On 14/07/2015 10:14, Christian Kaltepoth wrote:
Hey Ludovic,
thanks a lot. To be honest, I don't fully understand Christopher's response
to your question.
The javadocs of ServletRequestListener say:
Interface for receiving notification events about requests coming into and
going out of scope of a web application. A ServletRequest is defined as
coming into scope of a web application when it is about to enter the first
servlet or filter of the web application, and as going out of scope as it
exits the last servlet or the first filter in the chain.
In my understanding this means that requestInitialized() is called only
once for each "physical" request. Or at least that requestDestroyed() is
called _before_ requestInitialized() gets executed another time.
If I get it right, and supposing that the form page is my-webapp/login.xhtml
* there is really one "physical", user triggered request (by a web
browser, curl, wget or whatever) ;
* when one requests any page other than login.xhtml without being
already authenticated, Tomcat does NOT reply with a 302 or any other
HTTP code, it internally forwards the request using forwardToLoginPage
(see
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?view=markup&pathrev=1024397
, line 246).
=> so :
* there are two "logical" requests in this case.
* the forward to login.xhtml is just some sort of "inner request", and
its result will be sent as the first, "original" request result.
=> so so :
* two logical requests are processed at the same time
* it is normal that we are not notified of the deletion of the first
request.
I am curious on why they do not simply perform a HTTP redirect. I guess
there must be something in a spec requesting it. My first move was to
leave that alone, not having time to read related specs and wanting to
spare Christopher Schultz time, but the question might be interesting to
other people, so I will continue the discussion on Tomcat list;
However, my commit should fix the problem. Looking forward to hear if it
works for you.
I tested and, as expected, it works ! :-)
I would have tested before that we are re-binding the same "physical"
request and would have logged an error if not. That might detect other
strange cases. But I can leave without it. :-)
Thanks a lot. I look forward to 1.4.2 release.
Ludovic
|
| AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT.
|
