https://bz.apache.org/bugzilla/show_bug.cgi?id=62405
Bug ID: 62405
Summary: Add Rereadable Request Filter
Product: Tomcat 9
Version: unspecified
Hardware: PC
Status: NEW
Severity: enhancement
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: d...@21solutions.net
Target Milestone: -----
Many times Filters need to read the body of the Request in order to inspect it,
e.g. a security filter that might inspect incoming request for XSS or SQL
Injection values.
But if that filter is not written properly, inspecting the request by calling
getInputStream() or getReader(), will put the Request in an illigal state for
subsequent reads, and if the Servlet or any other filter in the chain will try
to call getReader() again an IllegalStateException will be thrown:
From
https://docs.oracle.com/javaee/7/api/javax/servlet/ServletRequest.html#getInputStream--
> IllegalStateException - if the getReader() method has already been called for
> this request
https://docs.oracle.com/javaee/7/api/javax/servlet/ServletRequest.html#getReader--
> IllegalStateException - if getInputStream() method has been called on this
> request
I propose to add a general purpose, RereadableRequestFilter (working title),
that will allow to re-read a request's body by caching it on the first read,
and returning the value from cache on subsequent reads.
That way a Filter that need to inspect the Request can simply wrap it with the
RereadableRequestFilter and not worry about those details.
I already have the code for such a filter which I've written a while back, so I
can tweak it as needed and add it rather easily if there is no objection for
this enhancement.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
