9 a.m.
Steps to reproduce:
- Try to register new user : fill the form with all needed data
- Expect : Register successfully, but always show PopupMessage : Text
verification isn't correct
I've tried to debug and found that :
- in PortalController servlet and CaptchaServlet : i can retrieve the same
HttpSession from the HttpRequestWrapper (wrapped in LocalizationFilter)
- but in the CaptchaValidator : after call to
portalRequestContext.getRequest().getSession() , the HttpSession object is
difference with the one we retrieved in PortalController
Actually, in each request, ApplicationDispatcher doesn't wrap the
ServletFacade , it wrap the HttpRequestWrapper (RequestFacade has already
wrapped by LocalizationFilter), and the local variable crossContext is set
to true --> In portlet, when i call getSession(), the wrapper object
delegates the call to ApplicationHttpRequest, but this wrapper doesn't
delegate to RequestFacade's getSession() method but return the wrong
HttSession
4:18 p.m.
Thanks to your excellent analysis it was easy for me to figure out a fix.
The problem is that LocalizationFilter's HttpRequestWrapper for reasons of
brewity extends, and makes use of HttpServletRequestWrapper which is there
for exactly that purpose.
Catalina, however is being a bit too smart, probably in order to support
certain cross-context scenarios, but in a way that breaks proper behaviour
for our case. In ApplicationDispatcher it detects that LocalizationFilter's
HttpRequestWrapper is instanceof ServletRequestWrapper, and injects a
different request object into it via inherited setRequest() method -
effectively making it wrap a completely different request.
The solution is simply not to use HttpServletRequestWrapper when
implementing LocalizationFilter's HttpRequestWrapper.
I'll do some more tests before committing.
On Sun, Sep 5, 2010 at 4:00 PM, Phuong Vu Viet <vstorm83(a)gmail.com> wrote:
Steps to reproduce:
- Try to register new user : fill the form with all needed data
- Expect : Register successfully, but always show PopupMessage : Text
verification isn't correct
I've tried to debug and found that :
- in PortalController servlet and CaptchaServlet : i can retrieve the same
HttpSession from the HttpRequestWrapper (wrapped in LocalizationFilter)
- but in the CaptchaValidator : after call to
portalRequestContext.getRequest().getSession() , the HttpSession object is
difference with the one we retrieved in PortalController
Actually, in each request, ApplicationDispatcher doesn't wrap the
ServletFacade , it wrap the HttpRequestWrapper (RequestFacade has already
wrapped by LocalizationFilter), and the local variable crossContext is set
to true --> In portlet, when i call getSession(), the wrapper object
delegates the call to ApplicationHttpRequest, but this wrapper doesn't
delegate to RequestFacade's getSession() method but return the wrong
HttSession
_______________________________________________
gatein-dev mailing list
gatein-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/gatein-dev
5202
days inactive
5202
days old
1 comments
2 participants
participants (2)
-
Marko Strukelj -
Phuong Vu Viet