3

Grails 2.5.6.

I use a filter class to validate all my requests for XSS attacks. If a parameter might be harmful we simply do not forward the request to the desired interface.

This workflow works fine except for cases where there is a command object used as a interface argument. The variable is simply empty and without any params. 

if (paramsValid) {
    chain.doFilter(request, response)
}else {
    println("ERROR");
    response.setContentType("application/json");
    response.setCharacterEncoding("utf-8");
    PrintWriter out = response.getWriter();
    response.setStatus(400);
    out.print('{"success": false, "data": "Error validating request parameters"}');
    out.flush();
    return;
}

Then inside a conttroller interface:

def save(MappingCmd mapping) {

    println(mapping);

The mappingCmd class members are always empty. The functionally works fine without the filter. How can I make this work?

Burt Beckwith
  • 75,342
  • 5
  • 143
  • 156
Jacob
  • 3,580
  • 22
  • 82
  • 146
  • What is going on before `if(paramsValid)`? If you are reading the body of the request then that would prevent the command object data binding stuff from working. – Jeff Scott Brown Feb 02 '18 at 22:00
  • Yes I am reading the request..because that is exactly what I need to do. I have tested further and basically anything I do with the request prevents correct behavior. Any ideas? Can i clone the request object? – Jacob Feb 05 '18 at 09:32
  • I think this is my problem: https://github.com/grails/grails-core/issues/10035 – Jacob Feb 05 '18 at 11:41
  • Solved my problem using this sollution: https://stackoverflow.com/questions/10210645/http-servlet-request-lose-params-from-post-body-after-read-it-once – Jacob Feb 06 '18 at 09:44

0 Answers0