https://issues.apache.org/bugzilla/show_bug.cgi?id=51653
--- Comment #6 from Eitan Suez <eitan.s...@gmail.com> 2011-11-04 17:13:36 UTC
---
hello,
i just upgraded a tomcat instance from v7.0.16 to v7.0.22. the webapp in
question uses spring security for login/authentication. i noticed after
upgrading that when triggering a logout using the spring-security-configured
logout-url, i get this exception:
----------------------
SEVERE: Exception initializing page context
java.lang.IllegalStateException: Cannot create a session after the response has
been committed
at org.apache.catalina.connector.Request.doGetSession(Request.java:2758)
at org.apache.catalina.connector.Request.getSession(Request.java:2268)
at
org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:899)
at
javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:229)
at
org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:572)
at
org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:517)
at
org.apache.jasper.runtime.PageContextImpl._initialize(PageContextImpl.java:146)
at
org.apache.jasper.runtime.PageContextImpl.initialize(PageContextImpl.java:125)
at
org.apache.jasper.runtime.JspFactoryImpl.internalGetPageContext(JspFactoryImpl.java:112)
at
org.apache.jasper.runtime.JspFactoryImpl.getPageContext(JspFactoryImpl.java:65)
at org.apache.jsp.error_jsp._jspService(error_jsp.java:57)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:389)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:333)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
at
org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:593)
at
org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:530)
at
org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:450)
at
org.apache.catalina.core.StandardHostValve.throwable(StandardHostValve.java:399)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:191)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:964)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1550)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
----------------------
i narrowed down the version: 7.0.20 -- no exceptions
7.0.21 -- i get the above exception
my guess is that code changes relating to this issue somehow causes the spring
security logout url (which the spring security LogoutFilter handles) to be
interpreted as an error. After the LogoutFitler sends a redirect, tomcat's
handling of the "error" request is somehow mucking with session after the
response was committed.
i wonder if the change introduced a bug or whether there's some configuration
that perhaps i'm not doing properly on my end that could help me avoid this
exception.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
