You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Andrigo Spall Gomes <an...@wificom.com> on 2004/03/19 17:54:34 UTC

double submit in form-based authentication throws IllegaStateException

     Hello!

     I sent this mail to the dev list some days ago but got no answer. I 
apologize for the cross-posting. Hopefully someone will be able to help 
me here.

     I'm having a problem when trying to cope with double submits in a 
page with form-based authentication in Tomcat 4.1.30.

     I get to the login page when I try to access a protected page 
(actually a struts action - ".do").

     I then inform the username and password in the form whose target is 
j_security_check and, if I just push submit once, everything goes 
allright, I am authenticated and taken to the struts action, that does 
its job and forwards to its view.

     But if I simulate a double submit (impatient users , I am shown a 
IllegalStateException, thrown by 
org.apache.catalina.servlets.DefaultServlet.

     Well, I downloaded tomcat's source code and traced it to see what 
was going on.

     I found out that in the first request 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter() will 
call servlet.service(), and in this case the servlet is struts' 
ActionServlet, whereas in the second (and simultaneous) submit, the 
servlet invoked is org.apache.catalina.servlets.DefaultServlet.

     I think this behaviour is probably because in the second submit the 
resource I !first! requested was j_security_check (the action of the 
form), and not the struts action (.do extension), like in the first submit).

     DefaultServlet will then try to serve, in the second submit, 
j_security_check. It will not find the resource and will try to call 
response.sendError(HttpServletResponse.SC_NOT_FOUND,
                                    request.getRequestURI());

     The thing is that, at this point, response.isCommitted() == true, 
and then it throws IllegalStateException.

     If we analyse what is actually going on, the problem is not the 
IllegalStateException itself, but the fact that tomcat is trying to 
serve j_security_check in the second submit, rather than the struts 
action I requested in the first place. The exception I get is just a 
consequence of the wrong processing.

     Would this be a bug in tomcat? Would there be any workarounds to 
make it remind that the second submit still has as target the struts 
action, and not j_security_check as it is currently interpreting?

     I'd appreciate any thoughts.

     Best Regards,
     Andrigo Gomes

     PS: here is the stack trace I get:


java.lang.IllegalStateException
     at
org.apache.coyote.tomcat4.CoyoteResponseFacade.sendError(CoyoteResponseFacade.java:310)
     at
org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.java:936)
     at
org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:518)
     at
org.apache.catalina.servlets.DefaultServlet.doPost(DefaultServlet.java:554)
     at
javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
     at
javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
     at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
     at
companyFilter.doFilter(some row)
     at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
     at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
     at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
     at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
     at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
     at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
     at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
     at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
     at
org.jboss.web.catalina.security.JBossSecurityMgrRealm.invoke(JBossSecurityMgrRealm.java:227)
     at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
     at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492)
     at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
     at
org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
     at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
     at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
     at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
     at
org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2422)
     at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
     at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
     at
org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
     at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
     at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:163)
     at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
     at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
     at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
     at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
     at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
     at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
     at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
     at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
     at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
     at
org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:199)
     at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
     at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:700)
     at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:584)
     at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
     at java.lang.Thread.run(Unknown Source)

Apache Tomcat/4.1.30



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org