You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "l.penet@senat.fr" <l....@senat.fr> on 2015/07/10 09:33:43 UTC
Double call to requestInitialized when forwarding for FORM auth
Hi.
I have a problem with DeltaSpike Servlet module (
https://deltaspike.apache.org/documentation/servlet.html ) that seems to
be caused by an incorrect behavior of Tomcat.
The thread on DS mailiing list :
http://mail-archives.apache.org/mod_mbox/deltaspike-users/201507.mbox/%3C559E1F24.40408%40senat.fr%3E
I am using Tomcat 8.0.23 and it seems that requestInitialized is called
twice when a forward is performed.
In my case, this forward is performed because I am using container
managed security with auth method set to "FORM"
and Tomcat redirects to the login page.
Is this behavior incorrect or should I propose a patch to DS ?
Thanks in advance,
Ludovic
|
| AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT.
|
Re: Double call to requestInitialized when forwarding for FORM auth
Posted by Christian Kaltepoth <ch...@kaltepoth.de>.
Hey all,
I'm the guy who wrote the DeltaSpike code that is causing the trouble here.
So maybe I should ask a very concrete question here:
Basically the DeltaSpike code assumed that
ServletRequestListener.requestInitialized() is called exactly once for each
"physical" request. But it looks like it is called more than once if the
user gets forwarded to a login page (login-config, corresponding constraints).
Maybe even if requests get forwarded? I didn't check this.
Actually I was very surprised about that behavior. The javadocs of
ServletRequestListener.requestInitialized() say that the method is invoked
when the request *"is about to enter the first servlet or filter of the web
application".*
In my understanding this means that it gets invoked only once even if the
request is forwarded. I didn't find anything in the Servlet spec about that
specific topic.
Any thoughts about that?
Thanks
Christian
2015-07-16 15:28 GMT+02:00 Christopher Schultz <chris@christopherschultz.net
>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Ludovic,
>
> On 7/16/15 2:29 AM, l.penet@senat.fr wrote:
> > On 15/07/2015 23:36, Christopher Schultz wrote:
> >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
> >>
> >> Ludovic,
> >>
> >> On 7/15/15 3:29 AM, l.penet@senat.fr wrote:
> >>> On 13/07/2015 15:13, Christopher Schultz wrote: It looks like
> >>> you or DeltaSpike are not cleaning-up as the request
> >>> transitions from one state to another. Ok, thank you.
> >>>
> >>> What kind of notification should we process to detect this
> >>> transition ?
> >> I'm not sure, since it's DeltaSpike which is objecting to the
> >> current state of the request.
> >>
> >> I think you'll have better luck with asking the DeltaSpike folks.
> >> They are welcome to come here to ask about why something may have
> >> changed. Was there ever a reply to your initial question?
> >
> > Yes, and a patch allowing this "double initialization".
>
> Hmm. I'm surprised that it wasn't possible before then.
>
> > But as I suspect that there is something "cleaner" to do, I try to
> > scratch the subject.
> >
> >> In your post to their list, you mentioned that "there are
> >> sometimes
> >
> > Pretty much the same than in this case, if I sum it up.
> >
> > A typical example : years ago, I wrote a web filter, had to perform
> > some locking in it (because of legacy libs) and was quite surprised
> > to see the request going through the filter twice when serving a
> > login page on FORM auth.
> >
> > I am no JEE Guru, so "strange" does not mean "bad" but
> > "surprising".
>
> A request can be forwarded to another resource during request
> processing. According to the servlet spec, forwarding a request should
> send it back through the Filter chain for the (new) target resource as
> long as the Filter was declared to be run for that type of dispatch.
