You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2001/09/25 21:42:00 UTC

DO NOT REPLY [Bug 3823] New: - sendError and setStatus clear headers already set

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3823>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3823

sendError and setStatus clear headers already set

           Summary: sendError and setStatus clear headers already set
           Product: Tomcat 4
           Version: 4.0 Final
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Blocker
          Priority: Other
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: brett.knights@tanner.com


> I have installed TC4 and have it working.
>
> I am moving an app that worked fine under TC3.3.
>
> My problem is that when I call:
>
>
> res.setHeader("WWW-Authenticate", BASIC realm=\"" + domain
+"\");
> rese.sendError(res.SC_UNAUTHORIZED);
>
> in my servlet the authenticate header is stripped from the
> result. (examples follow)
> This occurs whether I make the request through IIS (actually
> PWS) or to TC directly via port 8080

The problem appears to be in 
org.apache.catalina.core.StandardWrapperValve.status()

This is run to respond to status messages but it calls 
org.apache.catalina.connector.HttpResponseBase.reset(int status, String 
message) which in turn calls HttpResponse.reset()

HttpResponseBase already resets the content or headers appropriately for the 
API methods called.
status() does it again (in what I assume is a "let's be sure it was done" kind 
of way) but according to the spec that isn't appropriate.

The spec doesn't specify that HttpResponse.sendError(int status) must clear the 
headers only that it must clear the buffer and set any appropriate headers.

The spec does specify that HttpResponse.sendError(int status, String message) 
and HttpResponse.setStatus(int status) should return any headers already set.  

I believe the following would changes would restore spec compliance (at the 
risk of breaking what else I don't know) 

org.apache.catalina.connector.HttpResponseBase.reset(int status, String 
message) method to call resetBuffer() rather than reset()

org.apache.catalina.core.StandardWrapperValve.custom(req, res, errorpage) on 
line 481 to call hres.resetBuffer() rather than hres.reset()