On 14/09/2011 11:55, Darius D. wrote:
>
>
>
> Pid * wrote:
>>
>> doProcess(req, res) is not a Servlet API method. What other method(s)
>> call it?
>>
>> Usually this type of thing occurs because the request (or response) is
>> being held as an instance field somewhere in a thread-unsafe way.
>>
>>
>
> It is called from:
> public void doGet(HttpServletRequest request, HttpServletResponse
> response)
> throws ServletException, IOException {
> doProcess(request, response);
> }
>
> and doPost(...) as well.
>
> I am not quite sure where and what could be holding the request, as this
> method is the called directly and request params are already NULL ?
They are in *that* thread.
It is possible to expose either request or response object outside of
the scope of the thread, so a second request sees a modified version of
the same object.
E.g.
public class SomeServlet extends HttpServlet {
private HttpServletRequest request;
protected void doGet(HttpServletRequest rq, HttpServletResponse rs) {
// this is a handy value, let's store it (FAIL!)
this.request = request;
// do something...
process(this.request);
// finish...
}
}
So a different thread entering the method causes the request object to
be updated before the other thread has finished using it. There are
other, more subtle, ways to cause the same effect.
p
signature.asc
Description: OpenPGP digital signature
