> but the MultipartRequest class does
> not reimplement -all- of the public methods of HttpServletRequest,
> while BufferedInputStream appears to replicate all of the methods in
> InputStream. For instance, if I need to get the HttpSession I
> have to call that method on the HttpServletRequest object. This is
> pretty important, I think: the session provides a great way to track
> security (has this user already logged in?) and security is a
> real concern when it comes to file uploads.
>
> Fortunately, HttpServletRequest.getSession does work, and does
> so without (in jserv) corrupting the request and making it
> unusable to MultipartRequest.
Yeah, I was worried someone was going to take my post the wrong way.
Notice how I said "similar" instead of "exactly like". That was
intentional. The MultipartRequest class uses the ServletInputStream to
read its data and so any methods on the HttpServletRequest that affect
the incoming SIS have to be avoided. Which are those? Basically,
getInputStream() and getParameter()/getParameterValues() if your server
thinks the parameters are in the POSTed data. The bug discussed here is
that JServ incorrectly thinks multipart/form-data POST data should be
read on an HttpServletRequest.getParameter() call.
You can call everything else on HttpServletRequest.
> So what's my beef? Just that small one (remember: I am a happy
> customer here! I have the use of some fine code for no money) that if
> the recommened practice is to avoid all calls on the
> HttpServletRequest, including any calls before the MultipartRequest is
> constructed, then shouldn't the interface to MultipartRequest mimic
> HttpServletRequest a bit more closely?
Except the recommended practice isn't to avoid all calls.
> And while I'm in my pipe dream: are there good reasons not to give
> MulitpartRequest an HttpServletRequest interface explicitly?
Yes, because HSR keeps changing. You'd need to upgrade MR with each
Servlet API release.
-jh-
--
Jason Hunter
[EMAIL PROTECTED]
Book: http://www.servlets.com/book
Article: http://www.javaworld.com/jw-12-1998/jw-12-servletapi.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
