You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jonathan Mast <jh...@gmail.com> on 2009/06/26 17:43:28 UTC
Null value in response.sendRedirect() causes original url to be
invoked 20 times
A null value in bounce_url is causing the original Request url to be invoked
exactly 20 times, rather than dying with NullPointerException:
public static synchronized void doSomething(
HttpServletRequest request,
HttpServletResponse response,
JspWriter out) {
final String foo = request.getParameter("foo");
String bounce_url = request.getParameter("bounce");
if (DataUtils.isValidFoo(foo)) {
Thread myThread = new Thread(new Runnable() {
public void run() {
FooFactory.foomatic(foo);
}
}, "fooFread");
myThread.start();
}
try {
response.sendRedirect(bounce_url);
} catch (IOException ex) {
logger.log(ex);
}
}
So basically if the "bounce" parameter is not provided then this snippet of
code ends being invoked 20 times. If "bounce" is provided then everything
works fine. Is this a bug in Tomcat?
Java 1.6
Tomcat 6.0.18
RE: Null value in response.sendRedirect() causes original url tobe
invoked 20 times
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Subject: Re: Null value in response.sendRedirect() causes original url
> tobe invoked 20 times
>
> I would say that null cannot be converted into a valid URL, and so
> throwing IllegalStateException is a reasonable behavior here.
I have to disagree; an empty relative URL is simply a reference to the current page, which may be quite appropriate in some circumstances (but arguably not a plain 302).
I strongly disagree with the idea that the container should protect the programmer against his/her own errors; there are a myriad of things a webapp can do that make no sense, and the container should not be slowed down by checking for them, unless they are clear violations of the spec.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: Null value in response.sendRedirect() causes original url to
be invoked 20 times
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chuck,
On 6/26/2009 12:27 PM, Caldarale, Charles R wrote:
>> From: Jonathan Mast [mailto:jhmast.developer@gmail.com] Subject:
>> Null value in response.sendRedirect() causes original url to be
>> invoked 20 times
>>
>> A null value in bounce_url is causing the original Request url to
>> be invoked exactly 20 times, rather than dying with
>> NullPointerException:
>
> "Doctor, doctor, it hurts when I do this!"
>
> Well, stop doing it.
>
> All a redirect does is set the Location header with the value you
> specify and return a 302 status to the client. Since the Location
> header has an empty value, the client properly interprets that as a
> relative redirect to the current page. Your client apparently gets
> tired of waiting for that page to change its mind and return
> something useful after 20 consecutive times, so it quits.
>
> The bug is all yours.
One could argue that response.sendRedirect(null) ought to throw some
kind of exception. The javadoc says that sendRedirect throws:
"java.lang.IllegalStateException - If the response was committed or if a
partial URL is given and cannot be converted into a valid URL"
I would say that null cannot be converted into a valid URL, and so
throwing IllegalStateException is a reasonable behavior here.
The HTTP RFC says "The temporary URI SHOULD be given by the Location
field in the response.". Though RFC-SHOULD is more of a recommendation
than anything else, it's obvious that a redirect without a Location
header is pretty stupid.
It would be nice if Tomcat throw an exception when attempting to send a
null redirect, since the HTTP response that /does/ get created is pretty
useless and almost certainly a bug in the webapp.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkpE+9kACgkQ9CaO5/Lv0PDkaACfUWfw9qm85mNzB5kHotEdQ307
gxgAn3YsDZbvQsCB3BrgjHcLjoGVvgUj
=LF8p
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Null value in response.sendRedirect() causes original url to be
invoked 20 times
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Jonathan Mast [mailto:jhmast.developer@gmail.com]
> Subject: Null value in response.sendRedirect() causes original url to
> be invoked 20 times
>
> A null value in bounce_url is causing the original Request url to be
> invoked exactly 20 times, rather than dying with NullPointerException:
"Doctor, doctor, it hurts when I do this!"
Well, stop doing it.
All a redirect does is set the Location header with the value you specify and return a 302 status to the client. Since the Location header has an empty value, the client properly interprets that as a relative redirect to the current page. Your client apparently gets tired of waiting for that page to change its mind and return something useful after 20 consecutive times, so it quits.
The bug is all yours.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Null value in response.sendRedirect() causes original url to be
invoked 20 times
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Jonathan Mast [mailto:jhmast.developer@gmail.com]
> Subject: Re: Null value in response.sendRedirect() causes original url
> to be invoked 20 times
>
> doesn't setting the Location header boil down eventually
> to a string concat
Nope, it boils down to an empty header value, which is acceptable for many HTTP headers, including this one.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Null value in response.sendRedirect() causes original url tobe
invoked 20 times
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Subject: Re: Null value in response.sendRedirect() causes original url
> tobe invoked 20 times
>
> There's an earlier check in
> org/apache/catalina/connector/Response.toAbsolute(String) (called
> directly by sendRedirect). If the location is null, it is returned with
> no modification.
Correct, but that's not where it's kept for header generation; that is in the Map in the area I previously referred to.
> This could be an appropriate place to throw an exception (if you agree
> that such an exception is appropriate, which you obviously don't).
I disagree not only for performance reasons, but also for fear of introducing incompatibilities. I can easily come up with scenarios where some servlet issues a redirect to itself in order to restart the request processing. (Might be poor programming, but it's certainly feasible.)
Jonathan's fix of checking for a non-existent parameter value is the appropriate thing to do; I might have done it earlier, just to validate that the client is sending all the expected parameters (never trust uncontrolled input).
