[jira] [Commented] (SLING-11872) Some request attributes not set when running with Felix Jetty 4.2.x

Sat, 13 May 2023 07:58:27 -0700 


    [ 
https://issues.apache.org/jira/browse/SLING-11872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17722373#comment-17722373
 ] 

Carsten Ziegeler commented on SLING-11872:
------------------------------------------

First attempt to fix the problem: 
https://github.com/apache/sling-org-apache-sling-engine/commit/05b03be33060d5b765752ff7d6052725732cfe6d

A new request wrapper takes care of the special include/forward attributes

> Some request attributes not set when running with Felix Jetty 4.2.x
> -------------------------------------------------------------------
>
>                 Key: SLING-11872
>                 URL: https://issues.apache.org/jira/browse/SLING-11872
>             Project: Sling
>          Issue Type: Bug
>          Components: Engine
>            Reporter: Robert Munteanu
>            Assignee: Carsten Ziegeler
>            Priority: Blocker
>             Fix For: Engine 2.15.0
>
>
> When updating the Sling Starter
> org.apache.felix:org.apache.felix.http.jetty from 4.1.14 to 4.2.10 and
> org.apache.felix:org.apache.felix.http.servlet-api from 1.1.4 to 1.2.0
> .
> There are 3 failures in the IncludeIT that show that the
> javax.servlet.include.request_uri attribute is no longer present:
> [ERROR] Failures: 
> [ERROR]   
> IncludeTest.testForcedResourceType:149->assertIncludeRequestAttributes:154->assertIncludeRequestAttributes:167->assertRequestAttribute:189
>  Expected content contains '--javax.servlet.include.request_uri-'
> [ERROR]   
> IncludeTest.testWithInclude:114->assertIncludeRequestAttributes:154->assertIncludeRequestAttributes:167->assertRequestAttribute:189
>  Expected content contains '--javax.servlet.include.request_uri-'
> [ERROR]   
> IncludeTest.testWithIncludeAndExtension:123->assertIncludeRequestAttributes:154->assertIncludeRequestAttributes:167->assertRequestAttribute:189
>  Expected content contains '--javax.servlet.include.request_uri-'
> [~cziegeler] thinks this is due to new code in 4.2.0 
> https://github.com/apache/felix-dev/blob/http-4.x/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletRequestWrapper.java#L166
>  and that the solution here is to do the same in Sling Engine as Apache  
> Felix is doing: instead of setting the attributes on the request,  
> overwriting the getAttribute method. This avoids leakage of information  as 
> well.
> See also the [email protected] discussion at 
> https://lists.apache.org/thread/wbfs0bvv0yk8nhggtx969nxwjyxs3c1o .



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to