Hi Mark, On 13/02/06, Mark Thomas <[EMAIL PROTECTED]> wrote: > Kevin McCormack wrote: > > Possible Fix? > > ========== > > I looked through the Tomcat 5.5.12 source code and ended up in the > > org.apache.catalina.authentication.FormAuthenticator class and noticed > > that there is no code there to save the request parameters from the > > original request into the saved request in the saveRequest() mehtod > > and to copy them into the final 'new' request in the restoreRequest() > > method. Am I missing something here? > Yep, lines 478 to 490 of the current version of FormAuthenticator
I have these lines in my download of 5.5.12 source (I downloaded 5.5.15 source and the class looks identical). This code is trying to copy the request body I find that the request body into a byte array but in my test scenario, there is nothing in the buffer. > > Conclusion > > ======== > > I believe that this is a bug and that I have found a fix for it but > > I'm not a Tomcat expert and would like someone who knows the code to > > verify that a) this is a bug and b) that it has not been fixed > > somewhere else that I am unaware of. I'm willing to raise a bug and > > post the fixed code if desired. > This might be a bug but your fix is the wrong way to do it. You have > to assume a request parameter encoding and that causes i18n problems. Fair enough. I was just pointing out that saving and re-loading the request parameters seemed to solve the problem - which would indicate that something has gone wrong somewhere. > Is your setting of maxSavePostSize appropriate? I haven't modified this but it is a very small HTTP POST request with only 3 parameters so I can't imagine it would be a problem. Also the app works fine with similar requests that don't go through the FormAuthenticator class. > If you are convinced you have a bug, a test case (as simple as > possible ready to run war with all source code) will greatly increase > the chances that someone looks at it. I'll try and get back to you soon with a test case. > Mark > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
