struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (WW-3865) TokenSesion double submit sends a blank page to ie and stacktrace on server
Date Fri, 05 Oct 2012 09:41:03 GMT

     [ https://issues.apache.org/jira/browse/WW-3865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Lukasz Lenart resolved WW-3865.
-------------------------------

    Resolution: Fixed

I rolled back changes made by WW-3582 and moved back handleValidToken() method inside synchronisation
block, thus was achieved by adding a new method - handleToken() which can be overwritten.
                
> TokenSesion double submit sends a blank page to ie and stacktrace on server
> ---------------------------------------------------------------------------
>
>                 Key: WW-3865
>                 URL: https://issues.apache.org/jira/browse/WW-3865
>             Project: Struts 2
>          Issue Type: Bug
>    Affects Versions: 2.3.4.1
>         Environment: Tomcat 7.0.29
> IE 9 or Firefox 13
>            Reporter: Gauthier Peel
>            Assignee: Lukasz Lenart
>            Priority: Minor
>              Labels: newbie
>             Fix For: 2.3.5
>
>         Attachments: token-session.rar
>
>
> when using the tokenSession interceptor a double submit will end up showing a blank page
to the browser. 
> The server logs show the following stacktrace : 
> {noformat}
> java.lang.NullPointerException
> 	at org.apache.catalina.connector.Request.setAttribute(Request.java:1530)
> 	at org.apache.catalina.connector.RequestFacade.setAttribute(RequestFacade.java:543)
> 	at javax.servlet.ServletRequestWrapper.setAttribute(ServletRequestWrapper.java:239)
> 	at org.apache.tiles.servlet.context.ServletRequestScopeMap.put(ServletRequestScopeMap.java:165)
> 	at org.apache.tiles.servlet.context.ServletRequestScopeMap.put(ServletRequestScopeMap.java:43)
> 	at org.apache.tiles.impl.BasicTilesContainer.getContextStack(BasicTilesContainer.java:470)
> 	at org.apache.tiles.impl.BasicTilesContainer.getContext(BasicTilesContainer.java:510)
> 	at org.apache.tiles.impl.BasicTilesContainer.getAttributeContext(BasicTilesContainer.java:525)
> 	at org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:626)
> 	at org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:322)
> 	at org.apache.struts2.views.tiles.TilesResult.doExecute(TilesResult.java:105)
> 	at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
> 	at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
> {noformat}
> I founs that this behaviour did not happen in version 2.2.1.1
> I checke the Java code and saw a change resposible for the PB :
> in version 2.2.1.1 TokenSession.java  line 130 to 146 : 
> {code:java}
>     protected String doIntercept(ActionInvocation invocation) throws Exception {
>         if (log.isDebugEnabled()) {
>             log.debug("Intercepting invocation to check for valid transaction token.");
>         }
>         //see WW-2902: we need to use the real HttpSession here, as opposed to the map
>         //that wraps the session, because a new wrap is created on every request
>         HttpSession session = ServletActionContext.getRequest().getSession(true);
>         synchronized (session) {
>             if (!TokenHelper.validToken()) {
>                 return handleInvalidToken(invocation);
>             }
>             return handleValidToken(invocation);
>         }
>     }
> {code}
> in version 2.3.3 line 140 of TokenSession.java the return handleValidToken(invocation);
 is no longer protected by the synchronized. That's what causes the problem : 
> {code:java}
>     protected String doIntercept(ActionInvocation invocation) throws Exception {
>         if (log.isDebugEnabled()) {
>             log.debug("Intercepting invocation to check for valid transaction token.");
>         }
>         //see WW-2902: we need to use the real HttpSession here, as opposed to the map
>         //that wraps the session, because a new wrap is created on every request
>         HttpSession session = ServletActionContext.getRequest().getSession(true);
>         synchronized (session) {
>             if (!TokenHelper.validToken()) {
>                 return handleInvalidToken(invocation);
>             }
>         }
>         return handleValidToken(invocation);
>     }
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message