https://bz.apache.org/bugzilla/show_bug.cgi?id=62405
--- Comment #4 from Igal Sapir <isa...@apache.org> --- (In reply to Mark Thomas from comment #3) > This has come up before. A few of the past threads: > http://tomcat.markmail.org/thread/fumpfuspt7a3nesz > http://tomcat.markmail.org/thread/tqig7tldxjrra3bh Going over these threads I see that the main issue is if the Filter wraps getReader() and getInputStream() but not getParameter() and getParameterMap(). >From the 2nd link above: >> Consider the following: >> >> Tomcat provides request R. >> Filter reads request body using R.getInputStream(). >> Filter caches request body. >> Filter wraps request R to provide R', over-riding getInputStream() to >> provide the cached body. >> Filter passes R' to the application. >> Application calls R'.getParameter() >> R'.getParameter() calls R.getParameter() >> Keep in mind at this point R has zero knowledge of R'. >> >> R calls getInputStream() to read request body but that InputStream has >> already been read. >> >> The problem is the wrapper, R'. Over-riding getInputStream() is not >> enough. It needs to over-ride every method that may access that >> InputStream. Which is non-trivial because it means re-implementing a lot >> of functionality the container would normally provide for you out of the >> box. My implementation [1] does provide a wrapper for getParameter() #L95 and getParameterMap() #L111 in the Filter, so I believe that that issue is taken care of. > It would be worth a more thorough search of the archives for other previous > discussions. Unfortunately the search capability of the archives is not that great. [1] https://github.com/isapir/servlet-filter-utils/blob/master/src/main/java/net/twentyonesolutions/servlet/util/RereadableServletRequest.java#L95 -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
