tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: Form Authentication POST data not preserved?
Date Sun, 05 Feb 2012 18:22:32 GMT
2012/2/5 Jess Holle <jessh@ptc.com>:
> On 2/5/2012 11:15 AM, Konstantin Kolinko wrote:
>>
>> I think this issue is specific to AJP.
>>
>> For HTTP connectors a similar issue was noted and fixed here:
>> https://issues.apache.org/bugzilla/show_bug.cgi?id=51940#c9
>>
>> I think adding the following line to "REQ_SET_BODY_REPLAY" case in
>> AbstractAjpProcessor#action() will fix this bug:
>>
>>    endOfStream = false;
>
>
> That did the trick!  [I just did this via the debugger without a rebuild,
> but same thing.]
>
> Could someone please patch this into trunk so it's in the next Tomcat
> release?
>
> Until then I can certainly patch it into my own Tomcat.  I just don't want
> to maintain this patch forever (nor have everyone else suffer from this bug
> in the AJP case).
>

I filed a bug
https://issues.apache.org/bugzilla/show_bug.cgi?id=52606

It would be nice to know whether this problem is observable with 6.0.35 or not.


2012/2/5 Jess Holle <jessh@ptc.com>:
>
> Also it strikes me that maxSavePostSize should really be backed up by a use
> of a SoftReference in SavedRequest.
>
> This would allow one to allow relatively large POST bodies to be saved
> unless/until this threatened to consume the JVM's overall memory resources,
> at which point the POST bodies could be dropped.
>
> As it stands now one has to choose between vicious treatment of large POST
> bodies (i.e. dropping all the user's data) and opening oneself wide open to
> quick and easy (and possibly accidental) DOS attacks.
>

Interesting idea. I think it is worth filing an enhancement request.
Though I see the following caveat:

Using SoftReference here will lead to non-deterministic behaviour. I
wonder whether admins will be puzzled by this feature.  Though this
can be solved by logging an INFO message wrapped by
org.apache.juli.logging.UserDataHelper.


Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message