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: Null value in response.sendRedirect() causes original url to
be invoked 20 times
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chuck,
On 6/26/2009 1:40 PM, Caldarale, Charles R wrote:
>> From: Jonathan Mast [mailto:jhmast.developer@gmail.com] Subject:
>> Re: Null value in response.sendRedirect() causes original url to be
>> invoked 20 times
>>
>> Obviously a NullPointerException is being thrown at some level,
>
> Nope, no exceptions are being thrown. There is an explicit check for
> null way down in org/apache/tomcat/util/buf/MessageBytes.java to
> handle this and many other situations where a null string may be
> present.
There's an earlier check in
org/apache/catalina/connector/Response.toAbsolute(String) (called
directly by sendRedirect). If the location is null, it is returned with
no modification. Any filtering of null Header values is done elsewhere
(which is why the Location header itself does not appear in the HTTP
response posted by Tim).
This could be an appropriate place to throw an exception (if you agree
that such an exception is appropriate, which you obviously don't).
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkpFDsUACgkQ9CaO5/Lv0PD5NACdHIZSlLK7xuGUyHoJwD8pXZf4
OosAn3aaPyBCnDv2lkrhvl3xd/nTgOhh
=gJ2v
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Null value in response.sendRedirect() causes original url to be
invoked 20 times
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Jonathan Mast [mailto:jhmast.developer@gmail.com]
> Subject: Re: Null value in response.sendRedirect() causes original url
> to be invoked 20 times
>
> Obviously a NullPointerException is being thrown at some level,
Nope, no exceptions are being thrown. There is an explicit check for null way down in org/apache/tomcat/util/buf/MessageBytes.java to handle this and many other situations where a null string may be present.
> but definitely not following the "spirit" of the java in general
I think you will find numerous APIs where a null String reference is interpreted as an empty string - the host parameter of the URL constructor, for example - this is just one more of them; there are also many where a null String is treated as an error.
Can you point to some documentation for this particular aspect of the "spirit" of Java?
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Null value in response.sendRedirect() causes original url to be
invoked 20 times
Posted by Jonathan Mast <jh...@gmail.com>.
> "java.lang.> IllegalStateException - If the response was committed or if a
> partial URL is given and cannot be converted into a valid URL"
I was just about to quote this myself.
Perhaps this is not a Tomcat issue per se, but rather a gray area of the
Servlet spec.
Obviously a NullPointerException is being thrown at some level, but Tomcat
is catching it and apparently just replacing it with "", this is acceptable
in that Tomcat is following the letter of spec, so to speak, but definitely
not following the "spirit" of the java in general, imho.
On Fri, Jun 26, 2009 at 12:51 PM, Jonathan Mast
<jh...@gmail.com>wrote:
> Yeah I'm now doing a null check before the sendRedirect.
>
> But why doesn't it throw a NullPointerException, doesn't setting the
> Location header boil down eventually to a string concat, which in this case
> be attempted on a null reference?
>
>
> On Fri, Jun 26, 2009 at 12:37 PM, Tim Funk <fu...@apache.org> wrote:
>
>> LiveHttHeaders is your friend ...
>> Lets assume I have this as foo.jsp:
>>
>> <%
>> response.sendRedirect(null);
>> if (out!=null) {return;}
>> %>
>>
>> http://localhost/foo.jsp
>>
>> GET /foo.jsp HTTP/1.1
>> Host: localhost
>>
>> HTTP/1.x 302 Moved Temporarily
>> Server: Apache-Coyote/1.1
>> Content-Type: text/html;charset=UTF-8
>> Content-Length: 0
>> Date: Fri, 26 Jun 2009 16:33:15 GMT
>>
>>
>> With no Location header in the response - some browsers will giveup.
>> Others may redirect to the original URL. Others may do odder things.
>>
>> -Tim
>>
>> Jonathan Mast wrote:
>>
>>> A null value in bounce_url is causing the original Request url to be
>>> invoked
>>> exactly 20 times, rather than dying with NullPointerException:
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
Re: Null value in response.sendRedirect() causes original url to be
invoked 20 times
Posted by Jonathan Mast <jh...@gmail.com>.
Yeah I'm now doing a null check before the sendRedirect.
But why doesn't it throw a NullPointerException, doesn't setting the
Location header boil down eventually to a string concat, which in this case
be attempted on a null reference?
On Fri, Jun 26, 2009 at 12:37 PM, Tim Funk <fu...@apache.org> wrote:
> LiveHttHeaders is your friend ...
> Lets assume I have this as foo.jsp:
>
> <%
> response.sendRedirect(null);
> if (out!=null) {return;}
> %>
>
> http://localhost/foo.jsp
>
> GET /foo.jsp HTTP/1.1
> Host: localhost
>
> HTTP/1.x 302 Moved Temporarily
> Server: Apache-Coyote/1.1
> Content-Type: text/html;charset=UTF-8
> Content-Length: 0
> Date: Fri, 26 Jun 2009 16:33:15 GMT
>
>
> With no Location header in the response - some browsers will giveup. Others
> may redirect to the original URL. Others may do odder things.
>
> -Tim
>
> Jonathan Mast wrote:
>
>> A null value in bounce_url is causing the original Request url to be
>> invoked
>> exactly 20 times, rather than dying with NullPointerException:
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Null value in response.sendRedirect() causes original url to
be invoked 20 times
Posted by Tim Funk <fu...@apache.org>.
LiveHttHeaders is your friend ...
Lets assume I have this as foo.jsp:
<%
response.sendRedirect(null);
if (out!=null) {return;}
%>
http://localhost/foo.jsp
GET /foo.jsp HTTP/1.1
Host: localhost
HTTP/1.x 302 Moved Temporarily
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Date: Fri, 26 Jun 2009 16:33:15 GMT
With no Location header in the response - some browsers will giveup.
Others may redirect to the original URL. Others may do odder things.
-Tim
Jonathan Mast wrote:
> A null value in bounce_url is causing the original Request url to be invoked
> exactly 20 times, rather than dying with NullPointerException:
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org