Bug 54624

Summary: Form authenticator hangs on re-authentication of POST request behind mod_proxy_ajp
Product: Tomcat 7 Reporter: lev
Component: ConnectorsAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 7.0.37   
Target Milestone: ---   
Hardware: All   
OS: Linux   

Description lev 2013-02-28 21:44:55 UTC
Setup: Tomcat AJP connector behind mod_proxy_ajp, form-based authentication.

When session expires and a POST request is submitted, Tomcat shows login form, user logs in, authenticator tries to restore the original POST request. Doing that, it tries to swallow the AJP message body before replacing the body of the request with the original POST request body. It tries to read the first 4 bytes of the AJP message (the message length) and blocks forever waiting for those 4 bytes.
Comment 1 Mark Thomas 2013-03-06 20:49:01 UTC
This looks like mod_jk will be affected as well.

The issue has been fixed in trunk and 7.0.x and will be included in 7.0.37 onwards.