[jira] Created: (MYFACES-394) Using "/faces/*" path mapping and connectiong to "faces" causes stack overflow

Fri, 05 Aug 2005 01:47:56 -0700 

Using "/faces/*" path mapping and connectiong to "faces" causes stack overflow
------------------------------------------------------------------------------

         Key: MYFACES-394
         URL: http://issues.apache.org/jira/browse/MYFACES-394
     Project: MyFaces
        Type: Bug
    Versions: 1.0.9 beta    
 Environment: JBoss 3.2.7 
java version "1.5.0_04"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_04-b05)
Java HotSpot(TM) Client VM (build 1.5.0_04-b05, mixed mode, sharing)
Windows XP x86
    Reporter: Micha? Borowiecki
    Priority: Critical


Using the path mapping:
    <servlet-mapping>
        <servlet-name>FacesServlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
And typing the following in the address bar of the browser:
http://localhost:8080/admin/faces
(admin is the context name of the webapp)
causes an infinite recursion and stack overflow.

Part of console output:
...

2005-08-05 10:18:26,524 ERROR [org.apache.myfaces.lifecycle.LifecycleImpl] 
Assumed extension mapping, but there is no extension in /faces
2005-08-05 10:18:26,534 ERROR [org.apache.myfaces.lifecycle.LifecycleImpl] 
Assumed extension mapping, but there is no extension in /faces
2005-08-05 10:18:26,544 ERROR [org.apache.myfaces.lifecycle.LifecycleImpl] 
Assumed extension mapping, but there is no extension in /faces
2005-08-05 10:18:26,565 ERROR [org.jboss.web.localhost.Engine] 
StandardContext[/admin]Exception in FacesServlet
java.lang.StackOverflowError
        at 
org.apache.coyote.tomcat5.CoyoteRequest.doGetSession(CoyoteRequest.java:2235)
        at 
org.apache.coyote.tomcat5.CoyoteRequest.getSession(CoyoteRequest.java:2116)
        at 
org.apache.coyote.tomcat5.CoyoteRequestFacade.getSession(CoyoteRequestFacade.java:528)
        at 
javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:215)
        at 
org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:518)
        at 
javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:215)
...

        at 
org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:518)
        at 
javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:215)
        at 
org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:518)
        at 
org.apache.myfaces.context.servlet.SessionMap.getSession(SessionMap.java:80)
        at 
org.apache.myfaces.context.servlet.SessionMap.getAttribute(SessionMap.java:51)
        at 
org.apache.myfaces.context.servlet.AbstractAttributeMap.get(AbstractAttributeMap.java:101)
        at 
org.apache.myfaces.portlet.PortletUtil.isPortletRequest(PortletUtil.java:60)
        at 
org.apache.myfaces.lifecycle.LifecycleImpl.deriveViewId(LifecycleImpl.java:322)
        at 
org.apache.myfaces.lifecycle.LifecycleImpl.restoreView(LifecycleImpl.java:123)
        at 
org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:82)
        at javax.faces.webapp.FacesServlet.service(FacesServlet.java:109)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at 
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:696)
        at 
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:474)
        at 
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:409)
        at 
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:312)
        at 
org.apache.myfaces.context.servlet.ServletExternalContextImpl.dispatch(ServletExternalContextImpl.java:405)
        at 
org.apache.myfaces.application.jsp.JspViewHandlerImpl.renderView(JspViewHandlerImpl.java:280)
        at 
org.apache.myfaces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:300)
        at javax.faces.webapp.FacesServlet.service(FacesServlet.java:110)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at 
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:696)
        at 
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:474)
        at 
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:409)
        at 
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:312)
        at 
org.apache.myfaces.context.servlet.ServletExternalContextImpl.dispatch(ServletExternalContextImpl.java:405)
        at 
org.apache.myfaces.application.jsp.JspViewHandlerImpl.renderView(JspViewHandlerImpl.java:280)
        at 
org.apache.myfaces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:300)
        at javax.faces.webapp.FacesServlet.service(FacesServlet.java:110)
...

The stack trace goes on and on.
This does not happen when the address is followed by a trailing slash: 
"http://localhost:8080/admin/faces/";

Possible workaround:
Define a security constraint to forbid access to /faces

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>faces</web-resource-name>
            <url-pattern>/faces</url-pattern>
        </web-resource-collection>
        <auth-constraint/>
    </security-constraint>


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to