Why am I unable to add users in Global Configuration when using the Matrix Authorization Plugin?

Article ID:204973370
2 minute readKnowledge base

Issue

We are not able to add users in 'Configure Global Security' under 'Project-based Matrix Authorization Strategy'.

We are getting

javax.servlet.ServletException: java.lang.IllegalStateException: Form too large 714049>200000' error.

Environment

  • CloudBees Jenkins Enterprise

  • Matrix Authorization Plugin

Resolution

To resolve your issue apply one of the following workarounds:

  1. Try using Restricting access and delegating administration with Role-Based Access Control in place of the Project-based Matrix Authorization Strategy.

  2. Edit the configuration file/settings with one of the following to allow for larger form sizes:

    • Windows: Edit the jetty.xml/jenkins.xml file by adding

      JENKINS_JAVA_OPTIONS="-Dorg.eclipse.jetty.server.Request.maxFormContentSize=900000"

    • Apple: Add to the file /Library/Jenkins/jenkins-runner.sh under Java args

      -Dorg.eclipse.jetty.server.Request.maxFormContentSize=900000

    • Ubuntu: Edit the configuration file /etc/default/jenkins to include the line

      JAVA_ARGS="-Dorg.eclipse.jetty.server.Request.maxFormContentSize=900000"

    • Red Hat: Edit the configuration file /etc/sysconfig/jenkins to include the line

      JENKINS_JAVA_OPTIONS="-Dorg.eclipse.jetty.server.Request.maxFormContentSize=900000"

    • Java Launched(using JVM): Add to your JVM arguments at either command line or launcher script

    -Dorg.eclipse.jetty.server.Request.maxFormContentSize=900000

Note: The Jenkins instance will need to be restarted for these changes to take effect

Note that increasing this value could be potentially the source of DDOS attacks if your instance is open.

Form content sent to the server is processed by Jetty into a map of parameters to be used by the web application. This can be vulnerable to denial of service (DOS) attacks since significant memory and CPU can be consumed if a malicious clients sends very large form content or large number of form keys. Thus Jetty limits the amount of data and keys that can be in a form posted to Jetty.

The default maximum size Jetty permits is 200000 bytes and 1000 keys. You can change this default for a particular webapp or for all webapps on a particular Server instance.

Source : https://eclipse.dev/jetty/