#23 IllegalStateException when authorization header not provided

closed-works-for-me
None
5
2007-08-13
2007-05-19
No

If the authorization header isn't available in the http request, the servlet filter sets the response header, then continues with the filter chain.

This causes an IllegalStateException because the response is manipulated twice. The chain should instead be stopped.

Discussion

  • Chris Wilper

    Chris Wilper - 2007-06-04
    • assigned_to: nobody --> niebel
     
  • bill niebel

    bill niebel - 2007-06-04

    Logged In: YES
    user_id=1705824
    Originator: NO

    I edited the following files, as per discussion in email with Chris "IllegalStateException from servlet filter?" @ 2007.06.04 5:54 PM.

    fedora.server.security.servletfilters:
    BaseContributing.java, FilterSetup.java, FilterEnforceAuthn.java, and FilterFinalize.java).

    I've committed these to maintenance-2.2 (@ 6008) and to trunk (@ 6009).

     
  • bill niebel

    bill niebel - 2007-06-18

    Logged In: YES
    user_id=1705824
    Originator: NO

    File Added: readme.txt

     
  • bill niebel

    bill niebel - 2007-06-18

    how to apply the patch

     
  • bill niebel

    bill niebel - 2007-06-18

    classes, source, readme files for patch

     
  • bill niebel

    bill niebel - 2007-06-18

    Logged In: YES
    user_id=1705824
    Originator: NO

    File Added: fedora-2.2.6012.zip

     
  • bill niebel

    bill niebel - 2007-06-18

    Logged In: YES
    user_id=1705824
    Originator: NO

    uploaded readme text and zip file for patch 6012 (also incorporates issue 1731608).

     
  • bill niebel

    bill niebel - 2007-06-18
    • status: open --> open-works-for-me
     
  • bill niebel

    bill niebel - 2007-06-18
    • status: open-works-for-me --> pending-works-for-me
     
  • SourceForge Robot

    • status: pending-works-for-me --> closed-works-for-me
     
  • SourceForge Robot

    Logged In: YES
    user_id=1312539
    Originator: NO

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     
  • Chris Wilper

    Chris Wilper - 2007-08-13
    • summary: FilterEnforceAuthN lets bad requests through --> IllegalStateException when authorization header not provided
     

Log in to post a comment.