Bug 54624 - Form authenticator hangs on re-authentication of POST request behind mod_proxy_ajp
Summary: Form authenticator hangs on re-authentication of POST request behind mod_prox...
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 7
Classification: Unclassified
Component: Connectors (show other bugs)
Version: 7.0.37
Hardware: All Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-02-28 21:44 UTC by lev
Modified: 2013-03-06 20:49 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description lev 2013-02-28 21:44:55 UTC
Setup: Tomcat AJP connector behind mod_proxy_ajp, form-based authentication.

When session expires and a POST request is submitted, Tomcat shows login form, user logs in, authenticator tries to restore the original POST request. Doing that, it tries to swallow the AJP message body before replacing the body of the request with the original POST request body. It tries to read the first 4 bytes of the AJP message (the message length) and blocks forever waiting for those 4 bytes.
Comment 1 Mark Thomas 2013-03-06 20:49:01 UTC
This looks like mod_jk will be affected as well.

The issue has been fixed in trunk and 7.0.x and will be included in 7.0.37 onwards.