Re: [Resteasy-developers] new multipart support

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Speaking of security...

Anything Resteasy could do to make it easier?

Bill Burke wrote:
> The badness is that it screws up Resteasy.
> 
> Like for instance www-urlencoded-form, if any filter does 
> httpRequest.getParameter("someFormParam") it will screw up Resteasy as 
> Resteasy expects to read form data within the InputStream.
> 
> I fixed this in trunk, but a few people ran into this problem.
> 
> Mike Chack (mchack) wrote:
>> I'll give it some thought. I alsways like to think that simple is better
>> but it is hard to know when to draw the line relative to content types.
>>
>> BTW., I had a slightly different problem that I was trying to solve. I
>> am using a custom servlet filter to implement a security front end. As
>> part of this I need the a sessionid as an input parameter. Usually
>> passed as a query string parameter. My client was a GWT application that
>> was using a form widget to upload a file. The widget was not able to
>> submit mulipart form and still present query string parameters. So, I
>> had to access multipart form in the servlet filter. Not a great thing I
>> found out as the input stream can't be reset.
>>
>> By product of this is that I used O'Reilly servlet package here to
>> access multipart as it has a Servlet Request Wrapper that parses the
>> multipart data and stores files if any in a temp dir, later accessible
>> by the upstream servlet.
>>
>> Just another twist on the general problem. Any thoughts on this or the
>> goodness/badness of having to access form data in a filter?
>>
>> Thanks
>>
>> Mike Chack 
>> O: +1 408.526.4639 
>> M: +1 408.504.6594 
>> mc...@ci... 
>>
>>
>> -----Original Message-----
>> From: Bill Burke [mailto:bb...@re...] 
>> Sent: Thursday, October 23, 2008 2:02 PM
>> To: Mike Chack (mchack)
>> Cc: res...@li...
>> Subject: Re: [Resteasy-developers] new multipart support
>>
>> i.e. Content-Encoding: gzip
>>
>> or something like that...
>>
>> Bill Burke wrote:
>>> I may have some more work to do with it.  I only support a simple 
>>> encoding format.  I'm not sure if more complex encoding formats are 
>>> popular when using multipart.
>>>
>>> Thoughts?
>>>
>>> Mike Chack (mchack) wrote:
>>>> Thanks. That should be really helpful. A day too late. Spent a bunch
>> of
>>>> time yesterday hacking a solution!!!!! I'll definitely refactor my
>>>> solution.
>>>>
>>>> Mike Chack 
>>>> O: +1 408.526.4639 
>>>> M: +1 408.504.6594 
>>>> mc...@ci... 
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Bill Burke [mailto:bb...@re...] 
>>>> Sent: Thursday, October 23, 2008 1:45 PM
>>>> To: res...@li...
>>>> Subject: [Resteasy-developers] new multipart support
>>>>
>>>> I've spent this week doing some new multipart support:
>>>>
>>>>
>> http://bill.burkecentral.com/2008/10/23/jax-rs-multipart-support-with-re
>>>> steasy/
>>>>
>>>> It is written up more extensively in the docbook module.
>>>>
> 

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com