You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2011/11/04 18:13:36 UTC

DO NOT REPLY [Bug 51653] ServletRequestListener.requestDestroyed is called before request leaves a webapp

https://issues.apache.org/bugzilla/show_bug.cgi?id=51653

--- Comment #6 from Eitan Suez <ei...@gmail.com> 2011-11-04 17:13:36 UTC ---
hello,
 i just upgraded a tomcat instance from v7.0.16 to v7.0.22.  the webapp in
question uses spring security for login/authentication.  i noticed after
upgrading that when triggering a logout using the spring-security-configured
logout-url, i get this exception:

----------------------
SEVERE: Exception initializing page context
java.lang.IllegalStateException: Cannot create a session after the response has
been committed
    at org.apache.catalina.connector.Request.doGetSession(Request.java:2758)
    at org.apache.catalina.connector.Request.getSession(Request.java:2268)
    at
org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:899)
    at
javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:229)
    at
org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:572)
    at
org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:517)
    at
org.apache.jasper.runtime.PageContextImpl._initialize(PageContextImpl.java:146)
    at
org.apache.jasper.runtime.PageContextImpl.initialize(PageContextImpl.java:125)
    at
org.apache.jasper.runtime.JspFactoryImpl.internalGetPageContext(JspFactoryImpl.java:112)
    at
org.apache.jasper.runtime.JspFactoryImpl.getPageContext(JspFactoryImpl.java:65)
    at org.apache.jsp.error_jsp._jspService(error_jsp.java:57)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
    at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:389)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:333)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
    at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
    at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
    at
org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:593)
    at
org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:530)
    at
org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:450)
    at
org.apache.catalina.core.StandardHostValve.throwable(StandardHostValve.java:399)
    at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:191)
    at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
    at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405)
    at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:964)
    at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515)
    at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1550)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)
----------------------

i narrowed down the version: 7.0.20 -- no exceptions
7.0.21 -- i get the above exception

my guess is that code changes relating to this issue somehow causes the spring
security logout url (which the spring security LogoutFilter handles) to be
interpreted as an error.  After the LogoutFitler sends a redirect, tomcat's
handling of the "error" request is somehow mucking with session after the
response was committed.

i wonder if the change introduced a bug or whether there's some configuration
that perhaps i'm not doing properly on my end that could help me avoid this
exception.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org