What is allowed to do with a HttpServletRequest ?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

What is allowed to do with a HttpServletRequest ?

cristi-2
Hello all

I have a web application where I need to use in a second request the
HttpServletRequest object sent to the same servelet in the first
request.

Here is what my servlet looks like :

public void doGet( HttpServletRequest request, HttpServletResponse response )
{
     /*
     some code here detecting if this request
     is the first one. This code initializes
     isFirstRequest
     */

    if( isFirstRequest )
    {
        session.setAttribute( "FIRST_REQUEST_OBJECT", request );
        request.getRequestDispatcher("somepage.jsp").forward(request, response);
    }
    else
    {
        HttpServletRequest oreq = (HttpServletRequest)session.getAttribute("FIRST_REQUEST_OBJECT");
        request.getRequestDispatcher("somepage.jsp").forward(oreq, response);
    }

}

It seems that it is not safe to do so. What can I do to handle this situation ?

Thx.
Cristi


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: What is allowed to do with a HttpServletRequest ?

gehel
The question is probably : "why do you need to refer to the first
request ?". Dont you need to actually refer to some state of the
request ? Could you extract that state from the request instead of
storing the full request ?

  Maybe I'm just asking a dumb question, but I have problem
understanding why you would need the whole request ...

On 7/14/05, cristi <[hidden email]> wrote:

> Hello all
>
> I have a web application where I need to use in a second request the
> HttpServletRequest object sent to the same servelet in the first
> request.
>
> Here is what my servlet looks like :
>
> public void doGet( HttpServletRequest request, HttpServletResponse response )
> {
>      /*
>      some code here detecting if this request
>      is the first one. This code initializes
>      isFirstRequest
>      */
>
>     if( isFirstRequest )
>     {
>         session.setAttribute( "FIRST_REQUEST_OBJECT", request );
>         request.getRequestDispatcher("somepage.jsp").forward(request, response);
>     }
>     else
>     {
>         HttpServletRequest oreq = (HttpServletRequest)session.getAttribute("FIRST_REQUEST_OBJECT");
>         request.getRequestDispatcher("somepage.jsp").forward(oreq, response);
>     }
>
> }
>
> It seems that it is not safe to do so. What can I do to handle this situation ?
>
> Thx.
> Cristi
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: What is allowed to do with a HttpServletRequest ?

Peter Crowther
In reply to this post by cristi-2
> From: cristi [mailto:[hidden email]]
> I have a web application where I need to use in a second request the
> HttpServletRequest object sent to the same servelet in the first
> request.
[...]
> session.setAttribute( "FIRST_REQUEST_OBJECT", request );

Unsafe.  Servlet containers may re-use request objects between
invocations.  Can't remember for sure, but I think Tomcat does so.  So
your second request object may be identical to your first request
object.

> It seems that it is not safe to do so. What can I do to
> handle this situation ?

As Guillaume said: copy the state you need from the first request into
the session, rather than storing the entire request.

                - Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: What is allowed to do with a HttpServletRequest ?

Bill Barker-2
In reply to this post by cristi-2

"cristi" <[hidden email]> wrote in message
news:[hidden email]...

> Hello all
>
> I have a web application where I need to use in a second request the
> HttpServletRequest object sent to the same servelet in the first
> request.
>
> Here is what my servlet looks like :
>
> public void doGet( HttpServletRequest request, HttpServletResponse
> response )
> {
>     /*
>     some code here detecting if this request
>     is the first one. This code initializes
>     isFirstRequest
>     */
>
>    if( isFirstRequest )
>    {
> session.setAttribute( "FIRST_REQUEST_OBJECT", request );
> request.getRequestDispatcher("somepage.jsp").forward(request, response);
>    }
>    else
>    {
> HttpServletRequest oreq =
> (HttpServletRequest)session.getAttribute("FIRST_REQUEST_OBJECT");
> request.getRequestDispatcher("somepage.jsp").forward(oreq, response);
>    }
>
> }
>
> It seems that it is not safe to do so. What can I do to handle this
> situation ?
>

According to the spec (section 8.2 for those of you following along at home
:), the only safe HttpServletRequest to pass is the one that was passed into
the Servlet, or a child of HttpServletRequestWrapper that wraps the one that
was passed into the Servlet.

Tomcat happens to be very lenient in inforcing this restriction among
Servlet-Containers out there.  The other-guys would probably throw an
exception straight away for attempting something like the above.

> Thx.
> Cristi




---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]