Hi All,
I think I owe the community an explanation of the current situation and how I came there. It will help everybody interested to better understand the
situation. I'll try to make it as concise as possible (not my strong point).
For a custom project, and another custom feature which will perhaps be contributed, I wanted to allow a signed in user on an OFBiz instance to get
securely signed in on another OFBiz instance on another domain.
My 1st try was a failure. I made an architectural mistake due to my initial test done locally and later using the trunk demo. Then I created another
version based on the 1st one which I believe is sound and well architectured: OFBIZ-10307
Though some parts are still useful, I wanted to revert the 1st version. But
then I stumbled upon an issue which took me a moment to identify.
1. I wanted to revert a HttpServletRequestWrapper I put in the ContextFilter.
2. But when I reverted it I got a weird error saying that the userLogin service
could no longer handle an IN standard HttpServletRequest parameter
3. I did that and found that it was due to Tomcat 8.5 using a temporary and
unachieved servlet4preview (for Servlet 4.0 preview) which hides the
standard HttpServletRequest.
4. We have discussed that[1] and, thanks to Scott's idea, decided so far to use
the type-validate child element of attribute.
5. Eventually we want to update Tomcat 8.5 to to Tomcat 9 (where Servlet 4.0 is
totally, and I suppose well implemented) to get rid of other possible
issues due to servlet4preview.
6. I think we don't want to revert to Tomcat 8, but that's a community decision
HTH
Jacques
[1] thread "Re: svn commit: r1827439..."