You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2001/09/25 21:42:00 UTC
DO NOT REPLY [Bug 3823] New: -
sendError and setStatus clear headers already set
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3823>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3823
sendError and setStatus clear headers already set
Summary: sendError and setStatus clear headers already set
Product: Tomcat 4
Version: 4.0 Final
Platform: All
OS/Version: All
Status: NEW
Severity: Blocker
Priority: Other
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: brett.knights@tanner.com
> I have installed TC4 and have it working.
>
> I am moving an app that worked fine under TC3.3.
>
> My problem is that when I call:
>
>
> res.setHeader("WWW-Authenticate", BASIC realm=\"" + domain
+"\");
> rese.sendError(res.SC_UNAUTHORIZED);
>
> in my servlet the authenticate header is stripped from the
> result. (examples follow)
> This occurs whether I make the request through IIS (actually
> PWS) or to TC directly via port 8080
The problem appears to be in
org.apache.catalina.core.StandardWrapperValve.status()
This is run to respond to status messages but it calls
org.apache.catalina.connector.HttpResponseBase.reset(int status, String
message) which in turn calls HttpResponse.reset()
HttpResponseBase already resets the content or headers appropriately for the
API methods called.
status() does it again (in what I assume is a "let's be sure it was done" kind
of way) but according to the spec that isn't appropriate.
The spec doesn't specify that HttpResponse.sendError(int status) must clear the
headers only that it must clear the buffer and set any appropriate headers.
The spec does specify that HttpResponse.sendError(int status, String message)
and HttpResponse.setStatus(int status) should return any headers already set.
I believe the following would changes would restore spec compliance (at the
risk of breaking what else I don't know)
org.apache.catalina.connector.HttpResponseBase.reset(int status, String
message) method to call resetBuffer() rather than reset()
org.apache.catalina.core.StandardWrapperValve.custom(req, res, errorpage) on
line 481 to call hres.resetBuffer() rather than hres.reset()