Return-Path: 
 <tomcat-dev-return-8609-qmlist-jakarta-archive-tomcat-dev=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org
Received: (qmail 53084 invoked from network); 11 Apr 2002 09:59:57 -0000
Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131)
  by daedalus.apache.org with SMTP; 11 Apr 2002 09:59:57 -0000
Received: (qmail 5013 invoked by uid 97); 11 Apr 2002 09:59:34 -0000
Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org
Received: (qmail 4897 invoked by uid 97); 11 Apr 2002 09:59:34 -0000
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-dev-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-dev-help@jakarta.apache.org>
List-Post: <mailto:tomcat-dev@jakarta.apache.org>
List-Id: "Tomcat Developers List" <tomcat-dev.jakarta.apache.org>
Reply-To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 4799 invoked from network); 11 Apr 2002 09:59:33 -0000
Message-ID: <00bc01c1e140$23c45330$a301a8c0@tzida.fhkarlsruhe.de>
From: "Andreas Junghans" <Andreas.Junghans@fh-karlsruhe.de>
To: <tomcat-dev@jakarta.apache.org>
Subject: Proposed patch (related to bug #7686)
Date: Thu, 11 Apr 2002 12:03:02 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_00B9_01C1E150.D4E475E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

------=_NextPart_000_00B9_01C1E150.D4E475E0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Hi there,

I've been investigating bug #7686 since we have similar problems with our
application. I think I've found the problem and a way to solve it, but this
requires changes to several catalina core files, so I'd like to hear some
opinions before sending a patch.


The Bug
=======

Here's the problem (easily reproduceable using the attached war file): A
servlet ("BugtestServlet") includes another servlet ("IncludedServlet")
using ServletContext.getRequestDispatcher. Now IncludedServlet forwards to
"/jsp/forwarded.jsp". So in summary we have:

"/BugtestServlet" --- includes ---> "/IncludedServlet" --- forwards to --->
"/jsp/forwarded.jsp"

Now if you request "/BugtestServlet", Tomcat returns an exception message
saying the file "/IncludedServlet" cannot be found. Note that this problem
does not occur when using Orion or Resin servlet engines.


The Analysis
============

The problem originates from chapter 8 of the Servlet 2.3 spec. In short, it
says that

- in case of a forward, the resource that is forwarded to sees the servlet
path (via getServletPath) used in the request dispatcher
- in case of an include, the included resource sees the original servlet
path (e.g. "/BugtestServlet") and can retrieve the path used in the request
dispatcher (e.g. "/IncludedServlet") via special request attributes

The problem starts when Jasper's JspServlet tries to determine which page to
deliver. It cannot simply use getServletPath() since this will return the
original path when doing an include. Thus, it checks if
"javax.servlet.include.servlet_path" is present as a request attribute. If
it is, JspServlet uses it instead of getServletPath(). This works in simple
cases (e.g. a Servlet including a JSP), but fails for the bugtest webapp.
Explanation:

- in IncludedServlet, getServletPath() returns "/BugtestServlet" and the
"javax.servlet.include.servlet_path" attribute is "/IncludedServlet"
- in JspServlet (indirectly invoked by forwarding to "/jsp/forwarded.jsp"),
getServletPath() returns "/jsp/forwarded.jsp" and the
"javax.servlet.include.servlet_path" attribute is "/IncludedServlet"
- since the additional request attribute is present, JspServlet thinks it
has to use it instead of getServletPath()
- processing "/IncludedServlet" as a JSP fails with a FileNotFoundException

This is only the harmless case. As stated in the original bug report, you
can easily produce endless forwarding loops when you replace the servlets of
the bugtest app with JSPs. And it still get's worse: Let's say you have a
JSP "test.jsp" that is included from somewhere. Now this JSP forwards to
"/html/test.html". The result is that the ***JSP source code*** of
"test.jsp" arrives at the browser! (To reproduce the last case with the
attached war file: request "/jsp/including.jsp" and look at the source code
of the returned page in your browser.)


Proposed Solution
=================

I would suggest to add a request attribute
"org.apache.catalina.actual_servlet_path" that _always_ contains the path
used when retrieving a request dispatcher. This way, the correct path could
be determined no matter whether include or forward is used:

- check if "org.apache.catalina.actual_servlet_path" is present; if so, use
it as the path for accessing resources etc.
- if the attribute is not present, fall back to the standard behaviour (i.e.
check for "javax.servlet.include.servlet_path" and use getServletPath if
this is not present)

I've already tested this with JspServlet, and it works fine. However, to be
consistent, several source files would have to be changed, for example:

- DefaultServlet.java (necessary to solve the "forward to html" problem
described above)
- HttpRequestBase.java since it uses "javax.servlet.include.servlet_path" to
convert a request-relative path to a context-relative one (currently, this
probably failes within include/forward chains)
- a bunch of other files (basically all that deal with the case of an
include specifically)

Also, the problem is not limited to "javax.servlet.include.servlet_path" but
applies to all request attributes set in an include. For all of these,
counterparts that reflect the correct path should be introduced. The best
solution would be if the spec mandated such attributes, e.g.
"javax.servlet.actual_path.servlet_path" etc. Should I write to
servletapi-feedback@eng.sun.com about it or is there a better place? Or
maybe I'm missing something and the issue can be solved more elegantly?


Final remarks
=============

If I receive positive feedback on this, I'll happily send a comprehensive
patch. Until now, I've only added an attribute for the servlet path (and not
path info etc.) and a check for it in JspServlet.


Thanks for your time

  Andreas Junghans

PS Maybe this bug is also present in Tomcat 3.3 (haven't tested that).


------=_NextPart_000_00B9_01C1E150.D4E475E0
Content-Type: application/octet-stream;
	name="bugtest.war"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="bugtest.war"

UEsDBAoAAAAAAG5aiywAAAAAAAAAAAAAAAAJAAAATUVUQS1JTkYvUEsDBAoAAAAAABNZiywAAAAA
AAAAAAAAAAAFAAAAaHRtbC9QSwMECgAAAAAAMFmLLAAAAAAAAAAAAAAAAAQAAABqc3AvUEsDBAoA
AAAAAKRYiywAAAAAAAAAAAAAAAAEAAAAc3JjL1BLAwQKAAAAAACkWIssAAAAAAAAAAAAAAAADAAA
AHNyYy9idWd0ZXN0L1BLAwQKAAAAAACkWIssAAAAAAAAAAAAAAAACAAAAFdFQi1JTkYvUEsDBAoA
AAAAAKRYiywAAAAAAAAAAAAAAAAQAAAAV0VCLUlORi9jbGFzc2VzL1BLAwQKAAAAAACkWIssAAAA
AAAAAAAAAAAAGAAAAFdFQi1JTkYvY2xhc3Nlcy9idWd0ZXN0L1BLAwQUAAgACABrWossAAAAAAAA
AAAAAAAACQAAAGJ1aWxkLnhtbHVT0W6CMBR91sR/aBqfTKTbO2jc4jKTzb0s2eNS4OLQUkxb0MX4
77stVQdjD4Rces6559xbwvmxEKQGpfNSRvQ+uKPz2Wg4GoZ7VW4hMUTyAiIaVxsD2lCSQsYrYSJa
8B1QEnMNaa4iGlBHG1jeHpT59sQDxLnMpoihpOaiwk8fy4fpav1E2awHnwiuNegWYXy6qZyZR3Tp
IOtclbIAieaw6JcXedyRRmjwuHhfvKzWi8/nt9cldiiLopQMsY2I0+Hmi+SpN2grG3jQHIAA25eI
MuHGDXJ8+hXk3Mj8j/WuzkyDqgWYYMuV988s52LCcLWBy0rcAhrdYods4vbQ33jLa54QrRKHwbdd
pDZ9DEcYhNeYTe0HoCBrz4B5OGvjQ+Y6Ngka170ZDpgTnexBprqVKMUxGSBZLm6XLzhcpmIDKYLP
3/POjbTe4JiIKgXfcjJhkyDmu6v19nFPL8yiOknw/2D+B8HqB1BLBwjULo4qaAEAAEUDAABQSwME
FAAIAAgAE1mLLAAAAAAAAAAAAAAAAA4AAABodG1sL3Rlc3QuaHRtbMsoyc1RKEktLgEAUEsHCGjE
BYQLAAAACQAAAFBLAwQUAAgACACbqIgsAAAAAAAAAAAAAAAAEQAAAGpzcC9mb3J3YXJkZWQuanNw
s1F1KEhMT1XIScxLLwUybJWyEssSlRRU7Xi5eLnS8ovKE4tSUlMUSlKLS3i5AFBLBwigQcq2LgAA
AC4AAABQSwMEFAAIAAgALFmLLAAAAAAAAAAAAAAAABEAAABqc3AvaW5jbHVkaW5nLmpzcCWMQQrD
IBAAzxX8gwhCAsE8IGnJoS/oDxa7GIOYrbv2/bXkNgzDrG4jiGgylNg63O0BX7DGPbTSanVa3YAo
pwCSzuIjygs/DVmeiQkk7FgHOx9Ms3TpO9jRpxJye+NQr3QyFZnOwjguWv3PP1BLBwjHKahfbAAA
AHYAAABQSwMEFAAIAAgAMFmLLAAAAAAAAAAAAAAAAAwAAABqc3AvdGVzdC5qc3CzUXUoSExPVchJ
zEsvBTJslbISyxKVFFTteLl4uWxUebk4EwsKcjKTE0sy8/P00lNLglILS1OLS1wyiwsSS5IzUos0
lPQzSnJz9EuAonoglpKmXlp+UXliUYpGEUSxjkJRanFBfl5xqqY1LxfIbABQSwcINRKUwm8AAAB4
AAAAUEsDBBQACAAIADmpiiwAAAAAAAAAAAAAAAAfAAAAc3JjL2J1Z3Rlc3QvQnVndGVzdFNlcnZs
ZXQuamF2YY1RS2rDMBBd2+A7DFnZEJQDmG76oc0qkJxAkQZbrWMp0sg1lN69kq22adPQLDQSvM88
zRguXniDsPcNoaO6yItcHYy2BM984Exptt48jAINKd3XP8CRObRDh8S2ePRBfa+c4SRatJeIu/n+
1zDxNp6Mpx1Z5IdL1JbIsKdQkuZaXsp8Pd0Z3TucJlTkxu87JUB03Dm4nYeXmIAjYS8dnKjhLYqy
pBq0kiD1I1J5HggsHpfwR+cAOFMFl4xaq18d/B7mEk5WFTtmWTxnywEZnnATsazBz9h3uqeQvKxY
85XlW1MuVutedF6iTPxFVUeH6MXUDJVT9ClmxN7jn0P5AFBLBwhUsBrE/wAAAGQCAABQSwMEFAAI
AAgAQ6mKLAAAAAAAAAAAAAAAACAAAABzcmMvYnVndGVzdC9JbmNsdWRlZFNlcnZsZXQuamF2YY1R
PU/DMBCdUyn/4ZQpEZW7EzEBgk5FdEQMbnJtXBLbtc9pEeK/Y7eWKE0rOvjs0/u407Pm1QdfISzc
itBSmY7Skei0MgRr3nMmFJvOHncVahJKln/AHbNo+haJveLGefWDsJpT1aC5RJwf7n8NI2/mSDua
k0HeXaI2RJo9+xI11/LiztfTrVbS4j6hdKTdohUVVC23Fqayal2NdaQC7ghlbeFIDl9BlURZr0QN
tXpCyocbgcHNGM6M9oDVhXdJqDFqa+E0zTEc/VWYmCThzD8tYceUI6aNkNTKPHs72fk9TGUrpNi/
cGry4hYyuDmLFGVwHvw71P4JdwFLfiX3SpLPJC+CzUCTZ5O11ZOlMltu/EbMd9nBP7ixCOT7WPYR
BOw75OnLD1BLBwi3f3cmJgEAAMECAABQSwMEFAAIAAgAfKmKLAAAAAAAAAAAAAAAACwAAABXRUIt
SU5GL2NsYXNzZXMvYnVndGVzdC9CdWd0ZXN0U2VydmxldC5jbGFzc4WSW0sCQRiG3/E0plt57mQe
OoBaMlddGRFZmCAFCt1v67BuyK7tjuLf6qawi35APyqabU1KwwZ2Pvad5zsw77x/vL7BjyoOI6CI
RRBHIoxkFCmko8hgg2KTYosgdGqYhjgj8JfKdwSButXlBMGu1eCCoF1qPagjdcwcbo/6XLCeEAN2
LbeOJ7T545A7ovYv5gws0+E1t0fkaqzxgTCkQLFNsaMgjBWKrIJd5AhirGlq/WGXd6fZFHkFBRQp
9hTs44Agcz/UhezLLrw4BQlyy+dYAKb6bCKCpAsww2LN2x9q9ndag5vcNrRZ1bjOv2eoW6bgY6kV
SuXWn82mRG2h6nyFlD674EvDGahC63Gb4MQzhfVVU2cdYRumXptvtZAmu+X/QQio4V08wfm88cv9
XrQZRYTky3OXD8Q1WO4R+ReXkcgYrLyAPH0BBFEoEnOPi/LVBmRMV57hS/gnCPhwUz06niDoh4ev
yi8k8TWsA59QSwcIrtYCGm8BAADpAgAAUEsDBBQACAAIAHypiiwAAAAAAAAAAAAAAAAtAAAAV0VC
LUlORi9jbGFzc2VzL2J1Z3Rlc3QvSW5jbHVkZWRTZXJ2bGV0LmNsYXNzjVRrTxNBFD3T15R2Ragt
oCLUB9r3qlgfFAGpBkmIEkhMjPHD2k7bJWV32Z1i/Vn6oaSa+AP8Uca7tJbSRXCT3Ttz986Ze86d
O79+f/8JP/IoR3AZM2O4imsc1yPkmwlj1rU3opjDvDtKRnATtyK4jTthLERxF/eiSCHNkeHIMoSW
dUOXKwz+VPodQ6BsVgVDsGpuCMmwk9ra0w61tuoI+7AppNqQ0lJf02e359gRBy3hyNKFYY5lGo4o
uXtEXrUrwpI6OThyHHkFE5jkKChQcZ9hysVSm5pRV3elrRv19VatJmyG1IdNo9JsVUW1D/sxaYuD
Ql3I/nxbk41Ueimp4AEeciwqeISigscocjxR8BTPOJYUlLDMEFP3HEutmfZnzSbEAs04nitYwSrH
moIXWGeY/tSqS+KnjmzMMHc+YU9A3z+gznDlmKZuqptvh7wTQ+S/OFLsU2XMFuEltv7Gb5MmkpQR
2n6JCqhZljCqDLlerYaFK6U9rp6WtG7hvwrLMH5aXoZ4yotKeGFp9sZDzIYyZeCWO2sSx8RZmdLB
mD2d0oYwhK1XBopOnmRSNg0p2uRL9pPxCN2PKHlQRxHi9QHZl7pjabLScM9a8Z9qnkB5ltFu8xeE
kA79M8ewNtpd5zeVt5eotcfpCnAfH5jbRfSN0cy1jGwwcwT29TiAyoI4hbm/V+liCJBd/AbfD/jf
HyEQC3YQynbBGWjQQbiDsUwHkVi0C8WHN/lsrotLfvTAEvSGCGwK08AfUEsHCJJ/nLQ6AgAAkAQA
AFBLAwQUAAgACABuAIssAAAAAAAAAAAAAAAADwAAAFdFQi1JTkYvd2ViLnhtbJ2ST0/DMAzFz63U
7xBypjGMG+o6sXWHSfyZtCHECaWtNTqladSkBb49mTptKTBUONp+9vvpydHkvRSkxVoXlRzTS3ZB
J3HgB350ljzM1s/LOXnDNORKBb63fJzeLmaEhgCrRpK7Iqsr/aENlvqcLGTGAJJ1Qp4wJTdKiSLj
xl4lI3YFML+n9gJ9NUZdA2x5y5luJMuqErYjRMhNrmFv9WI3mG1QS+JZlH27q7xIY90KNLvyUISS
lxhPm41BbVZdL4LesCfPBNc6Tjs9O7XXqXae4Jj+AmBDEE2O+Z8JTi7+iOBAhKVNppCbf6XR1CJU
3BisZQxf5e7Q9XcdB1AMiKSH8U0/hMM+CRy/5BNQSwcIGzLiZQwBAADVAgAAUEsDBBQACAAIAG5a
iywAAAAAAAAAAAAAAAAUAAAATUVUQS1JTkYvTUFOSUZFU1QuTUbzTczLTEstLtENSy0qzszPs1Iw
1DPg5XIuSk0sSU3Rdaq0UnDMKwEKmvBy8XIBAFBLBwjsKJYMLwAAAC4AAABQSwECFAAKAAAAAABu
WossAAAAAAAAAAAAAAAACQAAAAAAAAAAABAA/UEAAAAATUVUQS1JTkYvUEsBAhQACgAAAAAAE1mL
LAAAAAAAAAAAAAAAAAUAAAAAAAAAAAAQAP1BJwAAAGh0bWwvUEsBAhQACgAAAAAAMFmLLAAAAAAA
AAAAAAAAAAQAAAAAAAAAAAAQAP1BSgAAAGpzcC9QSwECFAAKAAAAAACkWIssAAAAAAAAAAAAAAAA
BAAAAAAAAAAAABAA/UFsAAAAc3JjL1BLAQIUAAoAAAAAAKRYiywAAAAAAAAAAAAAAAAMAAAAAAAA
AAAAEAD9QY4AAABzcmMvYnVndGVzdC9QSwECFAAKAAAAAACkWIssAAAAAAAAAAAAAAAACAAAAAAA
AAAAABAA/UG4AAAAV0VCLUlORi9QSwECFAAKAAAAAACkWIssAAAAAAAAAAAAAAAAEAAAAAAAAAAA
ABAA/UHeAAAAV0VCLUlORi9jbGFzc2VzL1BLAQIUAAoAAAAAAKRYiywAAAAAAAAAAAAAAAAYAAAA
AAAAAAAAEAD9QQwBAABXRUItSU5GL2NsYXNzZXMvYnVndGVzdC9QSwECFAAUAAgACABrWoss1C6O
KmgBAABFAwAACQAAAAAAAAAAAAAAAABCAQAAYnVpbGQueG1sUEsBAhQAFAAIAAgAE1mLLGjEBYQL
AAAACQAAAA4AAAAAAAAAAAAAAAAA4QIAAGh0bWwvdGVzdC5odG1sUEsBAhQAFAAIAAgAm6iILKBB
yrYuAAAALgAAABEAAAAAAAAAAAAAAAAAKAMAAGpzcC9mb3J3YXJkZWQuanNwUEsBAhQAFAAIAAgA
LFmLLMcpqF9sAAAAdgAAABEAAAAAAAAAAAAAAAAAlQMAAGpzcC9pbmNsdWRpbmcuanNwUEsBAhQA
FAAIAAgAMFmLLDUSlMJvAAAAeAAAAAwAAAAAAAAAAAAAAAAAQAQAAGpzcC90ZXN0LmpzcFBLAQIU
ABQACAAIADmpiixUsBrE/wAAAGQCAAAfAAAAAAAAAAAAAAAAAOkEAABzcmMvYnVndGVzdC9CdWd0
ZXN0U2VydmxldC5qYXZhUEsBAhQAFAAIAAgAQ6mKLLd/dyYmAQAAwQIAACAAAAAAAAAAAAAAAAAA
NQYAAHNyYy9idWd0ZXN0L0luY2x1ZGVkU2VydmxldC5qYXZhUEsBAhQAFAAIAAgAfKmKLK7WAhpv
AQAA6QIAACwAAAAAAAAAAAAAAAAAqQcAAFdFQi1JTkYvY2xhc3Nlcy9idWd0ZXN0L0J1Z3Rlc3RT
ZXJ2bGV0LmNsYXNzUEsBAhQAFAAIAAgAfKmKLJJ/nLQ6AgAAkAQAAC0AAAAAAAAAAAAAAAAAcgkA
AFdFQi1JTkYvY2xhc3Nlcy9idWd0ZXN0L0luY2x1ZGVkU2VydmxldC5jbGFzc1BLAQIUABQACAAI
AG4AiywbMuJlDAEAANUCAAAPAAAAAAAAAAAAAAAAAAcMAABXRUItSU5GL3dlYi54bWxQSwECFAAU
AAgACABuWoss7CiWDC8AAAAuAAAAFAAAAAAAAAAAAAAAAABQDQAATUVUQS1JTkYvTUFOSUZFU1Qu
TUZQSwUGAAAAABMAEwC8BAAAwQ0AAAAA


------=_NextPart_000_00B9_01C1E150.D4E475E0
Content-Type: text/plain; charset=us-ascii

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>
------=_NextPart_000_00B9_01C1E150.D4E475E0--