You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by "Taylor Singletary (JIRA)" <ji...@apache.org> on 2008/09/11 21:53:44 UTC

[jira] Commented: (SHINDIG-593) incoming GET requests should not have their body inspected in handleSingleRequest during REST processing

    [ https://issues.apache.org/jira/browse/SHINDIG-593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12630333#action_12630333 ] 

Taylor Singletary commented on SHINDIG-593:
-------------------------------------------

Cassie says:
There is not a compelling reason to check the post body on a get request. If
you just hit the restful urls in your browser this code will not throw any
exceptions - so I am sure we just overlooked this fact.

In your ruby usage will the stream be null? Or will available() be false? Or
is there any other easy condition to check on the inputStream?
I suppose we could also just catch the exception and set the postData to
null. Then, if the handler needs to access that data it can handle the
nullness accordingly.

> incoming GET requests should not have their body inspected in handleSingleRequest during REST processing
> --------------------------------------------------------------------------------------------------------
>
>                 Key: SHINDIG-593
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-593
>             Project: Shindig
>          Issue Type: Bug
>          Components: RESTful API (Java)
>            Reporter: Taylor Singletary
>
> The problem appears to be that Shindig checks for a BODY in an
> incoming GET request. This checking for a BODY that doesn't actually
> exist results in this error:
> java.lang.RuntimeException: Could not get the post data from the request
> org.apache.shindig.social.opensocial.service.RestfulRequestItem.<init>(RestfulRequestItem.java:76)
> org.apache.shindig.social.opensocial.service.DataServiceServlet.handleSingleRequest(DataServiceServlet.java:94)
> org.apache.shindig.social.opensocial.service.DataServiceServlet.doPost(DataServiceServlet.java:79)
> org.apache.shindig.social.opensocial.service.DataServiceServlet.doGet(DataServiceServlet.java:47)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
> org.apache.shindig.social.core.oauth.AuthenticationServletFilter.doFilter(AuthenticationServletFilter.java:89)
> Actual error:  the actual exception thrown by IOUtils is
> "java.net.SocketTimeoutException: Read timed out"
> Granted, the Net::HTTP library in some way must be indicating a Body
> header but providing no content inside, but it remains that Shindig
> shouldn't be checking for a body on a GET request. Is there any reason
> that it is doing so?
> Managed to track it down to the following code (revision 688930, but
> current doesn't look to have changed much here):
> Our source is rev 688930, but the last version didn't changed much in the
> private void handleSingleRequest(HttpServletRequest servletRequest,
>        HttpServletResponse servletResponse, SecurityToken token,
>        BeanConverter converter) throws IOException {
>     RestfulRequestItem requestItem = new
> RestfulRequestItem(servletRequest, token, converter);
>     ResponseItem responseItem = getResponseItem(handleRequestItem(requestItem));
>     if (responseItem.getError() == null) {
>        PrintWriter writer = servletResponse.getWriter();
>        writer.write(converter.convertToString(responseItem));
>     } else {
>        sendError(servletResponse, responseItem);
>     }
>   }
> Also here is more precisely the code that throws the exception, line
> 11, when calling IOUtils.toByteArrays(...) from our commons-io-1.4.jar
> library, same version used by Shindig:
>   public RestfulRequestItem(HttpServletRequest servletRequest,
> SecurityToken token,
>       BeanConverter converter) {
>     super(getServiceFromPath(servletRequest.getPathInfo()),
>         getMethod(servletRequest),
>         token, converter);
>     this.url = servletRequest.getPathInfo();
>     this.params = createParameterMap(servletRequest);
>     try {
>       ServletInputStream is = servletRequest.getInputStream();
>       postData = new String(IOUtils.toByteArray(is));
>     } catch (IOException e) {
>       throw new RuntimeException("Could not get the post data from the
> request", e);
>     }
>   }
> **
> This bug has been confirmed to be triggered when sending GET requests via Net:HTTP (stock HTTP client) for both Ruby and Perl.
> **

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.