tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <billwbar...@verizon.net>
Subject Re: how to unwrap a Request from RequestFacade
Date Sat, 05 Sep 2009 03:11:47 GMT

"Christopher Schultz" <chris@christopherschultz.net> wrote in message 
news:4AA12265.3020901@christopherschultz.net...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Bill,
>
> On 9/3/2009 10:47 PM, Bill Barker wrote:
>> "Christopher Schultz" <chris@christopherschultz.net> wrote in message
>> news:4AA03CA3.4010405@christopherschultz.net...
>> Muthu,
>>
>> On 9/3/2009 11:17 AM, Muthu.Chandir@sectra.se wrote:
>>>>>   I am using tomcat 5.5 and just wanted to write a simple servlet to

>>>>> get
>>>>> some information using StandardManager such as activeSessions,
>>>>> expriedSessions, sessionCounter etc.. I am not that familiar with 
>>>>> these
>>>>> classes. I noticed when the request comes into my servlet it comes as
>>>>> RequestFacade where the org.apache.catalina.connector.Request is 
>>>>> wrapped
>>>>> inside it. I haven't figured out how to unwrap the Request object so

>>>>> that
>>>>> I can get the Context from which I can get the Manager 
>>>>> (StandardManager)
>>>>> to access the information I need. Any help with a snippet of code to

>>>>> get
>>>>> the Request Object from RequestFacade will be appreciated.
>>
>> Maybe try something like this:
>>
>> public class SneekyRequestFacade
>>  extends RequestFacade
>> {
>>  public SneekyRequestFacade() { super(null); }
>>
>>  public Request getRequest(RequestFacade rf)
>>  {
>>    return rf.request;
>>  }
>> }
>>
>> Now:
>>
>> RequestFacade rf = ...;  // get your requestfacade
>> Request req = new SneekyRequestFacade().getRequest(rf);
>>
>> I think that ought to do it. Isn't OO abuse great?
>>
>>
>>> It is great ;).  But you save a couple of lines by just doing straight
>>> introspection.
>
> I had thought about that, but I thought the JVM prevented code from
> getting-around access privileges by using introspection. Or is that only
> when a SecurityManager is running?
>

No, without a SecurityManager, you can do pretty much anything with 
introspection by at most calling field.setAccessible(true).  This is how the 
WebappClassLoader nulls out static fields when you undeploy a webapp.  It's 
also a big part of the reason that the server ClassLoader went away by 
default, since it didn't really stop anyone from accessing Tomcat core 
classes.

> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkqhImUACgkQ9CaO5/Lv0PDVkgCaA9UWhDHNXKdfN2mSPZN1lauK
> Z3oAnRphaMCX6vkmjvLH+t/tmUIxp52m
> =qxEb
> -----END PGP SIGNATURE----- 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message