<div dir="ltr">Hi,<br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 8, 2016 at 2:14 PM, Martin Kouba <span dir="ltr"><<a href="mailto:mkouba@redhat.com" target="_blank">mkouba@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">The best solution might be to let the servlet container provide the beans for all the servlet artifacts (HttpServletRequest, HttpSession and ServletContext).<br></blockquote><div><br></div><div>+100 for that.</div><div><br></div><div>Several issues were already created for that in the past, but to my understanding it was misunderstood by some in the Servlet EG and subsequently closed. See <a href="https://java.net/jira/browse/SERVLET_SPEC-116">https://java.net/jira/browse/SERVLET_SPEC-116</a></div><div><br></div><div>Specifically this comment was a little problematic:</div><div><br></div><div><div>GW> More over,</div><div>GW> I'm concerned that by making CDI to servlet mapping a responsibility</div><div>GW> of the servlet container, then we are going to have to do a</div><div>GW> container to CDI adaptation for every CDI implementation out there.</div></div><div><br></div><div>I think this is missing the key insight that CDI extensions are portable and that it's "just" providing a 1 class extension that adds 3 orso build-in beans.</div><div><br></div><div>Kind regards,</div><div>Arjan Tijms</div><div><br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<br>
But it's more complicated then it sounds. For example, HttpServletRequest attibutes might be used as backing storage of the request context. So that it cannot simply change...<br>
<br>
Anyway, I think this problem deserves some attention from both the CDI and the Servlet EG.<br>
<br>
Martin<br>
<br>
Dne 8.9.2016 v 13:31 arjan tijms napsal(a):<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><span class="gmail-">
Hi,<br>
<br>
On Thu, Sep 8, 2016 at 1:09 PM, Romain Manni-Bucau<br></span><div><div class="gmail-h5">
<<a href="mailto:rmannibucau@gmail.com" target="_blank">rmannibucau@gmail.com</a> <mailto:<a href="mailto:rmannibucau@gmail.com" target="_blank">rmannibucau@gmail.com</a>><wbr>> wrote:<br>
<br>
Hit that issue as well several times.<br>
<br>
It is more vicious than it looks like IMO cause CDI will *never* get<br>
*the* right request for everybody, it is as simple as that. Any part<br>
of the app can rely on the wrapper level N (of course N being<br>
different for each mentionned parts of the app).<br>
<br>
<br>
What I was thinking, but maybe I'm wrong, is that the application never<br>
"just" wraps the request and uses it for itself. It always passes it to<br>
the container, which then passes it on to the next Filter, Servlet, or<br>
whatever. So at that point the container code has the opportunity to<br>
store the request as being the "current" one.<br>
<br>
E.g. if you do:<br>
<br>
RequestDispatcher dispatcher = servletContext().getRequestDis<wbr>patcher(...);<br>
dispatcher.forward(wrap(reques<wbr>t), response);<br>
<br>
Then the RequestDispatcher, which is a container class, receives the<br>
wrapped request and can make it available.<br>
<br>
The other way around, eventually every AuthModule, Filter or Servlet has<br>
to be called by the container at some point. E.g. the "protected void<br>
service(HttpServletRequest req, HttpServletResponse resp)" is called by<br>
the container.<br>
<br>
So just before the container invokes the HttpServlet#service method, the<br>
container can store the request, and CDI (via an SPI) can pick it up<br>
from there.<br>
<br>
That way in every context you can always have the *current* request (the<br>
request that's passed in to the last Servlet or Filter call on the stack).<br>
<br>
Kind regards,<br>
Arjan Tijms<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Best CDI can do is to provide the request it has (already the case<br>
and cost pretty much nothing) and enable the user to produces very<br>
easily its own request from its filter (or equivalent) for its usage<br>
IMO - which is IMO already doable but maybe there is another<br>
shortcut we can introduce I didnt think about. If you look one step<br>
further any web framework built on top of CDI does it and therefore<br>
runs in a well known context.<br>
<br>
<br>
Romain Manni-Bucau<br></div></div>
@rmannibucau <<a href="https://twitter.com/rmannibucau" rel="noreferrer" target="_blank">https://twitter.com/rmannibuc<wbr>au</a>> | Blog<br>
<<a href="https://blog-rmannibucau.rhcloud.com" rel="noreferrer" target="_blank">https://blog-rmannibucau.rhcl<wbr>oud.com</a>> | Old Wordpress Blog<br>
<<a href="http://rmannibucau.wordpress.com" rel="noreferrer" target="_blank">http://rmannibucau.wordpress.<wbr>com</a>> | Github<br>
<<a href="https://github.com/rmannibucau" rel="noreferrer" target="_blank">https://github.com/rmannibuca<wbr>u</a>> | LinkedIn<br>
<<a href="https://www.linkedin.com/in/rmannibucau" rel="noreferrer" target="_blank">https://www.linkedin.com/in/r<wbr>mannibucau</a>> | Tomitriber<br>
<<a href="http://www.tomitribe.com" rel="noreferrer" target="_blank">http://www.tomitribe.com</a>> | JavaEE Factory<br>
<<a href="https://javaeefactory-rmannibucau.rhcloud.com" rel="noreferrer" target="_blank">https://javaeefactory-rmannib<wbr>ucau.rhcloud.com</a>><span class="gmail-"><br>
<br>
2016-09-08 13:03 GMT+02:00 arjan tijms <<a href="mailto:arjan.tijms@gmail.com" target="_blank">arjan.tijms@gmail.com</a><br></span>
<mailto:<a href="mailto:arjan.tijms@gmail.com" target="_blank">arjan.tijms@gmail.com</a>><wbr>>:<span class="gmail-"><br>
<br>
Hi,<br>
<br>
On Thu, Sep 8, 2016 at 12:40 PM, Martin Kouba <<a href="mailto:mkouba@redhat.com" target="_blank">mkouba@redhat.com</a><br></span><div><div class="gmail-h5">
<mailto:<a href="mailto:mkouba@redhat.com" target="_blank">mkouba@redhat.com</a>>> wrote:<br>
<br>
that's a good question. In Weld, the request object is<br>
captured during request context activation, i.e. during<br>
ServletRequestListener.request<wbr>Initialized() notification and<br>
before any filter or servlet is invoked. So wrappers are<br>
ignored and the original/first request is used.<br>
<br>
<br>
Indeed, although do note that some servers (Liberty and WebLogic<br>
I think) send the ServletRequestListener.request<wbr>Initialized()<br>
notification rather late, and do that after the application<br>
already has seen the request and has had a chance to wrap it.<br>
This by itself is a separate problem. So on these servers, Weld<br>
would receive an early request but not necessarily the earliest.<br>
<br>
<br>
But TBH I don't think we can fix this easily as I'm not<br>
aware of any portable way to listen for "wrapping actions".<br>
<br>
<br>
This would have to happen with Server specific code I guess,<br>
just as Weld now requires an SPI to obtain the current principal<br>
for injection.<br>
<br>
You could say that the Servlet container could store the request<br>
"somewhere" on a stack structure, just before it invokes the<br>
ServerAuthModule, Filter, Servlet and anything else I may have<br>
forgotten, and then when control flows back to each Servlet,<br>
Filter, etc unwind that stack.<br>
<br>
At the very least the spec for now should perhaps clarify this?<br>
<br>
Kind regards,<br>
Arjan Tijms<br>
<br>
<br>
<br>
<br>
<br>
Martin<br>
<br>
Dne 8.9.2016 v 11:02 arjan tijms napsal(a):<br>
<br>
Hi,<br>
<br>
The CDI spec defines a built-in bean for the type<br>
HttpServletRequest. In<br>
3.8 it says:<br>
<br>
