Milo,
On 10/28/15 4:03 PM, Milo van der Zee wrote:
> That is what I did but I expect a lot of people to have this problem.
> Seeing a lot of default valves included I would like to also have this
> valve as default.
-1
Most applications don't need this. It's another layer of code that
doesn't need to execute for every request. It's another potential way
for request objects to be leaked. It's a potential security
vulnerability / encapsulation violation.
You have easily implemented this Valve and can feel free to distribute
it, but Tomcat is not likely to include this Valve and, if so, I would
strenuously object to it being enabled by default.
> public class RequestValve extends ValveBase {
> /**
> * Session for current thread.
> */
> static InheritableThreadLocal<Request> requestHolder = new
> InheritableThreadLocal<>();
>
> @Override
> public void invoke(Request request, Response response) throws
> IOException, ServletException {
> requestHolder.set(request);
> try {
> getNext().invoke(request, response);
> } finally {
> requestHolder.remove();
> }
> }
>
> public static Request getRequest() {
> return requestHolder.get();
> }
> }
Have you checked to make sure this Valve works as expected when the
request is FORWARDed or INCLUDed?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
