SEC-1639: VirtualFilterChain.resetWrapper does not handle nested FilterChainProxy's #1879

spring-issuemaster opened this Issue Dec 16, 2010 · 0 comments


None yet

2 participants


Rob Winch (Migrated from SEC-1639) said:

Since VirtualFilterChain.resetWrapper breaks on the first FirewalledRequest it doesn't handle nested FilterChainProxy's (i.e. new RequestWrapper(new RequestWrapper(originalRequest)) ). My current thought on fixing this is to pass in the actual FirewalledRequest into the constructor of the VirtualFilterChain and call reset on it. This would ensure the correct one gets called. It also eliminates the need for looping.

A workaround is to place a Filter that calls the following reset method as the first filter for forwarded requests.

public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
while (request instanceof ServletRequestWrapper) {
if (request instanceof FirewalledRequest) {
request = ((ServletRequestWrapper)request).getRequest();

Example Mapping

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment