<div dir="ltr">Hi,<br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 8, 2016 at 12:40 PM, Martin Kouba <span dir="ltr"><<a href="mailto:mkouba@redhat.com" target="_blank">mkouba@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">that's a good question. In Weld, the request object is captured during request context activation, i.e. during ServletRequestListener.request<wbr>Initialized() notification and before any filter or servlet is invoked. So wrappers are ignored and the original/first request is used.<br></blockquote><div><br></div><div>Indeed, although do note that some servers (Liberty and WebLogic I think) send the ServletRequestListener.requestInitialized() notification rather late, and do that after the application already has seen the request and has had a chance to wrap it. This by itself is a separate problem. So on these servers, Weld would receive an early request but not necessarily the earliest.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
But TBH I don't think we can fix this easily as I'm not aware of any portable way to listen for "wrapping actions".<br></blockquote><div><br></div><div>This would have to happen with Server specific code I guess, just as Weld now requires an SPI to obtain the current principal for injection.</div><div><br></div><div>You could say that the Servlet container could store the request "somewhere" on a stack structure, just before it invokes the ServerAuthModule, Filter, Servlet and anything else I may have forgotten, and then when control flows back to each Servlet, Filter, etc unwind that stack.</div><div><br></div><div>At the very least the spec for now should perhaps clarify this?</div><div><br></div><div>Kind regards,</div><div>Arjan Tijms</div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<br>
Martin<br>
<br>
Dne 8.9.2016 v 11:02 arjan tijms napsal(a):<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div><div class="gmail-h5">
Hi,<br>
<br>
The CDI spec defines a built-in bean for the type HttpServletRequest. In<br>
3.8 it says:<br>
<br>
"A servlet container must provide the following built-in beans, all of<br>
which have qualifier @Default:<br>
<br>
a bean with bean type javax.servlet.http.HttpServlet<wbr>Request, allowing<br>
injection of a reference to the HttpServletRequest"<br>
<br>
An HttpServletRequest however can be wrapped multiple times and by<br>
multiple artefacts. I.e. by a ServerAuthModule, Filter and a<br>
RequestDispatcher.<br>
<br>
The question now is; which version of the HttpServletRequest is supposed<br>
to be injected?<br>
<br>
* The first one in the chain?<br>
* The last one in the chain?<br>
* The current one at a given point in the chain?<br>
<br>
A little bit of experimenting seems to indicate it's now often "one of<br>
the first ones", e.g. the one that happened to be current when e.g. a<br>
ServletRequestListener that initialises a specific CDI implementation is<br>
called.<br>
<br>
I think this is a little confusing, as working with an injected request<br>
can now totally ignore the request wrapping that has been done and break<br>
an application badly.<br>
<br>
Thoughts?<br>
<br>
Kind regards,<br>
Arjan Tijms<br>
<br>
<br>
<br></div></div>
______________________________<wbr>_________________<br>
cdi-dev mailing list<br>
<a href="mailto:cdi-dev@lists.jboss.org" target="_blank">cdi-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/cdi-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/cdi-dev</a><br>
<br>
Note that for all code provided on this list, the provider licenses the code under the Apache License, Version 2 (<a href="http://www.apache.org/licenses/LICENSE-2.0.html" rel="noreferrer" target="_blank">http://www.apache.org/license<wbr>s/LICENSE-2.0.html</a>). For all other ideas provided on this list, the provider waives all patent and other intellectual property rights inherent in such information.<br>
<br><span class="gmail-HOEnZb"><font color="#888888">
</font></span></blockquote><span class="gmail-HOEnZb"><font color="#888888">
<br>
-- <br>
Martin Kouba<br>
Software Engineer<br>
Red Hat, Czech Republic<br>
</font></span></blockquote></div><br></div></div>