Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
2.0.0
-
None
Description
Below copied (in part) from email discussion on the Pluto dev list, see also: http://www.nabble.com/More-required-Pluto-2.0-SPI-and-implementation-refactoring-issues-td21973310.html
-
-
- InternalPortletRequest/Response implementations (and subclasses thereof) extending HttpServletRequest/ResponseWrapper
This solution (dating back from Pluto 1.0 implementation) has a very tricky but serious flaw.
By using a single instance HttpServletRequestWrapper instance for both the PortletRequest and dispatched ServletRequest,
a dispatched servlet retrieving the current PortletRequest (or Response) using HttpServletRequest.getAttribute("javax.portlet.request") as
specified by the Portlet specification (PLT.19.3.2), will actually return the current HttpServletRequestWrapper itself again.
So far, nothing wrong yet.
But, as the InternalPortletRequestImpl (which is the real implementation class) also maintains internal instance state concerning its dispatched state and based upon that decides how overlapping methods need to behave, the PortletRequest object
retrieved like this from within a servlet environment actually behaves as a dispatched ServletRequest.
This is not compliant with the Portlet specification, even if the current JSR-286 TCK doesn't (properly) test against this.
The only solution to solve this is not using a piggy back solution for the dispatched ServletRequest/Response objects, but use independent
instances for the PortletRequest/Response and wrap these within the dispatched ServletRequest/Response objects.
- InternalPortletRequest/Response implementations (and subclasses thereof) extending HttpServletRequest/ResponseWrapper
-
This is a rather big change, but really required.
On the bright side, doing so will result in a much more readable/maintainable solution as the current implementation has to maintain some tricky state flags to keep track of its "identity". Getting rid of all that and moving the dispatched servlet specific handling in separate
classes will make this much easier and transparent to deal with.