Thanks for your answer Konstantin !. I will re-verify the code.
Adhavan.M On Sat, Jan 30, 2016 at 5:56 PM, Konstantin Kolinko <knst.koli...@gmail.com> wrote: > 2016-01-20 1:47 GMT+03:00 Mark Thomas <ma...@apache.org>: > > On 19/01/2016 16:37, Adhavan Mathiyalagan wrote: > >> Thanks Mark ! Please find my answer > >> > >> Figure out what is inserting something other than String[] as the value > >> into a Map<String,String[]> instance. > >> > >> There are lot of places in Client we insert 'Integer' datatype (Also > >> other datatypes) .I fear that it is going to be more > >> tedious thing to identify and fix all the client code. > >> > >> Is there any other way or path forward to fix this ? (Like upgrading > the > >> displaytag version > >> which is currently 1.1) Or Is the modifying the Client Code is the only > >> path forward ? > > > > It depends. How are you inserting Integers into that Map? I'm trying to > > figure out if this is a client code bug or if the restriction that was > > added to Tomcat was overly strict and needs to be reverted. > > > > Looking for DisplayTag 1.1 source jar at Maven Central, it is a > rather old library. The latest version is 1.2 (released in 2008). > > 1.1 was released in 2006. Why OP haven't upgraded to 1.2 ? > > Web site: > http://www.displaytag.org/ > http://sourceforge.net/projects/displaytag/ > > That said, I do not see any obvious errors in that library. It creates > a copy of parameter map (DefaultRequestHelper.getParameterMap()). I do > not see it inserting any values into original map. I also do not see > it implementing a ServletRequestWrapper. > > So I think the error is not in the library, but in some other code. > > > I think the Tomcat code is OK. > > The official Servlet Specification javadoc says that the values in > ParameterMap are String[], and this requirement has to be enforced at > some point of time. Looking into Servlet 2.4 Javadoc (the spec > released in 2003, implemented by Tomcat 5.x) it says exactly the same. > [1][2] So a library released in year 2006 must follow it. > > > Regarding a technical way to insert incorrect parameters. In theory I > see two ways: > > 1. org.apache.catalina.core.ApplicationHttpRequest is a wrapper. The > wrapped request may be beyond our control, but it still has to follow > the spec. > > 2. The map returned by ApplicationHttpRequest class must be immutable > [2], but it is not enforced. I filed > https://bz.apache.org/bugzilla/show_bug.cgi?id=58946 > > > [1] > https://wiki.apache.org/tomcat/Specifications#Java_Servlet_Specifications > [2] > http://docs.oracle.com/javaee/1.4/api/javax/servlet/ServletRequest.html#getParameterMap%28%29 > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >