[cdi-dev] Which version of HttpServletRequest is injected?
mkouba at redhat.com
Thu Sep 8 06:40:40 EDT 2016
that's a good question. In Weld, the request object is captured during
request context activation, i.e. during
ServletRequestListener.requestInitialized() notification and before any
filter or servlet is invoked. So wrappers are ignored and the
original/first request is used.
But TBH I don't think we can fix this easily as I'm not aware of any
portable way to listen for "wrapping actions".
Dne 8.9.2016 v 11:02 arjan tijms napsal(a):
> The CDI spec defines a built-in bean for the type HttpServletRequest. In
> 3.8 it says:
> "A servlet container must provide the following built-in beans, all of
> which have qualifier @Default:
> a bean with bean type javax.servlet.http.HttpServletRequest, allowing
> injection of a reference to the HttpServletRequest"
> An HttpServletRequest however can be wrapped multiple times and by
> multiple artefacts. I.e. by a ServerAuthModule, Filter and a
> The question now is; which version of the HttpServletRequest is supposed
> to be injected?
> * The first one in the chain?
> * The last one in the chain?
> * The current one at a given point in the chain?
> A little bit of experimenting seems to indicate it's now often "one of
> the first ones", e.g. the one that happened to be current when e.g. a
> ServletRequestListener that initialises a specific CDI implementation is
> I think this is a little confusing, as working with an injected request
> can now totally ignore the request wrapping that has been done and break
> an application badly.
> Kind regards,
> Arjan Tijms
> cdi-dev mailing list
> cdi-dev at lists.jboss.org
> Note that for all code provided on this list, the provider licenses the code under the Apache License, Version 2 (http://www.apache.org/licenses/LICENSE-2.0.html). For all other ideas provided on this list, the provider waives all patent and other intellectual property rights inherent in such information.
Red Hat, Czech Republic
More information about the cdi-dev