myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Struberg (JIRA)" <>
Subject [jira] [Created] (MYFACES-3538) Boguous implementation of the HTTP OPTIONS method
Date Fri, 04 May 2012 12:24:49 GMT
Mark Struberg created MYFACES-3538:

             Summary: Boguous implementation of the HTTP OPTIONS method
                 Key: MYFACES-3538
             Project: MyFaces Core
          Issue Type: Bug
          Components: JSR-314
    Affects Versions: 2.1.7
            Reporter: Mark Struberg

My colleague Christoph Ledl found the following issue in MyFaces:

Wrong implementation of the OPTIONS method

FacesServlet does not handle OPTIONS (and possilby other methods) correctly.
It looks like these request are processed like a GET, which is wrong.

the implementation of FacesServlet.service() does not deal with methods.
one cheap fix would be to send 405 (SC_METHOD_NOT_ALLOWED) for all unsupported methods like

another approach would to extend HttpServlet (instead of implementing Servlet)
and implement only required methods like GET and POST (this would leave the other methods
to the default implementation)

citeation of HttpServlet java doc:
There's almost no reason to override the "service" method.

Likewise, there's almost no reason to override the "doOptions" and "doTrace" methods.

This materializes in the following Exception:

Feb 28 17:48:13 j04 [http-8080-exec-14]   ERROR log.LogFilter j04 0 43396625FA6E47DF1C03B12B60BF
request done OPTIONS /events/ical.xhtml?locale=de&token=488d-1-b7da-f29fcf074 time=749.16ms
cpu=610ms ex=IllegalStateException msg=null UA=Microsoft-WebDAV-MiniRedir/6.1.7601
Feb 28 17:48:13 j04 [http-8080-exec-14]   INFO  log.LogFilter params: token=48b0368d-b7da-f2974
Feb 28 17:48:13 j04 [http-8080-exec-14]   ERROR [/events].[Faces Servlet] Servlet.service()
for servlet Faces Servlet threw exception
Feb 28 17:48:13 j04 java.lang.IllegalStateException
Feb 28 17:48:13 j04      at org.apache.catalina.connector.ResponseFacade.sendRedirect(
Feb 28 17:48:13 j04      at org.apache.myfaces.context.servlet.ServletExternalContextImpl.redirect(
Feb 28 17:48:13 j04      at org.apache.myfaces.extensions.cdi.jsf.impl.scope.conversation.DefaultWindowHandler.sendRedirect(
Feb 28 17:48:13 j04      at sun.reflect.GeneratedMethodAccessor1600.invoke(Unknown Source)
Feb 28 17:48:13 j04      at sun.reflect.DelegatingMethodAccessorImpl.invoke(
Feb 28 17:48:13 j04      at java.lang.reflect.Method.invoke(
Feb 28 17:48:13 j04      at org.apache.webbeans.intercept.InterceptorHandler.invoke(
Feb 28 17:48:13 j04      at org.apache.webbeans.intercept.NormalScopedBeanInterceptorHandler.invoke(

Most times this method gets used by mobile browsers in smartphones. 

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message