[cdi-dev] Which version of HttpServletRequest is injected?

Martin Kouba mkouba at redhat.com
Thu Sep 8 06:40:40 EDT 2016 

Hi Arjan,

that's a good question. In Weld, the request object is captured during 
request context activation, i.e. during 
ServletRequestListener.requestInitialized() notification and before any 
filter or servlet is invoked. So wrappers are ignored and the 
original/first request is used.

But TBH I don't think we can fix this easily as I'm not aware of any 
portable way to listen for "wrapping actions".

Martin

Dne 8.9.2016 v 11:02 arjan tijms napsal(a):
> Hi,
>
> The CDI spec defines a built-in bean for the type HttpServletRequest. In
> 3.8 it says:
>
> "A servlet container must provide the following built-in beans, all of
> which have qualifier @Default:
>
> a bean with bean type javax.servlet.http.HttpServletRequest, allowing
> injection of a reference to the HttpServletRequest"
>
> An HttpServletRequest however can be wrapped multiple times and by
> multiple artefacts. I.e. by a ServerAuthModule, Filter and a
> RequestDispatcher.
>
> The question now is; which version of the HttpServletRequest is supposed
> to be injected?
>
> * The first one in the chain?
> * The last one in the chain?
> * The current one at a given point in the chain?
>
> A little bit of experimenting seems to indicate it's now often "one of
> the first ones", e.g. the one that happened to be current when e.g. a
> ServletRequestListener that initialises a specific CDI implementation is
> called.
>
> I think this is a little confusing, as working with an injected request
> can now totally ignore the request wrapping that has been done and break
> an application badly.
>
> Thoughts?
>
> Kind regards,
> Arjan Tijms
>
>
>
> _______________________________________________
> cdi-dev mailing list
> cdi-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/cdi-dev
>
> Note that for all code provided on this list, the provider licenses the code under the Apache License, Version 2 (http://www.apache.org/licenses/LICENSE-2.0.html). For all other ideas provided on this list, the provider waives all patent and other intellectual property rights inherent in such information.
>

-- 
Martin Kouba
Software Engineer
Red Hat, Czech Republic

More information about the cdi-dev mailing list