Hello All,
So I've dug in deeper and decided on a course of action. When a POST is
coming in on a new connection (no session ID in the cookies or URL)
Shiro calls request.getParameter(name) looking for the Session ID. This
results in org.apache.catalina.connector.Request.parseParameters() (part
of Tomcat) consuming the POST input stream.
That is fine, except that after Request.parseParameter() is done, the
POST body data is thrown away if it wasn't loaded into the parameters.
Since I'm sending XML data, nothing is successfully loaded into the
parameters, so the data is lost and my RESTlet ServerResource has no way
of processing it.
This only affects POSTs because they are the only type by default in
Tomcat's |parseBodyMethods |configuration option.
So, our current plan to solve this problem is to start each connection
with a GET call that will return (among other data) a Session ID
cookie. We can then use this cookie on POST calls to prevent Shiro from
trying to fetch the Parameters from the POST body and thereby consuming it.
Any thoughts on this particular problem and/or solution would be welcome.
Thanks!
Sincerely,
Stephen
--
Stephen McCants
Senior Software Engineer
Healthcare Control Systems
1-877-877-8795 x116
