getServerKeystorePassword().toCharArray());

        // Setting up key manager(s)
        KeyManagerFactory keyFactory = 
            KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());                         
        keyFactory.init(keyStore, PropertiesLoader.getInstance().getServerKeystorePassword().toCharArray()); 
        KeyManager[] km = keyFactory.getKeyManagers();                      
        tlsParams.setKeyManagers(km); 

        // Setting parameters
        conduit.setTlsClientParameters(tlsParams); 

Answer 1

這是Apache中SSL再生緩沖區大小的問題。 解決方法是使用SSLRenegBufferSize指令增加緩沖區大小，我將其設置為8MB。

<Location "/myws/feature/FeatureEndpoint">
    SSLVerifyClient optional_no_ca
    SSLRenegBufferSize 8388608
    SSLVerifyDepth 1
    SSLOptions +StdEnvVars
    SSLRequire %{SSL_CLIENT_S_DN_CN} eq "Client Certificate"
</Location>