Spring Security
  1. Spring Security
  2. SEC-1608

FirewalledRequest.reset() is not called for a resource with no filters

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.4
    • Fix Version/s: 3.0.5, 3.1.0.M2, 2.0.7
    • Component/s: Web
    • Labels:
      None

      Issue Links

        Activity

        Hide
        Luke Taylor added a comment -

        Added call to reset() before invoking the filter chain.

        Show
        Luke Taylor added a comment - Added call to reset() before invoking the filter chain.
        Hide
        Andrei Stefan added a comment -

        Two potential workarounds:

        1) Use anonymous attributes for the unsecured resources instead of filters="none"
        2) Add a filter after the security filters with the following doFIlter method:

        public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {

        while (request instanceof ServletRequestWrapper) {
        if (request instanceof FirewalledRequest)

        { ((FirewalledRequest)request).reset(); break; }

        request = ((ServletRequestWrapper)request).getRequest();
        }
        }

        Show
        Andrei Stefan added a comment - Two potential workarounds: 1) Use anonymous attributes for the unsecured resources instead of filters="none" 2) Add a filter after the security filters with the following doFIlter method: public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { while (request instanceof ServletRequestWrapper) { if (request instanceof FirewalledRequest) { ((FirewalledRequest)request).reset(); break; } request = ((ServletRequestWrapper)request).getRequest(); } }

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Luke Taylor
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: