You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2004/03/15 19:03:22 UTC
DO NOT REPLY [Bug 27676] New: -
HttpRequestBase doesn't reparse query string after call to setQueryString()
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=27676>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=27676
HttpRequestBase doesn't reparse query string after call to setQueryString()
Summary: HttpRequestBase doesn't reparse query string after call
to setQueryString()
Product: Tomcat 4
Version: 4.1.18
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: justinp@motive.com
I ran into this bug on Tomcat 4.1.18, but from inspecting the code it looks
like it's still in the most recent release.
I subclassed FormAuthenticator to provide single sign-on type functionality
for my webapp. My authenticator's authenticate() looks for an authToken in a
request parameter and, if it's not there, defers to the superclass
implementation (FormAuthentication).
My call to request.getParameter() triggers code in
HttpRequestBase.parseParameters() which sets the 'parsed' flag in the request
object to true.
Later, in the implementation of FormAuthenticator.authenticate(),
FormAuthenticator.restoreRequest() is called to restore the original request
after successful login. In that method, the parameters get blown away and the
queryString is reset, but the parsed flag is not cleared. So, every
subsequent call to request.getParameter() returns null. It doesn't know that
it needs to reparse the queryString.
I'm not sure if this is a semantic problem in FormAuthenticator or in
HttpRequestBase. I would imagine that it's the former, since it looks an
HttpRequestBase is not really intended to be reused. Maybe FormAuthenticator
should recycle the request object prior to restoring it. Either way, the
state of the request becomes inconsistent.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org