>
> See section 6.2.5 of the Servlet Spec version 3.0, which explains what
> is going on.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJVp7GVAAoJEBzwKT+lPKRYVXMP/36fuxmrIIbB4VgRWU92VyjD
> jgteXXoWHHV8WtCpVZzbhUrUKDG9XE914RK8DfyZyqR+DMQ8ucl4nkygTQP64siP
> WIylWTlsk+HCvm7u3NKzJgIH6QoyBNlaPbgVdZq+PcvqcXy2evNE1HSIuvy/n7J6
> ZDvUsKAcmjj65MC9K+fXwLHI5os3n4R5eVZr9nzG6mMZkIYLCzRGU57QtnMHgtq6
> IeaJ4uSjBe8L5E8qN3Y2wlrye0v1LKLYrQn1PTrWYY0r2LhcAJev2HVvozG1L3rw
> jfpt+5JnJDwyhP15Bo3zRDTvoUkIeHIyUVEcy3sGXtGmCMXQ4MMfu3N4mMkIJPga
> P5+fCheGoFVZwCwnrfYcjgY/T1sjFISMN90Tb8xQUlew0/iKnBLTQ6HjTUu7zswM
> rlkuMeqBTE4JZxsU8zhEhBTHhWmHvhfvZVdanxSvUmWWFuBwoHp67ur2CPpoJWh1
> FU7HE0+AYgSZPg9ZOXKPTivT6OJi70n5YcpQCYPH2/XreQViBsTNTz3g5u66rEhv
> P89ohTKOYWmGGqUaOVvXXRIBfMzkGfURZFG6Oi+hQy+LdC2XszlB0EcANSn6ThiG
> wYKfAp8m87KjDesmATlaRJm9/RzJDO/sFo8rrGyTRpFvapwkvZmgRLmlaeDuhZ2f
> 6HrvOa7Vijuk93PhqnCd
> =JjcA
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Christian Kaltepoth
Blog: http://blog.kaltepoth.de/
Twitter: http://twitter.com/chkal
GitHub: https://github.com/chkal
Re: Double call to requestInitialized when forwarding for FORM auth
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Ludovic,
On 7/16/15 2:29 AM, l.penet@senat.fr wrote:
> On 15/07/2015 23:36, Christopher Schultz wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>>
>> Ludovic,
>>
>> On 7/15/15 3:29 AM, l.penet@senat.fr wrote:
>>> On 13/07/2015 15:13, Christopher Schultz wrote: It looks like
>>> you or DeltaSpike are not cleaning-up as the request
>>> transitions from one state to another. Ok, thank you.
>>>
>>> What kind of notification should we process to detect this
>>> transition ?
>> I'm not sure, since it's DeltaSpike which is objecting to the
>> current state of the request.
>>
>> I think you'll have better luck with asking the DeltaSpike folks.
>> They are welcome to come here to ask about why something may have
>> changed. Was there ever a reply to your initial question?
>
> Yes, and a patch allowing this "double initialization".
Hmm. I'm surprised that it wasn't possible before then.
> But as I suspect that there is something "cleaner" to do, I try to
> scratch the subject.
>
>> In your post to their list, you mentioned that "there are
>> sometimes
>
> Pretty much the same than in this case, if I sum it up.
>
> A typical example : years ago, I wrote a web filter, had to perform
> some locking in it (because of legacy libs) and was quite surprised
> to see the request going through the filter twice when serving a
> login page on FORM auth.
>
> I am no JEE Guru, so "strange" does not mean "bad" but
> "surprising".
A request can be forwarded to another resource during request
processing. According to the servlet spec, forwarding a request should
send it back through the Filter chain for the (new) target resource as
long as the Filter was declared to be run for that type of dispatch.
See section 6.2.5 of the Servlet Spec version 3.0, which explains what
is going on.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVp7GVAAoJEBzwKT+lPKRYVXMP/36fuxmrIIbB4VgRWU92VyjD
jgteXXoWHHV8WtCpVZzbhUrUKDG9XE914RK8DfyZyqR+DMQ8ucl4nkygTQP64siP
WIylWTlsk+HCvm7u3NKzJgIH6QoyBNlaPbgVdZq+PcvqcXy2evNE1HSIuvy/n7J6
ZDvUsKAcmjj65MC9K+fXwLHI5os3n4R5eVZr9nzG6mMZkIYLCzRGU57QtnMHgtq6
IeaJ4uSjBe8L5E8qN3Y2wlrye0v1LKLYrQn1PTrWYY0r2LhcAJev2HVvozG1L3rw
jfpt+5JnJDwyhP15Bo3zRDTvoUkIeHIyUVEcy3sGXtGmCMXQ4MMfu3N4mMkIJPga
P5+fCheGoFVZwCwnrfYcjgY/T1sjFISMN90Tb8xQUlew0/iKnBLTQ6HjTUu7zswM
rlkuMeqBTE4JZxsU8zhEhBTHhWmHvhfvZVdanxSvUmWWFuBwoHp67ur2CPpoJWh1
FU7HE0+AYgSZPg9ZOXKPTivT6OJi70n5YcpQCYPH2/XreQViBsTNTz3g5u66rEhv
P89ohTKOYWmGGqUaOVvXXRIBfMzkGfURZFG6Oi+hQy+LdC2XszlB0EcANSn6ThiG
wYKfAp8m87KjDesmATlaRJm9/RzJDO/sFo8rrGyTRpFvapwkvZmgRLmlaeDuhZ2f
6HrvOa7Vijuk93PhqnCd
=JjcA
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Double call to requestInitialized when forwarding for FORM auth
Posted by "l.penet@senat.fr" <l....@senat.fr>.
