Skip to main content

[webtier] difference between GF and Tomcat handling FORM authentication

1 reply [Last post]
Anonymous

Hi Jan, Jeanfrancois,

I noticed a difference between Tomcat and GF in how FORM authentication
is handled.

https://glassfish.dev.java.net/issues/show_bug.cgi?id=7935

In GF, FormAuthenticator#restoreRequest has the following, but
CoyoteRequest#setMethod is empty so the information of the previous
request is not recovered.

request.setMethod(saved.getMethod());
request.setQueryString(saved.getQueryString());
request.setRequestURI(saved.getRequestURI());

Can't we implement restoreRequest and saveRequest like Tomcat does?

Thanks,
Dies

---------------------------------------------------------------------
To unsubscribe, e-mail: webtier-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: webtier-help@glassfish.dev.java.net

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Jan Luehe

On 04/20/09 11:30 PM, Dies Koper wrote:
> Hi Jan, Jeanfrancois,
>
> I noticed a difference between Tomcat and GF in how FORM authentication
> is handled.
>
> https://glassfish.dev.java.net/issues/show_bug.cgi?id=7935
>
> In GF, FormAuthenticator#restoreRequest has the following, but
> CoyoteRequest#setMethod is empty so the information of the previous
> request is not recovered.
>
> request.setMethod(saved.getMethod());
> request.setQueryString(saved.getQueryString());
> request.setRequestURI(saved.getRequestURI());
>
> Can't we implement restoreRequest and saveRequest like Tomcat does?
>
>

Thanks, Dies!

I've fixed the issue as per the attached diffs. I think this is cleaner
than how Tomcat did it.
I will look into their approach of saving the POST payload, though, but
that would be a
separate issue.

Thanks also for attaching a test case to the issue. This is passing now
with my fix.

Jan

> Thanks,
> Dies
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: webtier-unsubscribe@glassfish.dev.java.net
> For additional commands, e-mail: webtier-help@glassfish.dev.java.net
>
>

Index: Request.java
===================================================================
--- Request.java (revision 26453)
+++ Request.java (working copy)
@@ -2220,7 +2220,7 @@
* @param method The request method
*/
public void setMethod(String method) {
- // Not used
+ coyoteRequest.method().setString(method);
}

@@ -2231,7 +2231,7 @@
* @param query The query string
*/
public void setQueryString(String query) {
- // Not used
+ coyoteRequest.queryString().setString(query);
}

@@ -2319,7 +2319,7 @@
* @param uri The request URI
*/
public void setRequestURI(String uri) {
- // Not used
+ coyoteRequest.requestURI().setString(uri);
}

---------------------------------------------------------------------
To unsubscribe, e-mail: webtier-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: webtier-help@glassfish.dev.java.net