[cdi-dev] Which version of HttpServletRequest is injected?

arjan tijms arjan.tijms at gmail.com
Thu Sep 8 05:02:45 EDT 2016


The CDI spec defines a built-in bean for the type HttpServletRequest. In
3.8 it says:

"A servlet container must provide the following built-in beans, all of
which have qualifier @Default:

a bean with bean type javax.servlet.http.HttpServletRequest, allowing
injection of a reference to the HttpServletRequest"

An HttpServletRequest however can be wrapped multiple times and by multiple
artefacts. I.e. by a ServerAuthModule, Filter and a RequestDispatcher.

The question now is; which version of the HttpServletRequest is supposed to
be injected?

* The first one in the chain?
* The last one in the chain?
* The current one at a given point in the chain?

A little bit of experimenting seems to indicate it's now often "one of the
first ones", e.g. the one that happened to be current when e.g. a
ServletRequestListener that initialises a specific CDI implementation is

I think this is a little confusing, as working with an injected request can
now totally ignore the request wrapping that has been done and break an
application badly.


Kind regards,
Arjan Tijms
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/cdi-dev/attachments/20160908/d7352a48/attachment.html 

More information about the cdi-dev mailing list