tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 52606] New: FORM authentication POST replay broken for AJP
Date Sun, 05 Feb 2012 18:10:19 GMT

             Bug #: 52606
           Summary: FORM authentication POST replay broken for AJP
           Product: Tomcat 7
           Version: 7.0.25
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: regression
          Priority: P2
         Component: Connectors
    Classification: Unclassified

Reported and discussed in the following thread on users@:
"Form Authentication POST data not preserved?"

This supposedly has the same trigger as the issue reported in Comment 9 in bug
51940 [3], that is consuming the body of the original request before replacing


In AbstractAjpProcessor$SocketInputBuffer#doRead() there is a check for
"endOfStream" flag. If the flag is set the method returns immediately and does
not use the bodyBytes field that was initialized to replay the body.

The fix is to add the following line to "REQ_SET_BODY_REPLAY" case in
AbstractAjpProcessor#action(), as confirmed on the users@ thread:

  endOfStream = false;

In 6.0.x implementation of AjpProcessor$SocketInputBuffer and of replay action
is the same, but I have not tested whether this bug can be triggered there or

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message