On 15/07/2015 23:36, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Ludovic,
>
> On 7/15/15 3:29 AM, l.penet@senat.fr wrote:
>> On 13/07/2015 15:13, Christopher Schultz wrote:
>> It looks like you or DeltaSpike are not cleaning-up as the
>> request transitions from one state to another.
>> Ok, thank you.
>>
>> What kind of notification should we process to detect this
>> transition ?
> I'm not sure, since it's DeltaSpike which is objecting to the current
> state of the request.
>
> I think you'll have better luck with asking the DeltaSpike folks. They
> are welcome to come here to ask about why something may have changed.
> Was there ever a reply to your initial question?
Yes, and a patch allowing this "double initialization".
But as I suspect that there is something "cleaner" to do, I try to
scratch the subject.
> In your post to their list, you mentioned that "there are sometimes
Pretty much the same than in this case, if I sum it up.
A typical example : years ago, I wrote a web filter, had to perform some
locking in it (because of legacy libs) and was quite surprised to see
the request going through the filter twice when serving a
login page on FORM auth.
I am no JEE Guru, so "strange" does not mean "bad" but "surprising".
Thanks,
Ludovic
|
| AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT.
|
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Double call to requestInitialized when forwarding for FORM auth
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Ludovic,
On 7/15/15 3:29 AM, l.penet@senat.fr wrote:
> On 13/07/2015 15:13, Christopher Schultz wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>>
>> Ludovic,
>>
>> On 7/10/15 2:33 AM, l.penet@senat.fr wrote:
>>> I have a problem with DeltaSpike Servlet module (
>>> https://deltaspike.apache.org/documentation/servlet.html )
>>> that seems to be caused by an incorrect behavior of Tomcat.
>>>
>>> The thread on DS mailiing list :
>>>
>>> http://mail-archives.apache.org/mod_mbox/deltaspike-users/201507.mbo
x/
>>
>>>
%3C559E1F24.40408%40senat.fr%3E
>>
>> It looks like you or DeltaSpike are not cleaning-up as the
>> request transitions from one state to another.
> Ok, thank you.
>
> What kind of notification should we process to detect this
> transition ?
I'm not sure, since it's DeltaSpike which is objecting to the current
state of the request.
I think you'll have better luck with asking the DeltaSpike folks. They
are welcome to come here to ask about why something may have changed.
Was there ever a reply to your initial question?
In your post to their list, you mentioned that "there are sometimes
strange behaviours with Tomcat". What did you mean by that?
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVptJPAAoJEBzwKT+lPKRYbKkP+gKvuv0JS3ZNBIQZnt5ameMy
AtoLJ7oc4Q1NkDQ+P3cytFVp9+8K1oizXjhYWMJbc+3QCbklPX905tHu9WJ5CTtP
tvf9Tpjk4tupu/ZcaPcO4+X1h5qwGHzkud2aGLcZgThSRWYKkplEuenUN8zG0BDD
FLNZ/0WXrSYxnKWeU8qwust9KXAQAKiViiFhS4ohlqDxGF7wMFtquPlfQJ5XhxuY
fWjDyZ6DIeenylQohp5E76hsuVYu5rIS+4kwudSZS9KrfYZjH1QmdHlcYiRqtOMx
vBIBJfTE07hAOui7AaetzFjqgq+/HhrQPMLHmJIT0umYQ9byEBJeGQgyTg/qb1j6
7xV3JsZ0fb13iXCAxDslRtrUYKbSqNnmG1FNTmGtjX+TeJGeRPCUejS2bk1Pc7x0
5Yj61Ghwc3uuK+6Y/WBSKeiMrBV7aZgscCf2t0SP9D5wSDOgjZgUyqqpFRtsCekx
06iAB2IeB4PrQTJGbY+UXHekZiYHFgcykdt+H6QDl4IVYtc69IiJIndHyMkGCNpO
ElAoyLnjfUXCySCzF1qQQ6p0DDmvuyynsddW1F1GjEhEuKRVSlDO5c1oD9ta0PcG
iz9hk4dJeS0MRTir7+u2e5qd0tTxGCzLh29rksca055WYg3ksDlEy0eGXGnznKtC
8Dbf1Nj1LqIRQicu4P7v
=9CYv
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Double call to requestInitialized when forwarding for FORM auth
Posted by "l.penet@senat.fr" <l....@senat.fr>.
