Hello Chris, Thanks for pointing me to my mistake. I did not check InheritableThreadLocal functionality enough. In my usecase not an issue I think.
With 'default' I do not mean 'enabled by default'. I mean that it is available in the classpath like the valves mentioned in https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html. I only access the data in this valve from the loginModule and so I think that FORWARD and INCLUDE are no issue there... To prevent those errors it might be better to add a callback like in WebLogic or WebSphere to be able to access the request from within the jass loginModule. I checked JASPIC don't read much enthusiasm about it. Good thing would be that it is standardised but how many people change container and so need portability? MAG, Milo 2015-10-28 21:08 GMT+01:00 Christopher Schultz <ch...@christopherschultz.net >: > Milo, > > On 10/28/15 4:03 PM, Milo van der Zee wrote: > > That is what I did but I expect a lot of people to have this problem. > > Seeing a lot of default valves included I would like to also have this > > valve as default. > > -1 > > Most applications don't need this. It's another layer of code that > doesn't need to execute for every request. It's another potential way > for request objects to be leaked. It's a potential security > vulnerability / encapsulation violation. > > You have easily implemented this Valve and can feel free to distribute > it, but Tomcat is not likely to include this Valve and, if so, I would > strenuously object to it being enabled by default. > > > public class RequestValve extends ValveBase { > > /** > > * Session for current thread. > > */ > > static InheritableThreadLocal<Request> requestHolder = new > > InheritableThreadLocal<>(); > > > > @Override > > public void invoke(Request request, Response response) throws > > IOException, ServletException { > > requestHolder.set(request); > > try { > > getNext().invoke(request, response); > > } finally { > > requestHolder.remove(); > > } > > } > > > > public static Request getRequest() { > > return requestHolder.get(); > > } > > } > > Have you checked to make sure this Valve works as expected when the > request is FORWARDed or INCLUDed? > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
