tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevan Miller <kevan.mil...@gmail.com>
Subject TCK Issue with Tomcat 5.5.12
Date Thu, 22 Dec 2005 05:53:04 GMT
The Geronimo project has encountered a TCK issue running with Tomcat  
5.5.12. We'd appreciate your help with the problem.

In the test, a POST Request without a message body is being received  
and a 403 "The request body was too large to be cached during the  
authentication process" is being improperly returned by Tomcat.


I believe the problem is in  
o.a.c.authenticator.FormAuthenticator.saveRequest() (or subsequent  
processing). In 5.5.12, if the message type is POST, saveRequest()  
will always attempt to save the Request body. The following code is  
new in saveRequest() since 5.5.9.

         if ("POST".equalsIgnoreCase(request.getMethod())) {
             ByteChunk body = new ByteChunk();
             body.setLimit(request.getConnector().getMaxSavePostSize());

             byte[] buffer = new byte[4096];
             int bytesRead;
             InputStream is = request.getInputStream();

             while ( (bytesRead = is.read(buffer) ) >= 0) {
                 body.append(buffer, 0, bytesRead);
             }
             saved.setBody(body);
         }

AFAICT, this code is assuming that there will always be a message  
body in the POST Request. However, this is not necessarily the case  
(and is certainly not true for the problem at hand). Eventually,  
SocketInputStream.read() is called from within  
o.a.coyote.http11.InternalReadBuffer.fill(). This call will throw a  
SocketTimeoutException.

The following code in FormAuthenticator.authenticate() interprets  
this IOException as a Request body overflow:

             try {
                 saveRequest(request, session);
             } catch (IOException ioe) {
                 log.debug("Request body too big to save during  
authentication");
                 response.sendError(HttpServletResponse.SC_FORBIDDEN,
                         sm.getString 
("authenticator.requestBodyTooBig"));
                 return (false);
             }

  Thanks for your help...

--kevan




---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message