I sent this mail to the dev list some days ago but got no answer. I apologize for the cross-posting. Hopefully someone will be able to help me here.
I'm having a problem when trying to cope with double submits in a page with form-based authentication in Tomcat 4.1.30.
I get to the login page when I try to access a protected page (actually a struts action - ".do").
I then inform the username and password in the form whose target is j_security_check and, if I just push submit once, everything goes allright, I am authenticated and taken to the struts action, that does its job and forwards to its view.
But if I simulate a double submit (impatient users , I am shown a IllegalStateException, thrown by org.apache.catalina.servlets.DefaultServlet.
Well, I downloaded tomcat's source code and traced it to see what was going on.
I found out that in the first request org.apache.catalina.core.ApplicationFilterChain.internalDoFilter() will call servlet.service(), and in this case the servlet is struts' ActionServlet, whereas in the second (and simultaneous) submit, the servlet invoked is org.apache.catalina.servlets.DefaultServlet.
I think this behaviour is probably because in the second submit the resource I !first! requested was j_security_check (the action of the form), and not the struts action (.do extension), like in the first submit).
DefaultServlet will then try to serve, in the second submit, j_security_check. It will not find the resource and will try to call response.sendError(HttpServletResponse.SC_NOT_FOUND,
request.getRequestURI());
The thing is that, at this point, response.isCommitted() == true, and then it throws IllegalStateException.
If we analyse what is actually going on, the problem is not the IllegalStateException itself, but the fact that tomcat is trying to serve j_security_check in the second submit, rather than the struts action I requested in the first place. The exception I get is just a consequence of the wrong processing.
Would this be a bug in tomcat? Would there be any workarounds to make it remind that the second submit still has as target the struts action, and not j_security_check as it is currently interpreting?
I'd appreciate any thoughts.
Best Regards,
Andrigo GomesPS: here is the stack trace I get:
java.lang.IllegalStateException at org.apache.coyote.tomcat4.CoyoteResponseFacade.sendError(CoyoteResponseFacade.java:310) at org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.java:936) at org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:518) at org.apache.catalina.servlets.DefaultServlet.doPost(DefaultServlet.java:554) at javax.servlet.http.HttpServlet.service(HttpServlet.java:760) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at companyFilter.doFilter(some row) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.jboss.web.catalina.security.JBossSecurityMgrRealm.invoke(JBossSecurityMgrRealm.java:227) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2422) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:163) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:199) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:700) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:584) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683) at java.lang.Thread.run(Unknown Source)
Apache Tomcat/4.1.30
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
