[jira] [Updated] (MYFACES-3538) Boguous implementation of the HTTP OPTIONS method

[Dora Rajappan (JIRA)]

     [ 
https://issues.apache.org/jira/browse/MYFACES-3538?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dora Rajappan updated MYFACES-3538:
-----------------------------------

    Status: Patch Available  (was: Open)
    
> Boguous implementation of the HTTP OPTIONS method
> -------------------------------------------------
>
>                 Key: MYFACES-3538
>                 URL: https://issues.apache.org/jira/browse/MYFACES-3538
>             Project: MyFaces Core
>          Issue Type: Bug
>          Components: JSR-314
>    Affects Versions: 2.1.7
>            Reporter: Mark Struberg
>
> My colleague Christoph Ledl found the following issue in MyFaces:
> ----
> Wrong implementation of the OPTIONS method
> FacesServlet does not handle OPTIONS (and possilby other methods) correctly.
> It looks like these request are processed like a GET, which is wrong.
> the implementation of FacesServlet.service() does not deal with methods.
> one cheap fix would be to send 405 (SC_METHOD_NOT_ALLOWED) for all 
> unsupported methods like TRACE and OPTIONS.
> another approach would to extend HttpServlet (instead of implementing Servlet)
> and implement only required methods like GET and POST (this would leave the 
> other methods to the default implementation)
> citeation of HttpServlet java doc:
> There's almost no reason to override the "service" method.
> Likewise, there's almost no reason to override the "doOptions" and "doTrace" 
> methods.
> ---
> This materializes in the following Exception:
> Feb 28 17:48:13 j04 [http-8080-exec-14]   ERROR log.LogFilter j04 0 
> 43396625FA6E47DF1C03B12B60BF request done OPTIONS 
> /events/ical.xhtml?locale=de&token=488d-1-b7da-f29fcf074 time=749.16ms 
> cpu=610ms ex=IllegalStateException msg=null 
> UA=Microsoft-WebDAV-MiniRedir/6.1.7601
> Feb 28 17:48:13 j04 [http-8080-exec-14]   INFO  log.LogFilter params: 
> token=48b0368d-b7da-f2974 locale=de
> Feb 28 17:48:13 j04 [http-8080-exec-14]   ERROR [/events].[Faces Servlet] 
> Servlet.service() for servlet Faces Servlet threw exception
> Feb 28 17:48:13 j04 java.lang.IllegalStateException
> Feb 28 17:48:13 j04      at 
> org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:435)
> Feb 28 17:48:13 j04      at 
> org.apache.myfaces.context.servlet.ServletExternalContextImpl.redirect(ServletExternalContextImpl.java:465)
> Feb 28 17:48:13 j04      at 
> org.apache.myfaces.extensions.cdi.jsf.impl.scope.conversation.DefaultWindowHandler.sendRedirect(DefaultWindowHandler.java:104)
> Feb 28 17:48:13 j04      at 
> sun.reflect.GeneratedMethodAccessor1600.invoke(Unknown Source)
> Feb 28 17:48:13 j04      at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> Feb 28 17:48:13 j04      at java.lang.reflect.Method.invoke(Method.java:597)
> Feb 28 17:48:13 j04      at 
> org.apache.webbeans.intercept.InterceptorHandler.invoke(InterceptorHandler.java:329)
> Feb 28 17:48:13 j04      at 
> org.apache.webbeans.intercept.NormalScopedBeanInterceptorHandler.invoke(NormalScopedBeanInterceptorHandler.java:122)
> Most times this method gets used by mobile browsers in smartphones. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira