[
https://issues.apache.org/jira/browse/WICKET-3498?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Grigorov reassigned WICKET-3498:
---------------------------------------
Assignee: Martin Grigorov
> Entering huge strings in TextFields causes IllegalStateExceptions not caught
> by the Framework
> ---------------------------------------------------------------------------------------------
>
> Key: WICKET-3498
> URL: https://issues.apache.org/jira/browse/WICKET-3498
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core
> Affects Versions: 1.4.15, 1.4.16, 1.4.17
> Environment: Wicket 1.4.x/Spring/Jetty 6
> Reporter: Georg Hartner
> Assignee: Martin Grigorov
> Labels: IllegalStateException,, Jetty, ServletWebRequest
> Original Estimate: 5h
> Remaining Estimate: 5h
>
> We were testing a signin mechanism and entered a huge amount of chars in
> "username" and "password" fields contained by a form. (more than 200.000
> chars) This results in an IllegalStateException thrown by Jetty, which is ok
> from my point of view. The problem is that the full exception stack trace
> (!!!) is shown to the client => the resulting execution leaves the scope of
> Wicket framework, which can't handle the exception correctly. Error Page and
> Stack Trace for Jetty 6 and Wicket 1.4.15:
> HTTP ERROR 500
> Problem accessing
> /login/wicket:interface/:0:loginPanel:signInForm::IFormSubmitListener::.
> Reason:
> Form too large3791446>200000
> Caused by:
> java.lang.IllegalStateException: Form too large3791446>200000
> at org.mortbay.jetty.Request.extractParameters(Request.java:1561)
> at org.mortbay.jetty.Request.getParameter(Request.java:859)
> at
> org.apache.wicket.protocol.http.servlet.ServletWebRequest.<init>(ServletWebRequest.java:83)
> at
> org.apache.wicket.protocol.http.WebApplication.newWebRequest(WebApplication.java:675)
> at
> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:424)
> at
> org.apache.wicket.protocol.http.WicketServlet.doPost(WicketServlet.java:160)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> at
> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1221)
> at {filter}
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
> at
> org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
> at
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
> at
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> at
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
> at
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
> at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
> at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
> at org.mortbay.jetty.Server.handle(Server.java:326)
> at
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
> at
> org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:945)
> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
> at
> org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
> at
> org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:713)
> at
> org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
> We suggest an easy fix: catch the IllegalStateException in line 83 of
> org.apache.wicket.protocol.http.servlet.ServletWebRequest and just log an
> error (please check whether it really has to be an error to be logged). In
> effect no ajaxHeader will be read and an Wicket's Internal Error page will be
> shown:
> Possible solution in Wicket 1.4.15, 1.4.17 (didn't check 1.4.16),
> ServletWebRequest, line 83:
> try
> {
> if (Strings.isEmpty(ajaxHeader))
> ajaxHeader =
> httpServletRequest.getParameter("wicket:ajax");
> }
> catch (IllegalStateException exception)
> {
> log.error("IllegalStateException occured reading
> \"wicket:ajax\"-Parameter: " +
> exception.getMessage());
> }
> Please consider checking Wicket 1.5. I just checked ServletWebRequest, which
> has been refactored apparently. Line 214 (Enumeration<String> e =
> httpServletRequest.getHeaders(name);) may be critical, as well as methods
> protected Map<String, List<StringValue>> generatePostParameters() and
> getQueryParameters(). Couldn't check that by now. Please let me know, if you
> want me to analyze that error more intensely and suggest a fix in Wicket 1.5.
> We consider that bug as "Major" or "Critical", as the whole Servlet Container
> StackTrace is potentially displayed.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
