Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Our installer adds this configuration to the users web.xml file for the session state replication:
<filter-mapping> <filter-name>gemfire-session-filter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>REQUEST</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping>
This means that our filter will be applied to all incoming requests, and it will be applied again if the request is forwarded to or includes another servlet.
We wrap the HttpServletRequest in our own RequestWrapper class. We have some code that tries to prevent wrapping a request multiple times:
/** * Early out if this isn't the right kind of request. We might see a * RequestWrapper instance during a forward or include request. */ if (request instanceof RequestWrapper || !(request instanceof HttpServletRequest)) { LOG.debug("Handling already-wrapped request"); chain.doFilter(request, response); return; }
Unfortunately, this check will not work if there are other filters in the chain that also wrap the HttpServletRequest. That can result in us wrapping the forwarded request in a new RequestWrapper that will create another session.
We should not add these <dispatcher/> elements to the web.xml; it should be sufficient for our filter to intercept all requests initially. In addition, we might want to enhance our check to see if we have already wrapped a request to follow the chain of wrapped requests deeper. As long as other filters wrap the request in a subclass of HttpServletRequestWrapper we should be able to unwrap the request if needed.
Attachments
Issue Links
- links to