[gatein-dev] Retrieve wrong HttpSession after install LocalizationFilter

Marko Strukelj marko.strukelj at gmail.com
Sun Sep 5 17:18:16 EDT 2010 

Thanks to your excellent analysis it was easy for me to figure out a fix.

The problem is that LocalizationFilter's HttpRequestWrapper for reasons of
brewity extends, and makes use of HttpServletRequestWrapper which is there
for exactly that purpose.

Catalina, however is being a bit too smart, probably in order to support
certain cross-context scenarios, but in a way that breaks proper behaviour
for our case. In ApplicationDispatcher it detects that LocalizationFilter's
HttpRequestWrapper is instanceof ServletRequestWrapper, and injects a
different request object into it via inherited setRequest() method -
effectively making it wrap a completely different request.

The solution is simply not to use HttpServletRequestWrapper when
implementing LocalizationFilter's HttpRequestWrapper.

I'll do some more tests before committing.



On Sun, Sep 5, 2010 at 4:00 PM, Phuong Vu Viet <vstorm83 at gmail.com> wrote:

> Steps to reproduce:
> - Try to register new user : fill the form with all needed data
> - Expect : Register successfully, but always show PopupMessage : Text
> verification isn't correct
>
> I've tried to debug and found that :
> - in PortalController servlet and CaptchaServlet : i can retrieve the same
> HttpSession from the HttpRequestWrapper (wrapped in LocalizationFilter)
> - but in the CaptchaValidator : after call to
> portalRequestContext.getRequest().getSession() , the HttpSession object is
> difference with the one we retrieved in PortalController
>
> Actually, in each request, ApplicationDispatcher doesn't wrap the
> ServletFacade , it wrap the HttpRequestWrapper (RequestFacade has already
> wrapped by LocalizationFilter), and the local variable crossContext is set
> to true --> In portlet, when i call getSession(), the wrapper object
> delegates the call to ApplicationHttpRequest, but this wrapper doesn't
> delegate to RequestFacade's getSession() method but return the wrong
> HttSession
> _______________________________________________
> gatein-dev mailing list
> gatein-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/gatein-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/gatein-dev/attachments/20100905/6b225e2c/attachment.html

More information about the gatein-dev mailing list