[
https://issues.apache.org/jira/browse/SHINDIG-593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12649943#action_12649943
]
Ian Boston commented on SHINDIG-593:
------------------------------------
Patch looks good to me, and the change makes perfect sense, trying to apply now.
> incoming GET requests should not have their body inspected in
> handleSingleRequest during REST processing
> --------------------------------------------------------------------------------------------------------
>
> Key: SHINDIG-593
> URL: https://issues.apache.org/jira/browse/SHINDIG-593
> Project: Shindig
> Issue Type: Bug
> Components: RESTful API (Java)
> Reporter: Taylor Singletary
> Assignee: Ian Boston
> Attachments: SHINDIG-593.patch
>
>
> The problem appears to be that Shindig checks for a BODY in an
> incoming GET request. This checking for a BODY that doesn't actually
> exist results in this error:
> java.lang.RuntimeException: Could not get the post data from the request
> org.apache.shindig.social.opensocial.service.RestfulRequestItem.<init>(RestfulRequestItem.java:76)
> org.apache.shindig.social.opensocial.service.DataServiceServlet.handleSingleRequest(DataServiceServlet.java:94)
> org.apache.shindig.social.opensocial.service.DataServiceServlet.doPost(DataServiceServlet.java:79)
> org.apache.shindig.social.opensocial.service.DataServiceServlet.doGet(DataServiceServlet.java:47)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
> org.apache.shindig.social.core.oauth.AuthenticationServletFilter.doFilter(AuthenticationServletFilter.java:89)
> Actual error: the actual exception thrown by IOUtils is
> "java.net.SocketTimeoutException: Read timed out"
> Granted, the Net::HTTP library in some way must be indicating a Body
> header but providing no content inside, but it remains that Shindig
> shouldn't be checking for a body on a GET request. Is there any reason
> that it is doing so?
> Managed to track it down to the following code (revision 688930, but
> current doesn't look to have changed much here):
> Our source is rev 688930, but the last version didn't changed much in the
> private void handleSingleRequest(HttpServletRequest servletRequest,
> HttpServletResponse servletResponse, SecurityToken token,
> BeanConverter converter) throws IOException {
> RestfulRequestItem requestItem = new
> RestfulRequestItem(servletRequest, token, converter);
> ResponseItem responseItem =
> getResponseItem(handleRequestItem(requestItem));
> if (responseItem.getError() == null) {
> PrintWriter writer = servletResponse.getWriter();
> writer.write(converter.convertToString(responseItem));
> } else {
> sendError(servletResponse, responseItem);
> }
> }
> Also here is more precisely the code that throws the exception, line
> 11, when calling IOUtils.toByteArrays(...) from our commons-io-1.4.jar
> library, same version used by Shindig:
> public RestfulRequestItem(HttpServletRequest servletRequest,
> SecurityToken token,
> BeanConverter converter) {
> super(getServiceFromPath(servletRequest.getPathInfo()),
> getMethod(servletRequest),
> token, converter);
> this.url = servletRequest.getPathInfo();
> this.params = createParameterMap(servletRequest);
> try {
> ServletInputStream is = servletRequest.getInputStream();
> postData = new String(IOUtils.toByteArray(is));
> } catch (IOException e) {
> throw new RuntimeException("Could not get the post data from the
> request", e);
> }
> }
> **
> This bug has been confirmed to be triggered when sending GET requests via
> Net:HTTP (stock HTTP client) for both Ruby and Perl.
> **
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
