You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Martin Tzvetanov Grigorov (Jira)" <ji...@apache.org> on 2023/09/06 06:54:00 UTC

[jira] [Comment Edited] (WICKET-7071) Problems when calling request.getInputStream() before executing WicketFilter

    [ https://issues.apache.org/jira/browse/WICKET-7071?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17762294#comment-17762294 ] 

Martin Tzvetanov Grigorov edited comment on WICKET-7071 at 9/6/23 6:53 AM:
---------------------------------------------------------------------------

[https://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#getInputStream()] says: "Either this method or [{{getReader()}}|https://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#getReader()] may be called to read the body, not both. "

 

Does your application use Wicket CSP (content security policy) ?

./wicket-core/src/main/java/org/apache/wicket/csp/ReportCSPViolationMapper.java:85:                        if (-1 != (n = httpRequest.getReader().read(buffer)))


was (Author: mgrigorov):
[https://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#getInputStream()] says: "Either this method or [{{getReader()}}|https://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#getReader()] may be called to read the body, not both. "

 

Does your application uses Wicket CSP (content security policy) ?

./wicket-core/src/main/java/org/apache/wicket/csp/ReportCSPViolationMapper.java:85:                        if (-1 != (n = httpRequest.getReader().read(buffer)))

> Problems when calling request.getInputStream() before executing WicketFilter
> ----------------------------------------------------------------------------
>
>                 Key: WICKET-7071
>                 URL: https://issues.apache.org/jira/browse/WICKET-7071
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket-core
>    Affects Versions: 10.0.0-M1, 9.14.0
>         Environment: Java 17 or 21-ea; Jetty 11 or Tomcat 10.1.x; Wicket 10.0.0-M1 or 9.3+.
>            Reporter: Sam Peters
>            Priority: Major
>
> Calling request.getInputStream() (without reading any data from the stream), followed by a WicketFilter, causes certain wicket requests to fail.
> If no call to request.getInputStream() is made, everything works as expected.
> See runnable, minimal Maven project here: [https://github.com/gluser1357/jerseyissues/tree/issue-4867-wicket10|https://github.com/gluser1357/jerseyissues/tree/issue-4867-wicket10,] > readme.txt.
> The issue is always reproducable e. g. in Jetty 11 and Tomcat 10.1.x (Jakarta Servlet 5+).
> A use case for the described filter combination is e. g. to add an existing Jersey-based authorization filter in front of a Wicket application. Since Jersey calls at some point request.getInputStream(), our Wicket application fails at then. See more details on this here: [https://github.com/eclipse-ee4j/jersey/issues/4867.]
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)