You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by "Raul Bajales (JIRA)" <ji...@apache.org> on 2008/11/06 22:51:44 UTC

[jira] Commented: (SHINDIG-593) incoming GET requests should not have their body inspected in handleSingleRequest during REST processing

    [ https://issues.apache.org/jira/browse/SHINDIG-593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12645597#action_12645597 ] 

Raul Bajales  commented on SHINDIG-593:
---------------------------------------

I'm not sure about catching the exception (we are getting a socket timeout exception here).
Instead, I'm trying to only get the postBody for a request method different than "GET" and "HEAD". Seems an easy change (I'm getting some testcase failing because EasyMock expects always one call to getInputStream, and with my fix that call is not made for "GET" and "HEAD" methods).
Will send the patch hopefully this week for review.

> incoming GET requests should not have their body inspected in handleSingleRequest during REST processing
> --------------------------------------------------------------------------------------------------------
>
>                 Key: SHINDIG-593
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-593
>             Project: Shindig
>          Issue Type: Bug
>          Components: RESTful API (Java)
>            Reporter: Taylor Singletary
>
> The problem appears to be that Shindig checks for a BODY in an
> incoming GET request. This checking for a BODY that doesn't actually
> exist results in this error:
> java.lang.RuntimeException: Could not get the post data from the request
> org.apache.shindig.social.opensocial.service.RestfulRequestItem.<init>(RestfulRequestItem.java:76)
> org.apache.shindig.social.opensocial.service.DataServiceServlet.handleSingleRequest(DataServiceServlet.java:94)
> org.apache.shindig.social.opensocial.service.DataServiceServlet.doPost(DataServiceServlet.java:79)
> org.apache.shindig.social.opensocial.service.DataServiceServlet.doGet(DataServiceServlet.java:47)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
> org.apache.shindig.social.core.oauth.AuthenticationServletFilter.doFilter(AuthenticationServletFilter.java:89)
> Actual error:  the actual exception thrown by IOUtils is
> "java.net.SocketTimeoutException: Read timed out"
> Granted, the Net::HTTP library in some way must be indicating a Body
> header but providing no content inside, but it remains that Shindig
> shouldn't be checking for a body on a GET request. Is there any reason
> that it is doing so?
> Managed to track it down to the following code (revision 688930, but
> current doesn't look to have changed much here):
> Our source is rev 688930, but the last version didn't changed much in the
> private void handleSingleRequest(HttpServletRequest servletRequest,
>        HttpServletResponse servletResponse, SecurityToken token,
>        BeanConverter converter) throws IOException {
>     RestfulRequestItem requestItem = new
> RestfulRequestItem(servletRequest, token, converter);
>     ResponseItem responseItem = getResponseItem(handleRequestItem(requestItem));
>     if (responseItem.getError() == null) {
>        PrintWriter writer = servletResponse.getWriter();
>        writer.write(converter.convertToString(responseItem));
>     } else {
>        sendError(servletResponse, responseItem);
>     }
>   }
> Also here is more precisely the code that throws the exception, line
> 11, when calling IOUtils.toByteArrays(...) from our commons-io-1.4.jar
> library, same version used by Shindig:
>   public RestfulRequestItem(HttpServletRequest servletRequest,
> SecurityToken token,
>       BeanConverter converter) {
>     super(getServiceFromPath(servletRequest.getPathInfo()),
>         getMethod(servletRequest),
>         token, converter);
>     this.url = servletRequest.getPathInfo();
>     this.params = createParameterMap(servletRequest);
>     try {
>       ServletInputStream is = servletRequest.getInputStream();
>       postData = new String(IOUtils.toByteArray(is));
>     } catch (IOException e) {
>       throw new RuntimeException("Could not get the post data from the
> request", e);
>     }
>   }
> **
> This bug has been confirmed to be triggered when sending GET requests via Net:HTTP (stock HTTP client) for both Ruby and Perl.
> **

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.