Hey, Thanks for your analyse.
I guess the only way out of this is to prevent the use of getparameter() in case of a HTTP post. This may be ok for us, as our secuId is sent using the querystring, thus HTTP GET. I've seen a place where request.getParameter() is used thus: in FormAuthenticator. But after son digging, I've seen that in that case a new request object is build from scratch by the valve and resent to the target servlet. -antonio >> Those cases are a "java.io.IOException: Connection reset by peer: >> Amount read didn't match content-length " for the WebObject servlet, >> and a EOFException in the invoker servlet in Jboss). > >That seems fairly straightforward: the client is sending a >Content-Length that doesn't match the amount of data sent: too few bytes >or too many. Can you post the whole stack trace? Here is the Webobject servlet stacktrace: java.io.IOException: Connection reset by peer: Amount read didn't match content-length at com.webobjects.appserver._private.WONoCopyPushbackInputStream.read(WONoCopyPushbackInputStream.java:175) at com.webobjects.appserver._private.WOInputStreamData._extractBytesFromInputStream(WOInputStreamData.java:105) at com.webobjects.appserver._private.WOInputStreamData.bytesNoCopy(WOInputStreamData.java:137) at com.webobjects.foundation.NSData._bytesNoCopy(NSData.java:502) at com.webobjects.appserver.WOMessage.contentString(WOMessage.java:651) at Application.dispatchRequest(Unknown Source) at com.webobjects.jspservlet._WOApplicationWrapper.servletDispatchRequest(_WOApplicationWrapper.java:118) at com.webobjects.jspservlet.WOServletAdaptor._handleRequest(WOServletAdaptor.java:581) at com.webobjects.jspservlet.WOServletAdaptor.doPost(WOServletAdaptor.java:548) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.borland.pso.security.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:41) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:543) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at hug.jade.security.tomcat.valve.HugSSOValve.invoke(HugSSOValve.java:114)