Results 1 to 1 of 1

Thread: HttpInvokerServiceExporter and the commited HttpServletResponse

  1. May 7th, 2008, 10:39 AM #1
    zregvart
    zregvart is offline Junior Member
    Join Date
    Mar 2006
    Posts
    12

    Default HttpInvokerServiceExporter and the commited HttpServletResponse

    Howdy all,
    I see in HttpInvokerServiceExporter in method writeRemoteInvocationResult(request, response, result, os) output stream which corresponds to ServletOutputStream (or decorated ServletOutputStream) is explicitly flushed and closed, which leads to HttpServletResponse being commited.
    This is awkward when you want to set additional headers in a servlet filter or interceptor, and, specifically interferes with Spring Security (Acegi) in session creation or session fixation protection (see SEC-248 and SEC-767).
    I have a workaround that patches the writeRemoteInvocationResult(request, response, result), leaving the fore mentioned method intact, but it could use a bit of love, as I feel the approach taken is a bit hackish:

    Code:
    	protected void writeRemoteInvocationResult(
			HttpServletRequest request, HttpServletResponse response, RemoteInvocationResult result)
			throws IOException {

		response.setContentType(getContentType());
		ByteArrayOutputStream baos = new ByteArrayOutputStream();

		writeRemoteInvocationResult(request, response, result, baos);

		byte[] ary = baos.toByteArray();

		response.setBufferSize(ary.length);
		OutputStream outputStream = response.getOutputStream();
		outputStream.write(ary);
	}
    does anyone have a better idea? is this jira worthy?

    thanks!
    Last edited by zregvart; May 7th, 2008 at 10:41 AM. Reason: removed setBufferSize that caused Tomcat to grok
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules