Wednesday, April 20, 2016

Tomcat returns 400 for requests with long headers

We noticed this while troubleshooting an issue which popped up in WSO2 Cloud. We have configured SSO for the API Publisher and Store at WSO2 Identity Server. SSO was working fine except for one scenario. We checked the SSO configuration and couldn't find anything wrong.

Then we checked the load balancer logs. It revealed that LB was passing the request to the server i.e. Identity server, but gets a 400 from it. Then we looked the Identity Server logs to find nothing printed there. But, there were logs in the access log of the identity server which told us it was getting the request, but it was not letting it go through. Instead it was dropping it saying it was a bad request and was returning a 400 response.

We did some search in the internet and found out this kind of rejection can occur if the header values are too long. In the SAML SSO scenario, there is a referrer header which sends a lengthy value which was about 4000 characters long. When doing further search, we found out the property maxHttpHeaderSize in tomcat configs where we can configure the max http header size allowed in bytes. You can read about this config from here.

Once we increased that value, everything started working fine. So, I thought of blogging this down for the benefit of people using tomcat and also WSO2 products since WSO2 products have tomcat embedded in it. 

Saturday, January 17, 2015

Why you should try WSO2 App Cloud - Part 1

I have written a blog post on how to get started with WSO2 App Cloud couple of months ago and it can be found at Lets get started with WSO2 App Cloud. My intention of writing this post is to explain why you should try it. I'll be listing the attractive features of WSO2 App Cloud which makes it special from other app cloud offerings available.

  1. Onboarding process
  2. Creating your first application
  3. Launching your first application
  4. Editing and re-launching the application

Onboarding process

WSO2 App Cloud allows you to sign-up by providing your email address. Then you get an email with a link to click and confirm your account. Once you click it, as the next step, you are asked to provide an organisation name which you want to create.

WSO2 App Cloud Sign-Up page

WSO2 App Cloud has an organization concept which allows a set of developers, QA engineers, DevOps persons to work collaboratively. When you create an account in WSO2 App Cloud, it creates an organisation for you. In other words, this is a tenant. Then you can invite other members to this organisation. You can assign members to different applications developed under this organisation entity. I'll explain this structure in a future post (to keep you reading through this :))

Some of the other app clouds available today do not have the organisation concept. They only have the application entity. You sign-up and create an application. Then you are the owner of that app. You can invite others to collaborate with your app. But, if you create another app, you need to invite them again for collaboration.

Creating your first application

After you sign-up and sign-in successfully, lets have a look at the first app creation experience. WSO2 App Cloud support multiple application types to be created. They are,
  • Java web applications
  • Jaggery web applications (Jaggery is a Javascript framework introduced by WSO2 itself)
  • JAX-WS services
  • JAX-RS services
  • WSO2 Data Services
  • It also allows you to upload existing Java web apps, JAX-WS, JAX-RS and Jaggery apps
WSO2 App Cloud is planning to support other app types such as PHP, node.js in the future.

In WSO2 App Cloud, creating an application is a two click process. After you login in, you click on "Add New Application" button, fill in the information and click "Create Application" button. This will create the skeleton of the app, a git repository for it, build space for the app. Then it will build the app and deploy it for you. All you have to do is, wait a couple of minutes, go to the app's overview page and click the "Open" button to launch your app. This has the following advantages.
  1. You don't need to know anything about the folder structure of the app type you are creating. WSO2 App Cloud does it for you.
  2. Within a couple of minutes, you have an up and running application. This is same for new users and users who are familiar with the WSO2 App Cloud.
See this video on WSO2 App Cloud's app creation experience.

Other offerings have different approaches when creating applications. Some of them needs users to download SDKs. Users also need to have knowledge about the structure of an app which they want to create. After a user creates and uploads/pushes an app, they have to start up instances to run it. Some offerings provide a default instance, but if you want high availability for your app, user has to start additional instances. WSO2 App Cloud takes care of them by default, so the user does not need to worry about it.

Launching your first application

Lets see how a user can launch the application they have created.