"A servlet container must provide the following built-in<br>
beans, all of<br>
which have qualifier @Default:<br>
<br>
a bean with bean type<br>
javax.servlet.http.HttpServlet<wbr>Request, allowing<br>
injection of a reference to the HttpServletRequest"<br>
<br>
An HttpServletRequest however can be wrapped multiple<br>
times and by<br>
multiple artefacts. I.e. by a ServerAuthModule, Filter and a<br>
RequestDispatcher.<br>
<br>
The question now is; which version of the<br>
HttpServletRequest is supposed<br>
to be injected?<br>
<br>
* The first one in the chain?<br>
* The last one in the chain?<br>
* The current one at a given point in the chain?<br>
<br>
A little bit of experimenting seems to indicate it's now<br>
often "one of<br>
the first ones", e.g. the one that happened to be<br>
current when e.g. a<br>
ServletRequestListener that initialises a specific CDI<br>
implementation is<br>
called.<br>
<br>
I think this is a little confusing, as working with an<br>
injected request<br>
can now totally ignore the request wrapping that has<br>
been done and break<br>
an application badly.<br>
<br>
Thoughts?<br>
<br>
Kind regards,<br>
Arjan Tijms<br>
<br>
<br>
<br>
______________________________<wbr>_________________<br>
cdi-dev mailing list<br></div></div>
<a href="mailto:cdi-dev@lists.jboss.org" target="_blank">cdi-dev@lists.jboss.org</a> <mailto:<a href="mailto:cdi-dev@lists.jboss.org" target="_blank">cdi-dev@lists.jboss.or<wbr>g</a>><br>
<a href="https://lists.jboss.org/mailman/listinfo/cdi-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/cdi-dev</a><span class="gmail-"><br>
<<a href="https://lists.jboss.org/mailman/listinfo/cdi-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailm<wbr>an/listinfo/cdi-dev</a>><br>
<br>
Note that for all code provided on this list, the<br>
provider licenses the code under the Apache License,<br>
Version 2<br>
(<a href="http://www.apache.org/licenses/LICENSE-2.0.html" rel="noreferrer" target="_blank">http://www.apache.org/license<wbr>s/LICENSE-2.0.html</a><br></span>
<<a href="http://www.apache.org/licenses/LICENSE-2.0.html" rel="noreferrer" target="_blank">http://www.apache.org/license<wbr>s/LICENSE-2.0.html</a>>). For<span class="gmail-"><br>
all other ideas provided on this list, the provider<br>
waives all patent and other intellectual property rights<br>
inherent in such information.<br>
<br>
<br>
--<br>
Martin Kouba<br>
Software Engineer<br>
Red Hat, Czech Republic<br>
<br>
<br>
<br>
______________________________<wbr>_________________<br>
cdi-dev mailing list<br></span>
<a href="mailto:cdi-dev@lists.jboss.org" target="_blank">cdi-dev@lists.jboss.org</a> <mailto:<a href="mailto:cdi-dev@lists.jboss.org" target="_blank">cdi-dev@lists.jboss.or<wbr>g</a>><br>
<a href="https://lists.jboss.org/mailman/listinfo/cdi-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/cdi-dev</a><span class="gmail-"><br>
<<a href="https://lists.jboss.org/mailman/listinfo/cdi-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailm<wbr>an/listinfo/cdi-dev</a>><br>
<br>
Note that for all code provided on this list, the provider<br>
licenses the code under the Apache License, Version 2<br>
(<a href="http://www.apache.org/licenses/LICENSE-2.0.html" rel="noreferrer" target="_blank">http://www.apache.org/license<wbr>s/LICENSE-2.0.html</a><br></span>
<<a href="http://www.apache.org/licenses/LICENSE-2.0.html" rel="noreferrer" target="_blank">http://www.apache.org/license<wbr>s/LICENSE-2.0.html</a>>). For all<span class="gmail-"><br>
other ideas provided on this list, the provider waives all<br>
patent and other intellectual property rights inherent in such<br>
information.<br>
<br>
<br>
<br>
</span></blockquote>
</blockquote></div><br></div></div>