On 11/12/2019 19:17, Christopher Schultz wrote:
> On 12/11/19 13:01, Mark Thomas wrote:
<snip/>
>> Setting RECYCLE_FACADES=true does exactly that. Continued used by
>> the app triggers an NPE since the underlying request/response is no
>> longer there. Hence my question.
>
> RequestFacade currently has a number of methods that perform
> null-checks on the "request" member, but not all methods do this. Exampl
> e:
>
> @Override
> public ServletContext getServletContext() {
> if (request == null) {
> throw new IllegalStateException(
> sm.getString("requestFacade.nullRequest"));
> }
>
> return request.getServletContext();
> }
>
> Negative example:
>
> @Override
> public AsyncContext startAsync() throws IllegalStateException {
> return request.startAsync();
> }
>
> Should these be aligned?
Probably. It will only change the exception from an NPE to ISE but I
guess we should be consistent here.
> It seems to me that if recycleFacades="false" then there really isn't
> any reason to wrap the request (response, etc.) in a facade object at
> all, is there?
It makes it harder for a malicious app to get at the internal object.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
