[
https://issues.apache.org/jira/browse/OFBIZ-10304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16409846#comment-16409846 ]
Jacques Le Roux commented on OFBIZ-10304:
-----------------------------------------
Michael,
AS you asked on dev ML I answered there 1st:
https://markmail.org/message/hysy5ugmgvxcmah7Here is a copy:
{quote}
Michael,
I commited
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java?r1=1813679&r2=1813678&pathrev=1813679Where I added a wrapper. Then for "Tomcat SSO" (OFBIZ-10047) James committed
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/common/servicedef/services.xml?r1=1819133&r2=1819132&pathrev=1819133If I had not committed the wrapper in ContextFilter.java beforehand, James would not have been allowed to commit
<attribute name="request" mode="IN" type="javax.servlet.http.HttpServletRequest" optional="true"/>
Because it's then rejected, because then the userLogin service actually receive an org.apache.catalina.connector.RequestFacade (RequestFacade implements HttpServletRequest.)
You can easily check by svn updating to r1819133 and removing the wrapper in ContextFilter.java.
You are right that it ties OFBiz to Tomcat. We took this decision sometimes ago and we no longer support other webapp servers OOTB, nor tools like Jetty.
So OFBiz OOTB totally depends on Tomcat as the build.gradle file shows. So I think it's safe to use a RequestFacade there.
If an user feels the need to use another webapp servers or Jetty, I think changing that would not be the most of the worries (the rest being much more frightening, I know I did it once with Geronimo).
Since the check is done at the service level, it's hard to do otherwise But I must say I did not dig too much and it's maybe possible, we can discuss that...
Jacques
{quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Locked