When you create the app in WSO2 App Cloud, after it goes through the build process, it is automatically deployed. Within seconds of creation, it presents you the URL to launch your app. A user with very little knowledge can get an app created and running easily.

Editing and re-launching the application

Its obvious that a user wants to edit the application he/she creates by adding their code.WSO2 App Cloud dominates the app cloud offerings when it comes to development support. It provides you a cloud IDE. You can just click the "Edit Code" button and your app code will be open in the browser. Not only you can edit the code in the browser, you can build and run it before pushing the code to the App Cloud. Very cool, isn't it?

Second option is to edit the code using WSO2 Developer Studio. To do this, you need to have a working installation of WSO2 Developer Studio.

Third option is to clone the source code and edit it using your favourite IDE. 
WSO2 App Cloud IDE
See this video on WSO2 App Cloud's cloud IDE.

Special thing to note is, there is no other app cloud offering which provides a cloud IDE for the developers.

I'll be writing the second part of this post by discussing some more attractive features of WSO2 App Cloud and I am expecting to discuss
  • Using resources within the app (databases etc.)
  • Collaborative development
  • Lifecycle management of the app
  • Monitoring logs
Your feedback is welcome. Stay tuned :) 

Wednesday, January 7, 2015

Lets get started with WSO2 API Cloud

Few weeks ago, I wrote a blog post on "Getting started with WSO2 App Cloud". Intention of writing it was to line up some of the screencasts we have done and published which helps you to use the WSO2 App Cloud.

Couple of weeks after we started publishing App Cloud videos, we started publishing API Cloud videos too. Intention of this blog post is to introduce those screencasts we have added.

WSO2 API Cloud provides you the API Management service in the cloud. You can create and publish APIs very easily using it and it is powered by the well established product of WSO2 product stack, WSO2 API Manager. If you already have an account in WSO2 Cloud or, you can login to WSO2 Cloud and navigate to the API Cloud.

First thing you would do, when you go to the API Cloud is, creating and publishing an API. Following screencast will help you on how to do it.

After publishing your API, it appears in your API store. If you advertise your API store to others they can subscribe to the APIs and invoke them. Next screencast shows how to that.
You may have a very promising API created and published, now available in your API store. But, for it to be successful, you need to spread the word. To do that, WSO2 API Cloud have some useful social and feedback channels. You can allow the users to rate your API, comment on them, share using social media and also start interactive discussions via the forums. Following tutorial showcases those capabilities.
For a developer to use your API easily, its documentation is important. Therefore, WSO2 API Cloud allows you to add documentation for your API. There are several options such as inline documentations, uploading already available docs and pointing to online available docs. This video showcases the documentation features.
We will keep adding more screencasts/tutorials to our API Cloud playlist. Stay tuned and enjoy experiencing the power of WSO2 API Cloud.

Monday, November 17, 2014

Lets get started with WSO2 App Cloud

We at WSO2 Cloud team are working on improving the experience we are providing to the WSO2 Cloud users. During this effort, we try to provide clear instructions on using the various features available. Since we have two cloud services offered to the users, I'll be talking about the WSO2 App Cloud in this blog post.

As the first step, we published a set of tutorials with step-by-step instructions on how to do things in the WSO2 App Cloud. This included

  • Creating an application from scratch
  • Uploading an existing application
  • Editing your app with the Cloud IDE
  • Creating and using databases
  • Invoking APIs from your app code etc.
You can find those tutorials at

As the next step, we started working on a series of screencasts which shows you how to use different features in the WSO2 App Cloud. These screencasts go parallel with the above mentioned tutorials. We have published them in YouTube and also linked from the tutorials too.  So, you can use both of them to make your life easier. At the moment we have released four screencasts and we are in the process of releasing more. I'll list them here for your reference.

  • Create and deploy your first Java application to WSO2 App Cloud
  • Edit your app using the Cloud IDE

  • Edit your app using your favourite IDE

  • Upload your WAR file to WSO2 App Cloud

When you start using WSO2 App Cloud, go through the tutorials and these screencasts. If you face any problems, feel free to contact the WSO2 Cloud team via We would like to hear your feedback and improve the experience we provide.

Saturday, July 19, 2014

WSO2 Cloud - New kid in town

WSO2 has been performing in the cloud for quite sometime now. StratosLive was its first public cloud offering which was operational from 2010 Q4 to 2014 Q2. We had to shutdown StratosLive after we donated Stratos code to Apache (due to trademarks etc.). Now Apache Stratos is a top level project (graduated) after spending nearly one year in incubating.

We at WSO2 were feeling the requirement of a cloud which is more user friendly and more use case oriented. To be honest, although StratosLive had all WSO2 middleware products hosted in the cloud, a user needed to put some effort to get a use case completed using it. It was decided to build a new application cloud (app cloud) and an API cloud using the WSO2 middleware stack. App Cloud was going to be powered by WSO2 AppFactory and API Cloud by WSO2 API Manager. The complete solution was decided to be named as "WSO2 Cloud".

We hosted a preview version of WSO2 Cloud as WSO2 CloudPreview in October 2013. Since then we were working on identifying bugs, usability and stability issues, etc. and fixing them. This June, we announced WSO2 Cloud beta. It was announced in WSO2 Con - Europe 2014 in Barcelona.

You can go to WSO2 Cloud via the above link. If you have an account in (aka WSO2 Oxygen Tank) you do not need to register, you can sign in with that account. If you don't, you can register by simply providing your email address.

Once you are signed in, you will be presented with the two clouds, App Cloud and API Cloud.


WSO2 App Cloud

  • Create applications from scratch - JSP, Jaggery, JAX-WS, JAX-RS
  • Upload existing web applications - JSP, Jaggery
  • Database provisioning for your apps
  • Life cycle management for your app - Dev, Test and Prod environments
  • Team work - A team can collaboratively work on the app
  • Issue tracking tool
  • A Git repository per each application and a build tool.
  • Cloud IDE - For your app development work
  •  And more...

WSO2 API Cloud

  • Create APIs and publish to API store (a store per tenant)
  • Subscribe to APIs in the API store
  • Tier management
  • Throttling
  • Statistics
  • Documentations for APIs
Above mentioned are some of the major features of WSO2 App Cloud and API Cloud. I'll be writing more posts targeting specific features and hope to bring some screen casts for you.

Experience WSO2 Cloud and let us know your feedback..

Friday, February 21, 2014

WSO2 ESB answers the critics on its performance test results

Few months ago, big fuss was made via a performance blog saying that some of the performance stats published on WSO2 ESB are incorrect and flawed. WSO2 ESB team has carried out some investigations on these and published the latest performance test results based on their latest release WSO2 ESB 4.8.1.

You can find the official article at

There is an interesting blog post which explains why were the accusations made in the aforementioned performance blog post are incorrect and unfair. You can find it at

If you are too curious, following is the latest performance graph. Believe me, its worth reading the above two posts.

Oh.. I forgot to say, WSO2 ESB is the fastest open source ESB on earth :)

Friday, July 19, 2013

How to send Basic Auth information when invoking a web service with SoapUI

I recently wanted to invoke a web service via SoapUI, which was expecting basic auth credentials. There are two options.

1. When you open a request generated by SoapUI, at the bottom you will find two tabs named Auth and Headers. When you click on the Headers tab, it will open a small window which allows you to add any headers to the message. There you can add a header name "Authorization" and its values should be "Basic <Base64 encoded username:password>".

If your username and password are admin:admin, then when you encode it, your header values will look like "Basic YWRtaW46YWRtaW4="

After setting this, if you send a request in SoapUI, you will be able to see the Authorization header in the request.

2. Other option is to use the Auth tab and define the username and password there. But, these information will not get sent as a header. To send them as a header, you need to do the following.

Open the "Preferences" window by clicking the icon or from the SoapUI menu. Then select "HTTP settings". From that settings list check (tick) the "Authenticate Preemptively" option as shown in the image below.

Then, set the username and password in the Auth tab as I described previously and send a request. You will see the Authorization header sent with the request as shown below.

I learned this from Charitha Kankanmge of WSO2 and thought of writing it down for others benefit.