On 13/07/2015 15:13, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Ludovic,
>
> On 7/10/15 2:33 AM, l.penet@senat.fr wrote:
>> I have a problem with DeltaSpike Servlet module (
>> https://deltaspike.apache.org/documentation/servlet.html ) that
>> seems to be caused by an incorrect behavior of Tomcat.
>>
>> The thread on DS mailiing list :
>>
>> http://mail-archives.apache.org/mod_mbox/deltaspike-users/201507.mbox/
> %3C559E1F24.40408%40senat.fr%3E
>
> It
> looks like you or DeltaSpike are not cleaning-up as the request
> transitions from one state to another.
Ok, thank you.
What kind of notification should we process to detect this transition ?
Ludovic
|
| AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT.
|
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Double call to requestInitialized when forwarding for FORM auth
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Ludovic,
On 7/10/15 2:33 AM, l.penet@senat.fr wrote:
> I have a problem with DeltaSpike Servlet module (
> https://deltaspike.apache.org/documentation/servlet.html ) that
> seems to be caused by an incorrect behavior of Tomcat.
>
> The thread on DS mailiing list :
>
> http://mail-archives.apache.org/mod_mbox/deltaspike-users/201507.mbox/
%3C559E1F24.40408%40senat.fr%3E
It
>
looks like you or DeltaSpike are not cleaning-up as the request
transitions from one state to another.
> I am using Tomcat 8.0.23 and it seems that requestInitialized is
> called twice when a forward is performed.
Tomcat doesn't exactly call that method... it sends a notification to
all registered event listeners. If DeltaSpike is surprised that the
request is being initialized, it should be more careful about state
management.
> In my case, this forward is performed because I am using container
> managed security with auth method set to "FORM" and Tomcat
> redirects to the login page.
>
> Is this behavior incorrect or should I propose a patch to DS ?
The block of code around FormAuthenticator.java:383 hasn't been
changed since October 2010 (e.g. since before DS's initial release).
Here's the commit log for that change:
http://svn.apache.org/viewvc?view=revision&revision=1024397
This is more likely to be a problem with DeltaSpike, or with your
specific configuration.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVo7l6AAoJEBzwKT+lPKRYP7AQAIiUX8fEeWFV/G5xlfKZa6as
4gkz2qyPKktAEOrN/aWwx0HBVnUnVQRnosd0BSdvd9YFlavI9fodzdw9g+PxO752
pMUlFq462dtTr8VKqNj6qTD/tDfmI8UScv18c84SGEyULXsBQE1N0yMvLTsaKCZn
IY0wEwJXsG+NeMHxW2PtSiuzkNH87Dsz8HPvkBG3NNJ0C+sq54Iq/qASBs72DRKg
faidYzVhUetfYeCQckCp/qlaonwAj0bmIBRS1EhVc3EZ6y31l0b5PGCdn3dv3Dgd
3pFXBZQB7hDyyoQmFO93are1PQUqXOIc6bBDoXU2KcQAI0bYRp+9QFcqaIWHFv/9
MxIudUsR4uMZbqoTY3hndNSk5DIRRkzwqshjnNmyUP43ftrTRZ2/2U+b1fJ0Hlc1
qWwX4Fs++/bfwF0CB3aq+ONj6Ftkdwc+UNWN2815iy2QGp65FhbNbG3RmJlC1itC
O/3W47EXON7Z1LxiZmxYS1Bl93ce6Wox71IFJLllnAGx5VGhLvrQ8rmsbtLXzNWX
sLNhSMvQfkFYp4kL00HIYKWs9tlDd/SpqUbPL+GUYpLqRyeXx+Dj/Y0T9apWdKIp
MWdH/H+unhbmy0qG8INLsyxnmntF3grDX6OBcm7JQQvYn7RZ7xogEgeDWIQgtahQ
vezGFzg+Jf5dm6P49lAE
=CO94
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org