RE: HttpServletRequest.getParameter() inside a valve

Fri, 05 Mar 2010 01:35:16 -0800 

Hey,

Thanks for your analyse.

I guess the only way out of this is to prevent the use of getparameter() in 
case of a HTTP post. This may be ok for us, as our secuId is sent using the 
querystring, thus HTTP GET.

I've seen a place where request.getParameter() is used thus: in 
FormAuthenticator. But after son digging,  I've seen that in that case a new 
request object is build from scratch by the valve and resent to the target 
servlet.

-antonio


>> Those cases are a "java.io.IOException: Connection reset by peer:
>> Amount read didn't match content-length "  for the WebObject servlet,
>> and a EOFException in the invoker servlet in Jboss).
>
>That seems fairly straightforward: the client is sending a
>Content-Length that doesn't match the amount of data sent: too few bytes
>or too many. Can you post the whole stack trace?

Here is the Webobject servlet stacktrace:

java.io.IOException: Connection reset by peer: Amount read didn't match 
content-length
 at 
com.webobjects.appserver._private.WONoCopyPushbackInputStream.read(WONoCopyPushbackInputStream.java:175)
 at 
com.webobjects.appserver._private.WOInputStreamData._extractBytesFromInputStream(WOInputStreamData.java:105)
 at 
com.webobjects.appserver._private.WOInputStreamData.bytesNoCopy(WOInputStreamData.java:137)
 at com.webobjects.foundation.NSData._bytesNoCopy(NSData.java:502)
 at com.webobjects.appserver.WOMessage.contentString(WOMessage.java:651)
 at Application.dispatchRequest(Unknown Source)
 at 
com.webobjects.jspservlet._WOApplicationWrapper.servletDispatchRequest(_WOApplicationWrapper.java:118)
 at 
com.webobjects.jspservlet.WOServletAdaptor._handleRequest(WOServletAdaptor.java:581)
 at com.webobjects.jspservlet.WOServletAdaptor.doPost(WOServletAdaptor.java:548)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
 at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at 
com.borland.pso.security.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:41)
 at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at 
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
 at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at 
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
 at 
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
 at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
 at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
 at 
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
 at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:543)
 at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at hug.jade.security.tomcat.valve.HugSSOValve.invoke(HugSSOValve.java:114)

Reply via email to