You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2015/06/09 21:49:13 UTC
[Bug 58015] New: servlet-api.jar from WAR files not being excluded
https://bz.apache.org/bugzilla/show_bug.cgi?id=58015
Bug ID: 58015
Summary: servlet-api.jar from WAR files not being excluded
Product: Tomcat 8
Version: 8.0.23
Hardware: PC
OS: Linux
Status: NEW
Severity: regression
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: jasonmcintosh@carfax.com
tomcat.util.scan.StandardJarScanFilter.jarsToSkip
has the servlet-api and servlet-api* files in the list.
Deploy a war where an "idiot developer" included "servlet-api-2.5.jar" in the
WEB-INF/lib folder. Try and hit a JSP page, and it fails, due to the "The
method getDispatcherType() is undefined for the type HttpServletRequest" error.
Then, rather than redeploying, stop tomcat, go into the
$CATALINA_HOME/webapps/war/WEB-INF/lib/
and remove servlet-api-2.5.jar and start tomcat
You can then hit the JSP pages. Note, to re-verify, delete the work folder,
remove the unpacked war, and try again to recreate the issue. Off hand, it
appears that the jarsToSkip SHOULD be excluding servlet-api-2.5.jar from wars
loaded into it, but it doesn't appear to be behaving.
Note, this isn't related to Bug 57020 - this is entirely on the server side
with a war that worked fine on Tomcat 6 & Tomcat 7. The same war is failing on
tomcat 8 with the above for JSP pages.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58015] servlet-api.jar from WAR files not being excluded
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58015
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #3 from Mark Thomas <ma...@apache.org> ---
I've back-ported the various edge cases fixes as well as the specific fix for
this bug. It will be included 8.0.24 onwards.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58015] servlet-api.jar from WAR files not being excluded
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58015
--- Comment #2 from Mark Thomas <ma...@apache.org> ---
That was fun.
I found a bunch of edge case bugs in the web application class loader in this
area that should all now be fixed in trunk.
It is getting late here so I'll back-port the fixes to earlier versions
tomorrow.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58015] servlet-api.jar from WAR files not being excluded
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58015
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
I haven't tested this (yet) but the code to prevent loading of Servlet API
classes from the web app is still present.
jarsToSkip is completely unrelated to this feature.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org