https://bz.apache.org/bugzilla/show_bug.cgi?id=62049
Bug ID: 62049
Summary: use of unimplemented RequestUtil method in Manager
page
Product: Tomcat 9
Version: 9.0.4
Hardware: PC
OS: Linux
Status: NEW
Severity: regression
Priority: P2
Component: Util
Assignee: dev@tomcat.apache.org
Reporter: sylvain.cat...@dgfip.finances.gouv.fr
Target Milestone: -----
Hi,
Jasper's compilation of jsp 404 error page, in the manager app, fails.
The way :
1/ Tomcat9 deployed on linux / openJDK8 (I think the problem is similar on
windows / oracle JVM) ;
2/ Change conf/tomcat-users.xml to allow a user to access the manger
(manager-status permission) ;
3/ Disable the RemoteAddrValve of the manager if you access it remotely
(webapps/manager/META-INF/context.xml)
4/ run tomcat server
5/ wget the url http://[ip_tomcat:port]/manager/toto
As toto does not exist, Jasper tries to compile
webapps/manager/WEB-INF/jsp/404.jsp and fails with error "The method
filter(String) is undefined for the type RequestUtil".
Here is the code that throws the exception (404.jsp file) :
...
RequestUtil.filter((String) request.getAttribute(
"javax.servlet.error.request_uri"))
...
The class javax.servlet.http.HttpServletRequest.RequestUtil in catalina.jar
archive only mentions the getRequestURL method. In previous versions (7.*), the
filter method is well implemented. Other methods in this previous versions of
RequestUtil class are marked as 'deprecated', but not the filter method.
So, I suggest 3 solutions :
1/ Just remove the filter call in 404.jsp file ; but we have to be careful with
javascript injection by http parameters ;
2/ Re-implement the filter method in RequestUtil ;
3/ Write the 404.jsp a more static way, as 403.jsp file.
Thanks
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
