On 11/12/2019 19:17, Christopher Schultz wrote: > On 12/11/19 13:01, Mark Thomas wrote:
<snip/> >> Setting RECYCLE_FACADES=true does exactly that. Continued used by >> the app triggers an NPE since the underlying request/response is no >> longer there. Hence my question. > > RequestFacade currently has a number of methods that perform > null-checks on the "request" member, but not all methods do this. Exampl > e: > > @Override > public ServletContext getServletContext() { > if (request == null) { > throw new IllegalStateException( > sm.getString("requestFacade.nullRequest")); > } > > return request.getServletContext(); > } > > Negative example: > > @Override > public AsyncContext startAsync() throws IllegalStateException { > return request.startAsync(); > } > > Should these be aligned? Probably. It will only change the exception from an NPE to ISE but I guess we should be consistent here. > It seems to me that if recycleFacades="false" then there really isn't > any reason to wrap the request (response, etc.) in a facade object at > all, is there? It makes it harder for a malicious app to get at the internal object. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org