https://bz.apache.org/bugzilla/show_bug.cgi?id=58289
--- Comment #2 from Tim Hunt <t.j.h...@open.ac.uk> ---
Thanks for your response.
I understand what you are saying about request.getRemoteAddr(), but ...
1. As I say above, the wrong IP address is getting logged in the Tomcat access
logs. Surely my application code should not affect what is logged there.
2. My application code is not quite as simple as:
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
if (!isAllowed(request.getRemoteAddr())) {
sendError(request, response, HttpServletResponse.SC_FORBIDDEN,
"You are not authorised to access this URL.");
}
sendResponse(request, response);
}
but it is not fundamentally more complex than that. Also, there is no where in
the code where we store request or response. They are just used as local
variables in the various methods the generate the response, and when they go
out of scope they are left for the garbage collector.
All errors are logged reliably. One of the oversimplifications I made in the
code snipped above is the big try catch finally block the surrounds the whole
of doGet and doPost. Because of trying to understand this bug, I have been
grepping our logs for words like 'error' before and after the config change,
and after the config change there were no null pointer exceptions.
I will agree that it is very mysterious. Still, I wanted to get this bug report
filed, because in all my Googling for possible explanations, I only found that
one closed bug that offered any clues.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
