Announcement Announcement Module
Collapse
No announcement yet.
HttpInvokerServiceExporter and the commited HttpServletResponse Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • HttpInvokerServiceExporter and the commited HttpServletResponse

    Howdy all,
    I see in HttpInvokerServiceExporter in method writeRemoteInvocationResult(request, response, result, os) output stream which corresponds to ServletOutputStream (or decorated ServletOutputStream) is explicitly flushed and closed, which leads to HttpServletResponse being commited.
    This is awkward when you want to set additional headers in a servlet filter or interceptor, and, specifically interferes with Spring Security (Acegi) in session creation or session fixation protection (see SEC-248 and SEC-767).
    I have a workaround that patches the writeRemoteInvocationResult(request, response, result), leaving the fore mentioned method intact, but it could use a bit of love, as I feel the approach taken is a bit hackish:

    Code:
    	protected void writeRemoteInvocationResult(
    			HttpServletRequest request, HttpServletResponse response, RemoteInvocationResult result)
    			throws IOException {
    
    		response.setContentType(getContentType());
    		ByteArrayOutputStream baos = new ByteArrayOutputStream();
    
    		writeRemoteInvocationResult(request, response, result, baos);
    
    		byte[] ary = baos.toByteArray();
    
    		response.setBufferSize(ary.length);
    		OutputStream outputStream = response.getOutputStream();
    		outputStream.write(ary);
    	}
    does anyone have a better idea? is this jira worthy?

    thanks!
    Last edited by zregvart; May 7th, 2008, 11:41 AM. Reason: removed setBufferSize that caused Tomcat to grok
Working...
X