On 02/05/18 16:08, Dirk Ooms wrote: > Mark, > > you can reproduce it using the FormAuthentication example in the > examples (http://localhost:8080/examples/jsp/security/protected/) > > edit index.jsp > 1. add the line "RequestURI: <%= request.getRequestURI() %><br><br>" in > begin of body > 2. change the method of the form from GET to POST > > scenario: > 1. go to http://localhost:8080/examples/jsp/security/protected/ > 2. log in > 3. open second tab/window to same url > 4. log out in second tab/window > 5. go to initial window and submit form > 6. log in again > 7. observe the malformed requestURI
Thanks for the reproduction steps. They were a huge help. This was introduced in 8.5.x with some refactoring that reduced copying between I/O buffers during request processing. Essentially, the saved request body was over-writing the cached bytes for the URI. I'll be committing a fix shortly which will be available in 9.0.9 and 8.5.32 onwards. Mark > > see also attached screenshots (if they make it to the mailing list). > > dirk > > > On 1 May 2018 at 16:20, Dirk Ooms <dir...@gmail.com > <mailto:dir...@gmail.com>> wrote: > > apologies for the incomplete info. it is tomcat 9.0.6 > > i will try to set up a test case and get back to you. > > dirk > > > On 1 May 2018 at 16:07, Mark Thomas <ma...@apache.org > <mailto:ma...@apache.org>> wrote: > > On 01/05/18 14:36, Dirk Ooms wrote: > > Hello, > > > > i did an upgrade from tomcat5.5 to tomcat9 and i'm using > j_security_check. > > > > in tomcat5.5 when a user was not logged in and he/she requested a > url, the > > login page was returned and after logging in the user was given the > > requested resource. when i requested request.getRequestURI() in my > code the > > returned uri was correct for both GET and POST. > > > > in tomcat9 this is not the case anymore for POST (for GET still > ok). when i > > call request.getRequestURI() after the user is logged in, it returns > > "chString" in my case, which is a part of the name of the first > form field > > ("searchString") of the original POST. > > > > any idea? am i missing something? > > The exact Tomcat 9 version. > > A test case that demonstrates the issue. > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > <mailto:users-unsubscr...@tomcat.apache.org> > For additional commands, e-mail: users-h...@tomcat.apache.org > <mailto:users-h...@tomcat.apache.org> > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
