You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2016/06/27 15:28:00 UTC
[Bug 59761] New: "No modifications are allowed to a locked
ParameterMap" - Tomcat 8.0.32 is not compatible with older versions
https://bz.apache.org/bugzilla/show_bug.cgi?id=59761
Bug ID: 59761
Summary: "No modifications are allowed to a locked
ParameterMap" - Tomcat 8.0.32 is not compatible with
older versions
Product: Tomcat 8
Version: 8.0.36
Hardware: PC
OS: Windows NT
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: jakub@pakamera.com.pl
Hi,
I upgraded Tomcat from 8.0.22 to 8.0.36 and all my website doesn't work anymore
because of one simple problem.
I have this code in JSP:
<%
HashMap<String,String> params =
(HashMap)((HashMap)request.getParameterMap()).clone();
pageContext.setAttribute("params",params);
params.put("data","xx");
%>
It used to work before, for many many year.
Now, suddenly last line throws an exception:
java.lang.IllegalStateException: No modifications are allowed to a locked
ParameterMap
I understand why parameter map is locked, but that's why I made a clone.
The thing is, with Tomcat 8.0.22 and before this exception was not fired.
I think "clone" should not copy "locked" class attribute or there should be an
option in configuration to keep Tomcat compatible with previous version, on
request.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59761] "No modifications are allowed to a locked ParameterMap"
- Tomcat 8.0.32 is not compatible with older versions
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59761
--- Comment #1 from kubak <ja...@pakamera.com.pl> ---
I think the problem is in org.apache.catalina.core.ApplicationHttpRequest,
parseParameters() method.
line 726:
((ParameterMap<String,String[]>) parameters).setLocked(true);
In my opinion parameters should not be locked here. This is huge change
comparing to older versions.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59761] "No modifications are allowed to a locked ParameterMap"
- Tomcat 8.0.32 is not compatible with older versions
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59761
Vivek Nadar <vi...@yahoo.co.in> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vivek_nadar@yahoo.co.in
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59761] "No modifications are allowed to a locked ParameterMap"
- Tomcat 8.0.32 is not compatible with older versions
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59761
--- Comment #8 from Christopher Schultz <ch...@christopherschultz.net> ---
Messing-around with the ParameterMap might be considered a security issue.
Producing a writable clone makes sense, but I'm not convinced that a clone
method that ignored the "lock" status would follow the contract for clone().
I'm -1 on changing the behavior of the parameter map in this way. If the client
code wants a clone that doesn't have Tomcat's parameter Map's restrictions,
then that client code should create a new Map of the appropriate type and copy
the mappings from one to the other.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59761] "No modifications are allowed to a locked ParameterMap"
- Tomcat 8.0.32 is not compatible with older versions
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59761
--- Comment #5 from kubak <ja...@pakamera.com.pl> ---
Yes, I know.
May I ask here for an enhancement then and a new configuration parameter which
I could pass to a virtual machine, to keep my apps working on new Tomcat
versions?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59761] "No modifications are allowed to a locked ParameterMap"
- Tomcat 8.0.32 is not compatible with older versions
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59761
--- Comment #2 from mgrigorov <mg...@apache.org> ---
Why don't you use normal copy constructors instead of cloning ?
Map myMap = new HashMap(originalMap)
This way you will not depend on implementation details.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59761] "No modifications are allowed to a locked ParameterMap"
- Tomcat 8.0.32 is not compatible with older versions
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59761
--- Comment #6 from Remy Maucherat <re...@apache.org> ---
It could be possible to override clone so that the cloned ParameterMap object
isn't locked. Would that be legitimate ?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59761] "No modifications are allowed to a locked ParameterMap"
- Tomcat 8.0.32 is not compatible with older versions
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59761
--- Comment #7 from kubak <ja...@pakamera.com.pl> ---
Well, for me it would be very helpful, but I think it won't address the core of
this problem.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59761] "No modifications are allowed to a locked ParameterMap"
- Tomcat 8.0.32 is not compatible with older versions
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59761
kubak <ja...@pakamera.com.pl> changed:
What |Removed |Added
----------------------------------------------------------------------------
Hardware|PC |All
OS|Windows NT |All
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59761] "No modifications are allowed to a locked ParameterMap"
- Tomcat 8.0.32 is not compatible with older versions
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59761
--- Comment #3 from kubak <ja...@pakamera.com.pl> ---
Well, of course copy constructor is better.
But don't focus on this line too much - it was just an example.
More important it in previous Tomcat version parameterMap was not locked and I
could change or add new parameter to this map easily in JSP.
This code was valid for all the years in JSP file:
request.getParameterMap().put("key", "value");
Suddenly developers decided to lock it, "put" throws exception
and all my web apps doesn't work anymore.
If using "put" on parameterMap in JSP is incorrect, it should, at least, be
deprecated for a while.
Now I have to go through code of hundreds of pages and add some code to make a
copy of parameterMap.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59761] "No modifications are allowed to a locked ParameterMap"
- Tomcat 8.0.32 is not compatible with older versions
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59761
mgrigorov <mg...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WONTFIX
Status|NEW |RESOLVED
--- Comment #4 from mgrigorov <mg...@apache.org> ---
https://bz.apache.org/bugzilla/show_bug.cgi?id=58946
This is the ticket that made the change.
According to
http://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#getParameterMap()
the returned value must be an immutable map.
So it was a bug that it was allowed to put more items into it.
I'm afraid you will have to use older version of Tomcat until you fix your
application(s).
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org