Uploaded image for project: 'Repose'
  1. REP-5100

Rate Limiting filter removes request body on POSTs with form params

    Details

    • Type: Bug
    • Status: Resolved (View workflow)
    • Priority: Very High
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 8.4.0.2
    • Component/s: None
    • Labels:
      None
    • Epic Link:
    • Sprint:
      Sprint 137
    • Story Points:
      3
    • Capitalizable:
      True

      Description

      I've identified at least one spot in the Rate Limiting filter that is reading the request parameters (potentially reading the form parameters of the body) but isn't resetting the body afterwards.

      https://github.com/rackerlabs/repose/blob/master/repose-aggregator/components/filters/rate-limiting-filter/src/main/java/org/openrepose/filters/ratelimiting/RateLimitingServiceHelper.java#L71

      This is causing the request body to be lost when the request has form parameters (i.e. has a content-type of "application/x-www-form-urlencoded"). Identity observed this issue when setting up the SAML filter and sending in federation requests.

      Workaround:

      • The SAML filter should be placed before the Rate Limiting filter. This is not ideal long-term, but will get things going for testing.

      Acceptance Criteria:

      • Client is able to sent a POST and PUT request with form parameters without the request body getting removed by the Rate Limiting filter.

        Attachments

          Issue links

            Activity

              People

              • Assignee:
                adrian.george Adrian George
                Reporter:
                mario.lopez Mario Lopez
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: