tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Kaltepoth <christ...@kaltepoth.de>
Subject Re: Double call to requestInitialized when forwarding for FORM auth
Date Thu, 16 Jul 2015 15:48:18 GMT
Hey all,

I'm the guy who wrote the DeltaSpike code that is causing the trouble here.
So maybe I should ask a very concrete question here:

Basically the DeltaSpike code assumed that
ServletRequestListener.requestInitialized() is called exactly once for each
"physical" request. But it looks like it is called more than once if the
user gets forwarded to a login page (login-config, corresponding constraints).
Maybe even if requests get forwarded? I didn't check this.

Actually I was very surprised about that behavior. The javadocs of
ServletRequestListener.requestInitialized() say that the method is invoked
when the request *"is about to enter the first servlet or filter of the web
application".*

In my understanding this means that it gets invoked only once even if the
request is forwarded. I didn't find anything in the Servlet spec about that
specific topic.

Any thoughts about that?

Thanks

Christian


2015-07-16 15:28 GMT+02:00 Christopher Schultz <chris@christopherschultz.net
>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Ludovic,
>
> On 7/16/15 2:29 AM, l.penet@senat.fr wrote:
> > On 15/07/2015 23:36, Christopher Schultz wrote:
> >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
> >>
> >> Ludovic,
> >>
> >> On 7/15/15 3:29 AM, l.penet@senat.fr wrote:
> >>> On 13/07/2015 15:13, Christopher Schultz wrote: It looks like
> >>> you or DeltaSpike are not cleaning-up as the request
> >>> transitions from one state to another. Ok, thank you.
> >>>
> >>> What kind of notification should we process to detect this
> >>> transition ?
> >> I'm not sure, since it's DeltaSpike which is objecting to the
> >> current state of the request.
> >>
> >> I think you'll have better luck with asking the DeltaSpike folks.
> >> They are welcome to come here to ask about why something may have
> >> changed. Was there ever a reply to your initial question?
> >
> > Yes, and a patch allowing this "double initialization".
>
> Hmm. I'm surprised that it wasn't possible before then.
>
> > But as I suspect that there is something "cleaner" to do, I try to
> > scratch the subject.
> >
> >> In your post to their list, you mentioned that "there are
> >> sometimes
> >
> > Pretty much the same than in this case, if I sum it up.
> >
> > A typical example : years ago, I wrote a web filter, had to perform
> > some locking in it (because of legacy libs) and was quite surprised
> > to see the request going through the filter twice when serving a
> > login page on FORM auth.
> >
> > I am no JEE Guru, so "strange" does not mean "bad" but
> > "surprising".
>
> A request can be forwarded to another resource during request
> processing. According to the servlet spec, forwarding a request should
> send it back through the Filter chain for the (new) target resource as
> long as the Filter was declared to be run for that type of dispatch.
>
> See section 6.2.5 of the Servlet Spec version 3.0, which explains what
> is going on.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJVp7GVAAoJEBzwKT+lPKRYVXMP/36fuxmrIIbB4VgRWU92VyjD
> jgteXXoWHHV8WtCpVZzbhUrUKDG9XE914RK8DfyZyqR+DMQ8ucl4nkygTQP64siP
> WIylWTlsk+HCvm7u3NKzJgIH6QoyBNlaPbgVdZq+PcvqcXy2evNE1HSIuvy/n7J6
> ZDvUsKAcmjj65MC9K+fXwLHI5os3n4R5eVZr9nzG6mMZkIYLCzRGU57QtnMHgtq6
> IeaJ4uSjBe8L5E8qN3Y2wlrye0v1LKLYrQn1PTrWYY0r2LhcAJev2HVvozG1L3rw
> jfpt+5JnJDwyhP15Bo3zRDTvoUkIeHIyUVEcy3sGXtGmCMXQ4MMfu3N4mMkIJPga
> P5+fCheGoFVZwCwnrfYcjgY/T1sjFISMN90Tb8xQUlew0/iKnBLTQ6HjTUu7zswM
> rlkuMeqBTE4JZxsU8zhEhBTHhWmHvhfvZVdanxSvUmWWFuBwoHp67ur2CPpoJWh1
> FU7HE0+AYgSZPg9ZOXKPTivT6OJi70n5YcpQCYPH2/XreQViBsTNTz3g5u66rEhv
> P89ohTKOYWmGGqUaOVvXXRIBfMzkGfURZFG6Oi+hQy+LdC2XszlB0EcANSn6ThiG
> wYKfAp8m87KjDesmATlaRJm9/RzJDO/sFo8rrGyTRpFvapwkvZmgRLmlaeDuhZ2f
> 6HrvOa7Vijuk93PhqnCd
> =JjcA
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


-- 
Christian Kaltepoth
Blog: http://blog.kaltepoth.de/
Twitter: http://twitter.com/chkal
GitHub: https://github.com/chkal

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message