You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Robert Munteanu (Jira)" <ji...@apache.org> on 2023/05/12 10:12:00 UTC
[jira] [Created] (SLING-11872) Some request attributes not set when running with Felix Jetty 4.2.x
Robert Munteanu created SLING-11872:
---------------------------------------
Summary: Some request attributes not set when running with Felix Jetty 4.2.x
Key: SLING-11872
URL: https://issues.apache.org/jira/browse/SLING-11872
Project: Sling
Issue Type: Bug
Components: Engine
Reporter: Robert Munteanu
Fix For: Engine 2.15.0
When updating the Sling Starter
org.apache.felix:org.apache.felix.http.jetty from 4.1.14 to 4.2.10 and
org.apache.felix:org.apache.felix.http.servlet-api from 1.1.4 to 1.2.0
.
There are 3 failures in the IncludeIT that show that the
javax.servlet.include.request_uri attribute is no longer present:
[ERROR] Failures:
[ERROR] IncludeTest.testForcedResourceType:149->assertIncludeRequestAttributes:154->assertIncludeRequestAttributes:167->assertRequestAttribute:189 Expected content contains '--javax.servlet.include.request_uri-'
[ERROR] IncludeTest.testWithInclude:114->assertIncludeRequestAttributes:154->assertIncludeRequestAttributes:167->assertRequestAttribute:189 Expected content contains '--javax.servlet.include.request_uri-'
[ERROR] IncludeTest.testWithIncludeAndExtension:123->assertIncludeRequestAttributes:154->assertIncludeRequestAttributes:167->assertRequestAttribute:189 Expected content contains '--javax.servlet.include.request_uri-'
[~cziegeler] thinks this is due to new code in 4.2.0 https://github.com/apache/felix-dev/blob/http-4.x/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletRequestWrapper.java#L166 and that the solution here is to do the same in Sling Engine as Apache Felix is doing: instead of setting the attributes on the request, overwriting the getAttribute method. This avoids leakage of information as well.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)