You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by cristi <cr...@medialab.sissa.it> on 2005/07/14 17:09:08 UTC
What is allowed to do with a HttpServletRequest ?
Hello all
I have a web application where I need to use in a second request the
HttpServletRequest object sent to the same servelet in the first
request.
Here is what my servlet looks like :
public void doGet( HttpServletRequest request, HttpServletResponse response )
{
/*
some code here detecting if this request
is the first one. This code initializes
isFirstRequest
*/
if( isFirstRequest )
{
session.setAttribute( "FIRST_REQUEST_OBJECT", request );
request.getRequestDispatcher("somepage.jsp").forward(request, response);
}
else
{
HttpServletRequest oreq = (HttpServletRequest)session.getAttribute("FIRST_REQUEST_OBJECT");
request.getRequestDispatcher("somepage.jsp").forward(oreq, response);
}
}
It seems that it is not safe to do so. What can I do to handle this situation ?
Thx.
Cristi
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: What is allowed to do with a HttpServletRequest ?
Posted by Guillaume Lederrey <gu...@gmail.com>.
The question is probably : "why do you need to refer to the first
request ?". Dont you need to actually refer to some state of the
request ? Could you extract that state from the request instead of
storing the full request ?
Maybe I'm just asking a dumb question, but I have problem
understanding why you would need the whole request ...
On 7/14/05, cristi <cr...@medialab.sissa.it> wrote:
> Hello all
>
> I have a web application where I need to use in a second request the
> HttpServletRequest object sent to the same servelet in the first
> request.
>
> Here is what my servlet looks like :
>
> public void doGet( HttpServletRequest request, HttpServletResponse response )
> {
> /*
> some code here detecting if this request
> is the first one. This code initializes
> isFirstRequest
> */
>
> if( isFirstRequest )
> {
> session.setAttribute( "FIRST_REQUEST_OBJECT", request );
> request.getRequestDispatcher("somepage.jsp").forward(request, response);
> }
> else
> {
> HttpServletRequest oreq = (HttpServletRequest)session.getAttribute("FIRST_REQUEST_OBJECT");
> request.getRequestDispatcher("somepage.jsp").forward(oreq, response);
> }
>
> }
>
> It seems that it is not safe to do so. What can I do to handle this situation ?
>
> Thx.
> Cristi
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: What is allowed to do with a HttpServletRequest ?
Posted by Bill Barker <wb...@wilshire.com>.
"cristi" <cr...@medialab.sissa.it> wrote in message
news:42D68014.3080004@medialab.sissa.it...
> Hello all
>
> I have a web application where I need to use in a second request the
> HttpServletRequest object sent to the same servelet in the first
> request.
>
> Here is what my servlet looks like :
>
> public void doGet( HttpServletRequest request, HttpServletResponse
> response )
> {
> /*
> some code here detecting if this request
> is the first one. This code initializes
> isFirstRequest
> */
>
> if( isFirstRequest )
> {
> session.setAttribute( "FIRST_REQUEST_OBJECT", request );
> request.getRequestDispatcher("somepage.jsp").forward(request, response);
> }
> else
> {
> HttpServletRequest oreq =
> (HttpServletRequest)session.getAttribute("FIRST_REQUEST_OBJECT");
> request.getRequestDispatcher("somepage.jsp").forward(oreq, response);
> }
>
> }
>
> It seems that it is not safe to do so. What can I do to handle this
> situation ?
>
According to the spec (section 8.2 for those of you following along at home
:), the only safe HttpServletRequest to pass is the one that was passed into
the Servlet, or a child of HttpServletRequestWrapper that wraps the one that
was passed into the Servlet.
Tomcat happens to be very lenient in inforcing this restriction among
Servlet-Containers out there. The other-guys would probably throw an
exception straight away for attempting something like the above.
> Thx.
> Cristi
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org