incoming GET requests should not have their body inspected in
handleSingleRequest during REST processing
--------------------------------------------------------------------------------------------------------
Key: SHINDIG-593
URL: https://issues.apache.org/jira/browse/SHINDIG-593
Project: Shindig
Issue Type: Bug
Components: RESTful API (Java)
Reporter: Taylor Singletary
The problem appears to be that Shindig checks for a BODY in an
incoming GET request. This checking for a BODY that doesn't actually
exist results in this error:
java.lang.RuntimeException: Could not get the post data from the request
org.apache.shindig.social.opensocial.service.RestfulRequestItem.<init>(RestfulRequestItem.java:76)
org.apache.shindig.social.opensocial.service.DataServiceServlet.handleSingleRequest(DataServiceServlet.java:94)
org.apache.shindig.social.opensocial.service.DataServiceServlet.doPost(DataServiceServlet.java:79)
org.apache.shindig.social.opensocial.service.DataServiceServlet.doGet(DataServiceServlet.java:47)
javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
org.apache.shindig.social.core.oauth.AuthenticationServletFilter.doFilter(AuthenticationServletFilter.java:89)
Actual error: the actual exception thrown by IOUtils is
"java.net.SocketTimeoutException: Read timed out"
Granted, the Net::HTTP library in some way must be indicating a Body
header but providing no content inside, but it remains that Shindig
shouldn't be checking for a body on a GET request. Is there any reason
that it is doing so?
Managed to track it down to the following code (revision 688930, but
current doesn't look to have changed much here):
Our source is rev 688930, but the last version didn't changed much in the
private void handleSingleRequest(HttpServletRequest servletRequest,
HttpServletResponse servletResponse, SecurityToken token,
BeanConverter converter) throws IOException {
RestfulRequestItem requestItem = new
RestfulRequestItem(servletRequest, token, converter);
ResponseItem responseItem = getResponseItem(handleRequestItem(requestItem));
if (responseItem.getError() == null) {
PrintWriter writer = servletResponse.getWriter();
writer.write(converter.convertToString(responseItem));
} else {
sendError(servletResponse, responseItem);
}
}
Also here is more precisely the code that throws the exception, line
11, when calling IOUtils.toByteArrays(...) from our commons-io-1.4.jar
library, same version used by Shindig:
public RestfulRequestItem(HttpServletRequest servletRequest,
SecurityToken token,
BeanConverter converter) {
super(getServiceFromPath(servletRequest.getPathInfo()),
getMethod(servletRequest),
token, converter);
this.url = servletRequest.getPathInfo();
this.params = createParameterMap(servletRequest);
try {
ServletInputStream is = servletRequest.getInputStream();
postData = new String(IOUtils.toByteArray(is));
} catch (IOException e) {
throw new RuntimeException("Could not get the post data from the
request", e);
}
}
**
This bug has been confirmed to be triggered when sending GET requests via
Net:HTTP (stock HTTP client) for both Ruby and Perl.
**
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
