DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=27676>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=27676 HttpRequestBase doesn't reparse query string after call to setQueryString() Summary: HttpRequestBase doesn't reparse query string after call to setQueryString() Product: Tomcat 4 Version: 4.1.18 Platform: All OS/Version: All Status: NEW Severity: Normal Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] I ran into this bug on Tomcat 4.1.18, but from inspecting the code it looks like it's still in the most recent release. I subclassed FormAuthenticator to provide single sign-on type functionality for my webapp. My authenticator's authenticate() looks for an authToken in a request parameter and, if it's not there, defers to the superclass implementation (FormAuthentication). My call to request.getParameter() triggers code in HttpRequestBase.parseParameters() which sets the 'parsed' flag in the request object to true. Later, in the implementation of FormAuthenticator.authenticate(), FormAuthenticator.restoreRequest() is called to restore the original request after successful login. In that method, the parameters get blown away and the queryString is reset, but the parsed flag is not cleared. So, every subsequent call to request.getParameter() returns null. It doesn't know that it needs to reparse the queryString. I'm not sure if this is a semantic problem in FormAuthenticator or in HttpRequestBase. I would imagine that it's the former, since it looks an HttpRequestBase is not really intended to be reused. Maybe FormAuthenticator should recycle the request object prior to restoring it. Either way, the state of the request becomes inconsistent. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
