https://issues.apache.org/bugzilla/show_bug.cgi?id=56555
Bug ID: 56555
Summary: Multiple connection headers for status 400 when
"keep-alive" is specified
Product: Tomcat 7
Version: 7.0.53
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: lee.br...@gmail.com
Background/Expected Behavior:
Our application is a RESTful web service, we return error responses with status
code 400 in situations, like for example when a POST to access a request token
contains a valid username but invalid password. In such cases we return a
specific error message, and we would not like to have the TCP connection closed
(SSL Handshake is very expensive). In these cases, if we add the header
"Connection: keep-alive" to our outgoing response the assumption is that it
will be honored by the container. This does not appear to be the case.
Actual Behavior:
In the above situation, what actually happens is that two Connection headers
are added to the response. The first, with a value of "keep-alive" from my
exception handler in the application, and the second, with a value of "close"
added by the container.
Analysis:
Looking into the tomcat code, specifically, We can see the following:
--Begin code snippet from AbstractHttp11Processor (lines: 1513-1524)--
// If we know that the request is bad this early, add the
// Connection: close header.
keepAlive = keepAlive && !statusDropsConnection(statusCode);
if (!keepAlive) {
// Avoid adding the close header twice
if (!connectionClosePresent) {
headers.addValue(Constants.CONNECTION).setString(
Constants.CLOSE);
}
} else if (!http11 && !error) {
headers.addValue(Constants.CONNECTION).setString(Constants.KEEPALIVE);
}
--End code snippet--
The value for connectionClosePresent comes from the following:
--Begin code snippet from AbstractHttp11Processor (lines: 1546-1552)--
private boolean isConnectionClose(MimeHeaders headers) {
MessageBytes connection = headers.getValue(Constants.CONNECTION);
if (connection == null) {
return false;
}
return connection.equals(Constants.CLOSE);
}
--End code snippet--
This code only checks for a "Connection: close" header, not for the presence of
a Connection header already. Should the code from line 1518 ('if
(!connectionClosePresent)') not also check for the presence of a Connection
header to avoid adding multiple conflicting entries, not just duplicate
entries?
Thanks in advance!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
