Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1639: VirtualFilterChain.resetWrapper does not handle nested FilterChainProxy's #1879

spring-issuemaster opened this Issue Dec 16, 2010 · 0 comments


None yet
2 participants

Rob Winch (Migrated from SEC-1639) said:

Since VirtualFilterChain.resetWrapper breaks on the first FirewalledRequest it doesn't handle nested FilterChainProxy's (i.e. new RequestWrapper(new RequestWrapper(originalRequest)) ). My current thought on fixing this is to pass in the actual FirewalledRequest into the constructor of the VirtualFilterChain and call reset on it. This would ensure the correct one gets called. It also eliminates the need for looping.

A workaround is to place a Filter that calls the following reset method as the first filter for forwarded requests.

public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
while (request instanceof ServletRequestWrapper) {
if (request instanceof FirewalledRequest) {
request = ((ServletRequestWrapper)request).getRequest();

Example Mapping


@spring-issuemaster spring-issuemaster added this to the 3.1.0.M2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment