Re: TCK Issue with Tomcat 5.5.12

Wed, 21 Dec 2005 22:45:50 -0800 

"Kevan Miller" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
> The Geronimo project has encountered a TCK issue running with Tomcat 
> 5.5.12. We'd appreciate your help with the problem.
>

I hope that you know that you've just violated your NDA by posting this on a 
public list :).

> In the test, a POST Request without a message body is being received  and 
> a 403 "The request body was too large to be cached during the 
> authentication process" is being improperly returned by Tomcat.
>
>
> I believe the problem is in 
> o.a.c.authenticator.FormAuthenticator.saveRequest() (or subsequent 
> processing). In 5.5.12, if the message type is POST, saveRequest()  will 
> always attempt to save the Request body. The following code is  new in 
> saveRequest() since 5.5.9.
>
>         if ("POST".equalsIgnoreCase(request.getMethod())) {
>             ByteChunk body = new ByteChunk();
>             body.setLimit(request.getConnector().getMaxSavePostSize());
>
>             byte[] buffer = new byte[4096];
>             int bytesRead;
>             InputStream is = request.getInputStream();
>
>             while ( (bytesRead = is.read(buffer) ) >= 0) {
>                 body.append(buffer, 0, bytesRead);
>             }
>             saved.setBody(body);
>         }
>
> AFAICT, this code is assuming that there will always be a message  body in 
> the POST Request. However, this is not necessarily the case  (and is 
> certainly not true for the problem at hand). Eventually, 
> SocketInputStream.read() is called from within 
> o.a.coyote.http11.InternalReadBuffer.fill(). This call will throw a 
> SocketTimeoutException.
>

Then the test is broken.  It should either have a 'Content-Length: 0' header 
or a 'Transfer-Encoding: chunked' header with a '0' content delimater.  I 
don't do NDAs, so I don't know which it is.  If Sun can't follow the RFC, I 
really don't care.

> The following code in FormAuthenticator.authenticate() interprets  this 
> IOException as a Request body overflow:
>
>             try {
>                 saveRequest(request, session);
>             } catch (IOException ioe) {
>                 log.debug("Request body too big to save during 
> authentication");
>                 response.sendError(HttpServletResponse.SC_FORBIDDEN,
>                         sm.getString ("authenticator.requestBodyTooBig"));
>                 return (false);
>             }
>
>  Thanks for your help...
>
> --kevan 




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to