New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DelegatingRequestMatcherHeaderWriter with Tiles not work as intended #6338
Comments
@yoshikawaa Thanks for you post! There are a couple of ways that I think this could be addressed. One option you have is that, in a forward, the original request uri is saved in the request as an attribute, which you could obtain like so: AntPathMatcher pathMatcher = new AntPathMatcher();
RequestMatcher requestMatcher = request -> {
String uri = (String) request.getAttribute(WebUtils.FORWARD_REQUEST_URI_ATTRIBUTE);
return pathMatcher.matches("/delegating/**", uri);
}
return new DelegatingRequestMatcherHeaderWriter(requestMatcher, headerWriter); A slightly less powerful way is to configure so the headers are written at the beginning of the request: #6501 This can cause problems with the cache control header, so it's not ideal, but might be worth investigating. It's best if we can remain passive from release to release, and so Feel free to re-open if you feel like there's more to discuss. |
@jzheaux Thanks for your reply and suggestion.
I agree to your opinion.
private String getRequestPath(HttpServletRequest request) {
if (this.urlPathHelper != null) {
return this.urlPathHelper.getPathWithinApplication(request);
}
String url = request.getServletPath();
String pathInfo = request.getPathInfo();
if (pathInfo != null) {
url = StringUtils.hasLength(url) ? url + pathInfo : pathInfo;
}
return url;
}
private String getRequestPath(HttpServletRequest request) {
if (this.urlPathHelper != null) {
return this.urlPathHelper.getPathWithinApplication(request);
}
if (request.getAttribute(WebUtils.FORWARD_REQUEST_URI_ATTRIBUTE) != null) {
return constructUrl(
(String) request.getAttribute(WebUtils.FORWARD_SERVLET_PATH_ATTRIBUTE),
(String) request.getAttribute(WebUtils.FORWARD_PATH_INFO_ATTRIBUTE));
}
if (request.getAttribute(WebUtils.INCLUDE_REQUEST_URI_ATTRIBUTE) != null) {
return constructUrl(
(String) request.getAttribute(WebUtils.INCLUDE_SERVLET_PATH_ATTRIBUTE),
(String) request.getAttribute(WebUtils.INCLUDE_PATH_INFO_ATTRIBUTE));
}
return constructUrl(request.getServletPath(), request.getPathInfo());
}
private String constructUrl(String url, String pathInfo) {
if (pathInfo != null) {
url = StringUtils.hasLength(url) ? url + pathInfo : pathInfo;
}
return url;
} However, if we really want to match forwarded or included URLs, this may not be appropriate. Such as:: <filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/authenticate</url-pattern>
<dispatcher>FORWARD</dispatcher>
</filter-mapping> How do you think? |
@jzheaux |
@yoshikawaa I also wondered about that and dug into the request matchers a bit to see if modifying them was an option. The challenge is finding a non-breaking change. The request matchers as well as Yes, that commit would solve the problem, but it introduces others. We want the headers to be written as late as possible since users have no way to remove them once they are written, and that would generally be just before the response is committed. One other idea is that you could subclass |
@jzheaux I think so, too. I understand that Certainly, extending But, I felt it necessary to return the discussion to the beginning and to repeat my original opinion. In the end, the reason that
I think it is not reasonable to have to make Regards. |
Summary
Related #5945
DelegatingRequestMatcherHeaderWriter
can not determine the request path exactly as intended.DelegatingRequestMatcherHeaderWriter
determines the request path when committing or including the response, but in that case the request path may have been changed to the JSP path.My environments as follows.
Please see my sample.
Actual Behavior
DelegatingRequestMatcherHeaderWriter#requestMatcher#pattern
:/delegating/**
./delegating
/WEB-INF/views/layout/template.jsp
The request path should be matched and the header should be output.
But in fact, at the timing of
DelegatingRequestMatcherHeaderWriter#writeHeaders
the request path has already been changed and it will not match.The problem is that even if this is a problem in implementing an Application server or JSP, it is a possible problem with major servers.
Expected Behavior
It is necessary to be able to match against the actual request path without being influenced by unintended change of the request.
I think that the only correct way to solve the problem is to determine the request path at the timing of
HeaderWriterFilter#doFilterInternal
.The text was updated successfully, but these errors were encountered: