tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 53366] Running with SecurityManager: protected/index.jsp returns blank page when it is the first page accessed
Date Wed, 06 Jun 2012 02:04:38 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=53366

--- Comment #1 from Konstantin Kolinko <knst.kolinko@gmail.com> ---
I turned on fine logging for coyote, catalina and tomcat.

There are no stacktraces being printed.

The first notable difference between failed run with -security and
successful run without -security is that in the failed run I see

FINE: loadClass(javax.servlet.jsp.SkipPageException, false)

while on successful run I see no such class being loaded.


The second is that on successful run I see debug messages from
 org.apache.tomcat.util.buf.UEncoder
while on failed one I do not see them.

Looking into generated Java code, login_jsp.java,  I see the following block:

[[[
    try {
      response.setContentType("text/html");
      pageContext = _jspxFactory.getPageContext(this, request, response,
                  null, true, 8192, true);
      _jspx_page_context = pageContext;
      application = pageContext.getServletContext();
      config = pageContext.getServletConfig();
      session = pageContext.getSession();
      out = pageContext.getOut();
      _jspx_out = out;

      out.write("\r\n");
      out.write("<html>\r\n");
      out.write("<head>\r\n");
      out.write("<title>Login Page for Examples</title>\r\n");
      out.write("<body bgcolor=\"white\">\r\n");
      out.write("<form method=\"POST\" action='");
      out.print( response.encodeURL("j_security_check") );
      (...)
    } catch (java.lang.Throwable t) {
      if (!(t instanceof javax.servlet.jsp.SkipPageException)){
        out = _jspx_out;
        if (out != null && out.getBufferSize() != 0)
          try { out.clearBuffer(); } catch (java.io.IOException e) {}
        if (_jspx_page_context != null)
_jspx_page_context.handlePageException(t);
      }
    } finally {
      _jspxFactory.releasePageContext(_jspx_page_context);
    }
]]]


So, two conclusions:
1. The failure occurs above "response.encodeURL("j_security_check")" call.
2. I suspect that _jspx_page_context is null.  In that case the Throwable in
the catch block is silently swallowed.

This effect reminds me bug 48097,
https://issues.apache.org/bugzilla/show_bug.cgi?id=48097#c7

I think if (_jspx_page_context is null) we could write something to debug
logging, as these issues keep occurring and seeing a stacktrace should help.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message