You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Martin Kouba <mk...@redhat.com> on 2013/12/06 12:22:37 UTC
The way Tomcat7 fires requestInitialized/requestDestroyed events
breaks Weld (CDI)
Hi all,
while investigating an user issue I found out that
org.apache.catalina.authenticator.FormAuthenticator (Tomcat 7 codebase)
fires requestInitialized/requestDestroyed events during forwards (login
and error page) [1]. However ApplicationDispatcher fires these events as
well (if "fireRequestListenersOnForwards" is set to true) [2]. So if you
do form based auth init/destroy events are fired 3x.
Moreover it seems the event payload request is missing
"javax.servlet.forward.request_uri" attribute. So Weld is not able to
identify such "nested forward event" and we have problems during CDI
contexts termination.
I think FormAuthenticator should not fire those events at all. And the
event request should have those attributes set. Am I missing something?
Thanks
Martin
[1]
http://grepcode.com/file/repo1.maven.org/maven2/org.apache.tomcat/tomcat-catalina/7.0.42/org/apache/catalina/authenticator/FormAuthenticator.java#471
[2]
http://grepcode.com/file/repo1.maven.org/maven2/org.apache.tomcat/tomcat-catalina/7.0.42/org/apache/catalina/core/ApplicationDispatcher.java#474
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: The way Tomcat7 fires requestInitialized/requestDestroyed events
breaks Weld (CDI)
Posted by Martin Kouba <mk...@redhat.com>.
Dne 6.12.2013 13:08, Mark Thomas napsal(a):
> On 06/12/2013 11:22, Martin Kouba wrote:
>> Hi all,
>>
>> while investigating an user issue I found out that
>> org.apache.catalina.authenticator.FormAuthenticator (Tomcat 7 codebase)
>> fires requestInitialized/requestDestroyed events during forwards (login
>> and error page) [1]. However ApplicationDispatcher fires these events as
>> well (if "fireRequestListenersOnForwards" is set to true) [2]. So if you
>> do form based auth init/destroy events are fired 3x.
>>
>> Moreover it seems the event payload request is missing
>> "javax.servlet.forward.request_uri" attribute. So Weld is not able to
>> identify such "nested forward event" and we have problems during CDI
>> contexts termination.
>>
>> I think FormAuthenticator should not fire those events at all. And the
>> event request should have those attributes set. Am I missing something?
>
> The CDI community missed an opportunity to have some specific events
> added to the Servlet 3.1 specification to handle forwards and includes.
>
> https://java.net/jira/browse/SERVLET_SPEC-19
> See also
> https://issues.apache.org/bugzilla/show_bug.cgi?id=50789
> https://issues.apache.org/bugzilla/show_bug.cgi?id=49991
>
> The door was wide open but no-one spoke up so nothing was added.
>
> It looks to me like the events in the FORM authenticator should be
> removed leaving it up to the ApplicationDispatcher to fire them if
> fireRequestListenersOnForwards is true.
>
> The javax.servlet.forward.request_uri is not set for the event fired
> from the FormAuthenticator.
> The javax.servlet.forward.request_uri is set for the event fired from
> the RequestDispatcher.
>
> Mark
>
Hi Mark,
thanks for response. My quick test shows that
"javax.servlet.forward.request_uri" is not set for RequestDispatcher
(Tomcat 7.0.47). I will create a bug and provide a simple test app. With
regard to FormAuthenticator - I will check bug 49991 (it seems related
although it's about redirects).
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: The way Tomcat7 fires requestInitialized/requestDestroyed events
breaks Weld (CDI)
Posted by Mark Thomas <ma...@apache.org>.
On 06/12/2013 11:22, Martin Kouba wrote:
> Hi all,
>
> while investigating an user issue I found out that
> org.apache.catalina.authenticator.FormAuthenticator (Tomcat 7 codebase)
> fires requestInitialized/requestDestroyed events during forwards (login
> and error page) [1]. However ApplicationDispatcher fires these events as
> well (if "fireRequestListenersOnForwards" is set to true) [2]. So if you
> do form based auth init/destroy events are fired 3x.
>
> Moreover it seems the event payload request is missing
> "javax.servlet.forward.request_uri" attribute. So Weld is not able to
> identify such "nested forward event" and we have problems during CDI
> contexts termination.
>
> I think FormAuthenticator should not fire those events at all. And the
> event request should have those attributes set. Am I missing something?
The CDI community missed an opportunity to have some specific events
added to the Servlet 3.1 specification to handle forwards and includes.
https://java.net/jira/browse/SERVLET_SPEC-19
See also
https://issues.apache.org/bugzilla/show_bug.cgi?id=50789
https://issues.apache.org/bugzilla/show_bug.cgi?id=49991
The door was wide open but no-one spoke up so nothing was added.
It looks to me like the events in the FORM authenticator should be
removed leaving it up to the ApplicationDispatcher to fire them if
fireRequestListenersOnForwards is true.
The javax.servlet.forward.request_uri is not set for the event fired
from the FormAuthenticator.
The javax.servlet.forward.request_uri is set for the event fired from
the RequestDispatcher.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org