You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Christophe Dupriez <ch...@poisoncentre.be> on 2008/11/20 01:07:59 UTC
Tomcat 6.0.18, POST request.ContentLength() is 0 when entering the
Authenticator
Hi Tomcat Developpers!
Few days ago I provided an NTLM Authenticator. My users reported that their POST requests are now without content.
I traced and I can confirm that, when entering the NtlmAuthenticator.authenticate method, request.ContentLength() is -1 for GET transactions (and it works) but it is 0 for POST.
At the very entrance of BasicAuthenticator.authenticate, request.ContentLength() is -1 for GET transactions (and it works) but the real length is there for POST.
So I can have 50 GET transactions without any problems : the NTLM authentication is done once with the first transaction. Then, if a POST comes, it will be 0 length.
Any idea of what may be happening? As I did not found any real dependency on the word "BASIC" within Tomcat source, I am wondering if lower level Java Run Time could test explicitely the authentication method and "forget" to manage the ContentLength? It seems that some people have problem with FORM authentication. Could it be a similar problem?
The patch file is accessible:
http://www.destin.be/tomcat/NtlmAuthentication.patch
The new authenticator class is accessible:
http://www.destin.be/tomcat/NtlmAuthenticator.java
Wishing you a very nice week,
Christophe Dupriez
Centre Antipoisons - Antigifcentrum
C/o Hôpital Central de la Base Reine Astrid
Rue Bruyn - 1120 Bruxelles - Belgique
tel 32-(0)2.264.96.36 fax 32-(0)2.264.96.46
Re: Tomcat 6.0.18, POST request.ContentLength() is 0 when entering
the Authenticator
Posted by Filip Hanik - Dev Lists <de...@hanik.com>.
hi Christophe, we are definitely interested in your contribution and
would like to include it.
Would you mind opening a bugzilla issue and attach your files there?
https://issues.apache.org/bugzilla/enter_bug.cgi
thanks
Filip
Christophe Dupriez wrote:
> Hi Tomcat Developpers!
>
> Few days ago I provided an NTLM Authenticator. My users reported that their POST requests are now without content.
> I traced and I can confirm that, when entering the NtlmAuthenticator.authenticate method, request.ContentLength() is -1 for GET transactions (and it works) but it is 0 for POST.
> At the very entrance of BasicAuthenticator.authenticate, request.ContentLength() is -1 for GET transactions (and it works) but the real length is there for POST.
>
> So I can have 50 GET transactions without any problems : the NTLM authentication is done once with the first transaction. Then, if a POST comes, it will be 0 length.
>
> Any idea of what may be happening? As I did not found any real dependency on the word "BASIC" within Tomcat source, I am wondering if lower level Java Run Time could test explicitely the authentication method and "forget" to manage the ContentLength? It seems that some people have problem with FORM authentication. Could it be a similar problem?
>
> The patch file is accessible:
> http://www.destin.be/tomcat/NtlmAuthentication.patch
>
> The new authenticator class is accessible:
> http://www.destin.be/tomcat/NtlmAuthenticator.java
>
> Wishing you a very nice week,
>
> Christophe Dupriez
> Centre Antipoisons - Antigifcentrum
> C/o Hôpital Central de la Base Reine Astrid
> Rue Bruyn - 1120 Bruxelles - Belgique
> tel 32-(0)2.264.96.36 fax 32-(0)2.264.96.46
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org