*blink* *blink* Um, yes, that will work nicely.
In fact, based on your suggestion I did a web search and found a similar, worked example - http://www-106.ibm.com/developerworks/java/library/j-tomcat/ . Cool! Thank you very much :-)! cheers, Chris -----Original Message----- From: Jon Wingfield [mailto:[EMAIL PROTECTED] Sent: Mon 8/23/2004 11:07 PM To: Tomcat Users List Cc: Subject: Re: How to write a Valve that can inspect the HTTP Body, without damaging the InputStream? Can't you use a java.io.PushbackInputStream? You could write a Filter instead of a Valve. In the Filter wrap the ServletRequest and provide a custom ServletInputStream which uses the PushbackInputStream around the real ServletInputStream. Once security checks have passed you can push back the used bytes and pass on your wrapped ServletRequest down the Filter chain to the 3rd party servlets. HTH, Jon Betts, Chris wrote: > Hi Folks, > > I want to write a tomcat security Valve that does content checking of the HTTP > body, before anything else happens (e.g. 3rd party destination servlets I have no > control over are called). > > However, to read the body data I 'use up' the inputStream, and can't find any way > to put it back - the result is the final servlet gets an empty body. > > Unfortunately, the data is actually HTTP POST data containing SOAP/XML, otherwise > I could use the servlet request parameter methods. Since it is SOAP/XML though, I > really have to get the body data directly, as no parameters are set. > > I've tried mark() and reset() on both the input stream and the reader methods, > but no luck (not implemented and no effect respectively). And, coyote doc not > withstanding, 'setStream()' is actually a no-op - the source code shows it is an > empty method - so I can't reset the stream that way. > > > I'm getting a 'you can't get there from here feeling' at this stage; does anyone > have any clues? I'm using tomcat 4.0.29 at the moment, but the code seems pretty > similar in tomcat 5 as well so I don't think switching will help... > > thanks heaps in advance :-), > > - Chris > > Dr Christopher Betts > Web Services Security > Computer Associates > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
