From tomcat-dev-return-42228-apmail-jakarta-tomcat-dev-archive=jakarta.apache.org@jakarta.apache.org Mon Mar 15 18:03:01 2004 Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org Received: (qmail 22115 invoked from network); 15 Mar 2004 18:03:00 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 15 Mar 2004 18:03:00 -0000 Received: (qmail 27208 invoked by uid 500); 15 Mar 2004 18:02:47 -0000 Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 27167 invoked by uid 500); 15 Mar 2004 18:02:46 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 27154 invoked from network); 15 Mar 2004 18:02:46 -0000 Received: from unknown (HELO exchange.sun.com) (192.18.33.10) by daedalus.apache.org with SMTP; 15 Mar 2004 18:02:46 -0000 Received: (qmail 28383 invoked by uid 50); 15 Mar 2004 18:03:22 -0000 Date: 15 Mar 2004 18:03:22 -0000 Message-ID: <20040315180322.28382.qmail@nagoya.betaversion.org> From: bugzilla@apache.org To: tomcat-dev@jakarta.apache.org Cc: Subject: DO NOT REPLY [Bug 27676] New: - HttpRequestBase doesn't reparse query string after call to setQueryString() X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=27676 HttpRequestBase doesn't reparse query string after call to setQueryString() Summary: HttpRequestBase doesn't reparse query string after call to setQueryString() Product: Tomcat 4 Version: 4.1.18 Platform: All OS/Version: All Status: NEW Severity: Normal Priority: Other Component: Catalina AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: justinp@motive.com I ran into this bug on Tomcat 4.1.18, but from inspecting the code it looks like it's still in the most recent release. I subclassed FormAuthenticator to provide single sign-on type functionality for my webapp. My authenticator's authenticate() looks for an authToken in a request parameter and, if it's not there, defers to the superclass implementation (FormAuthentication). My call to request.getParameter() triggers code in HttpRequestBase.parseParameters() which sets the 'parsed' flag in the request object to true. Later, in the implementation of FormAuthenticator.authenticate(), FormAuthenticator.restoreRequest() is called to restore the original request after successful login. In that method, the parameters get blown away and the queryString is reset, but the parsed flag is not cleared. So, every subsequent call to request.getParameter() returns null. It doesn't know that it needs to reparse the queryString. I'm not sure if this is a semantic problem in FormAuthenticator or in HttpRequestBase. I would imagine that it's the former, since it looks an HttpRequestBase is not really intended to be reused. Maybe FormAuthenticator should recycle the request object prior to restoring it. Either way, the state of the request becomes inconsistent. --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org