The Geronimo project has encountered a TCK issue running with Tomcat
5.5.12. We'd appreciate your help with the problem.
In the test, a POST Request without a message body is being received
and a 403 "The request body was too large to be cached during the
authentication process" is being improperly returned by Tomcat.
I believe the problem is in
o.a.c.authenticator.FormAuthenticator.saveRequest() (or subsequent
processing). In 5.5.12, if the message type is POST, saveRequest()
will always attempt to save the Request body. The following code is
new in saveRequest() since 5.5.9.
if ("POST".equalsIgnoreCase(request.getMethod())) {
ByteChunk body = new ByteChunk();
body.setLimit(request.getConnector().getMaxSavePostSize());
byte[] buffer = new byte[4096];
int bytesRead;
InputStream is = request.getInputStream();
while ( (bytesRead = is.read(buffer) ) >= 0) {
body.append(buffer, 0, bytesRead);
}
saved.setBody(body);
}
AFAICT, this code is assuming that there will always be a message
body in the POST Request. However, this is not necessarily the case
(and is certainly not true for the problem at hand). Eventually,
SocketInputStream.read() is called from within
o.a.coyote.http11.InternalReadBuffer.fill(). This call will throw a
SocketTimeoutException.
The following code in FormAuthenticator.authenticate() interprets
this IOException as a Request body overflow:
try {
saveRequest(request, session);
} catch (IOException ioe) {
log.debug("Request body too big to save during
authentication");
response.sendError(HttpServletResponse.SC_FORBIDDEN,
sm.getString
("authenticator.requestBodyTooBig"));
return (false);
}
Thanks for your help...
--kevan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
