You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2020/07/06 20:23:02 UTC

Catalina internals available from HttpServletRequest?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

All,

I'm looking at modifying the existing LoadBalancerDrainingValve to
also function as a Filter if necessary (my application uses a Filter
to establish authentication information, so I'd like the "valve" to
act *after* the filter if possible) and it looks like I need access to
some Tomcat internals.

Specifically, I'd like to be able to get to the
org.apache.catalina.Context object for the request. Is this available
without reflection and/or other ugly things?

Hmm. It looks like a Valve *cannot* be a Filter because of the
presence of the incompatible destroy() method.

I still want to provide a Filter if possible, so the above question
still stands.

If the Context isn't available, could it be added to the
ServletContext attributes, possibly under a non-reported hash key?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl8DiCYACgkQHPApP6U8
pFh3KA//X9HEOKbQPvMJ981Zo0xzIaPvM3t2RqCDJPxVqGi2A0URPAEuIy13eSNu
oApBBMetDHCwYKZ6T6gzPzCR9JUm6xzCu8jBXP0spqlockQqFM5jW6CIBJxoWeWn
uFujY8hnh4wY0K3c7seIkvsogiaNHnCSZPl/0rIEhk2KVI+Loh0KhywURDgLvCab
Flry3UaKxt3j+PEat1wlL2NCVJGtNHnxukQIKfMUl0LuolYlq99mfP/qzfvmt2q/
9ALVvSjQ8++xurIeIS1O1d9QaJWai1maxAxUssdIAodDm4iSot1vdJGMWdojuYur
bctZniM2c2zJfLCQE6OtdLzFpppjLVYpXNkJCRn7QdaN6SLTdl5jL8itdsHrtSsV
9kyebADc9iqF6GoX2Q5EfAC2DbIuwG5DqofSeha8gByMSwT2/dv6bQjybKVCiSOL
bS1HF03XxnNGm8txfwyBCHvbz0j7NcGxWm/qdN0DbT4bYTPozYbj4xkyabbsqTw1
4vD2/qGncH3M9npRMYq1qf5DG+js0RnGj+Vx9F6XDV7KEc9WEYrvBxj5zdDjfxlV
xwJIr7Tn9o4Fa9uRO8WpvJap/qS1wZ31uXQJXIqps8foizefBtewocKYFIegtOG1
CTe5GiBBRDrJezx+gLTxPLlgCrOCp9OTboWNWSQprtMwyCiTekA=
=J09l
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: Catalina internals available from HttpServletRequest?

Posted by Christopher Schultz <ch...@christopherschultz.net>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mark,

On 7/6/20 16:45, Mark Thomas wrote:
> On 06/07/2020 21:23, Christopher Schultz wrote:
>> All,
>>
>> I'm looking at modifying the existing LoadBalancerDrainingValve
>> to also function as a Filter if necessary (my application uses a
>> Filter to establish authentication information, so I'd like the
>> "valve" to act *after* the filter if possible) and it looks like
>> I need access to some Tomcat internals.
>>
>> Specifically, I'd like to be able to get to the
>> org.apache.catalina.Context object for the request. Is this
>> available without reflection and/or other ugly things?
>>
>> Hmm. It looks like a Valve *cannot* be a Filter because of the
>> presence of the incompatible destroy() method.
>>
>> I still want to provide a Filter if possible, so the above
>> question still stands.
>>
>> If the Context isn't available, could it be added to the
>> ServletContext attributes, possibly under a non-reported hash
>> key?
>
> That would create security issues.
>
> A Filter equivalent to ContainerServlet could work - although that
> is a fairly invasive change for something that could be fixed more
> easily.
>
> How about a Valve that injects the necessary internal object(s) as
> request attributes? Alternatively, you could inject some custom
> object that held the references internally and just exposed the
> functionality you wanted to expose.

The calls I'm having trouble with are similar to this one:

        if (drain) {
            boolean ignoreRebalance = false;
            Cookie sessionCookie = null;

            final Cookie[] cookies = request.getCookies();

            final String sessionCookieName =
SessionConfig.getSessionCookieName(request.getContext());


That last call to request.getContext is calling
o.a.c.connector.Request.getContext to hand to
SessionConfig.getSessionCookieName.

This valve also does something similar for
SessionConfig.getSessionCookiePath and
SessionConfig.getSessionUriParamName.

I could read those values from elsewhere (e.g. during startup?), or
even make them init-param of the Filter and avoid the whole thing, but
that does require some additional configuration. The valve is nice and
magical :)

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl8EgfoACgkQHPApP6U8
pFhQaw/9GS6/JH7IGNMhbuRMHwdYBlCLam9cBZuEz1tiJW4F+hk7kr7/phGJu+Sy
DAHPGMIlUpcSaH0KoPnE2OWzM0xqBJydIuoI+pydc1/MEPNVDD/uUbvHyIacRWoa
ucgYbwDDq8n23cujJYstvm4MJBcFOhxgnyaG+XFSUuDUZARCw6hXSJx7kxr+V07z
4K0P0wcYUisPzN3bFQhzRanJ494izfYz0w7AybnmWYPLmBEX5PObt3aYCW6ZaTXs
ajQjyg441pSFkjk1F6MeYJSbAFW+aomU9zrgTgHEcZJ1OkZG6EwS0dD2tbDi7vVU
Ns1jjxDD0ZPgHI9rkiFzhI1gb38/HmbgeU2AIF64r3DIol9/d2R/6bYS5yh6jMXl
1ne5XIXlNq8SLMvbcbCtHE4t5hfKgCQ54jsAY7tgHCRbixwJnftUQMYCfmImuIko
NAQ3BzZw3P04XGXPEDZ0NqKvplxV/yoAf/BtD1xE6bySPoXbrx2UMDEIHU5zeiP8
xH5JC9Dg0Qz6yAEKQd1Sk9BrxmY3Fr4spnVTcuU/fU7OSWF+1vf0wTZ1CT/JcQmB
aYvTQcGYjxi9GynZKDS6TM1kAenul5QF5sDLmLMGtXpzSXjMKK0IEKhpXlG2013F
ktDMhbaM4tXAmZr3lBjpYwYiWSFCZ7tJDflO2EAHbGXweU+ehkQ=
=eS0L
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: Catalina internals available from HttpServletRequest?

Posted by Mark Thomas <ma...@apache.org>.

On 06/07/2020 21:23, Christopher Schultz wrote:
> All,
> 
> I'm looking at modifying the existing LoadBalancerDrainingValve to
> also function as a Filter if necessary (my application uses a Filter
> to establish authentication information, so I'd like the "valve" to
> act *after* the filter if possible) and it looks like I need access to
> some Tomcat internals.
> 
> Specifically, I'd like to be able to get to the
> org.apache.catalina.Context object for the request. Is this available
> without reflection and/or other ugly things?
> 
> Hmm. It looks like a Valve *cannot* be a Filter because of the
> presence of the incompatible destroy() method.
> 
> I still want to provide a Filter if possible, so the above question
> still stands.
> 
> If the Context isn't available, could it be added to the
> ServletContext attributes, possibly under a non-reported hash key?

That would create security issues.

A Filter equivalent to ContainerServlet could work - although that is a
fairly invasive change for something that could be fixed more easily.

How about a Valve that injects the necessary internal object(s) as
request attributes? Alternatively, you could inject some custom object
that held the references internally and just exposed the functionality
you wanted to expose.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org