[JBoss JIRA] Created: (GTNPORTAL-1348) Login page then username or password is incorrect shown as JSP source code.
6:25 a.m.
Login page then username or password is incorrect shown as JSP source code.
---------------------------------------------------------------------------
Key: GTNPORTAL-1348
URL: https://jira.jboss.org/browse/GTNPORTAL-1348
Project: GateIn Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Environment: Gatein under apache web server.
Reporter: Andrey Parfonov
When code in org.exoplatform.web.login.ErrorLoginServlet (line 69)
context.getRequestDispatcher("/login/jsp/login.jsp").include(req, resp);
replaced by
context.getRequestDispatcher("/login/jsp/login.jsp").forward(req, resp);
After that problem is gone. There is now more source code of JSP but HTML
with correct message about wrong password.
NOTE if tomcat used without apache front-end problem not appear (why is not clear)
Using include method looks as not quite correct because headers include
'Content-Type' (it is the core of problem) may not be copied from JSP.
The included servlet cannot change the response status code or headers.
Need complex testing to be sure changes include by forward does not break
anything.
As alternative solution (if forward method is not acceptable in some reason) is
possible to set Content-Type header directly in
org.exoplatform.web.login.ErrorLoginServlet
but it looks much worse IMO
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
3:06 a.m.
New subject: [JBoss JIRA] Commented: (GTNPORTAL-1348) Login page then username or password is incorrect shown as JSP source code.
[
https://jira.jboss.org/browse/GTNPORTAL-1348?page=com.atlassian.jira.plug...
]
Trong Tran commented on GTNPORTAL-1348:
---------------------------------------
I can not reproduce the problem
but i can see that it's necessary to set Content-Type in ErrorLoginServlet to ensure
the response has a good content type
Login page then username or password is incorrect shown as JSP source
code.
---------------------------------------------------------------------------
Key: GTNPORTAL-1348
URL: https://jira.jboss.org/browse/GTNPORTAL-1348
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Environment: Gatein under apache web server.
Reporter: Andrey Parfonov
When code in org.exoplatform.web.login.ErrorLoginServlet (line 69)
context.getRequestDispatcher("/login/jsp/login.jsp").include(req, resp);
replaced by
context.getRequestDispatcher("/login/jsp/login.jsp").forward(req, resp);
After that problem is gone. There is now more source code of JSP but HTML
with correct message about wrong password.
NOTE if tomcat used without apache front-end problem not appear (why is not clear)
Using include method looks as not quite correct because headers include
'Content-Type' (it is the core of problem) may not be copied from JSP.
The included servlet cannot change the response status code or headers.
Need complex testing to be sure changes include by forward does not break
anything.
As alternative solution (if forward method is not acceptable in some reason) is
possible to set Content-Type header directly in
org.exoplatform.web.login.ErrorLoginServlet
but it looks much worse IMO
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:18 p.m.
New subject: [JBoss JIRA] Assigned: (GTNPORTAL-1348) Login page then username or password is incorrect shown as JSP source code.
[
https://jira.jboss.org/browse/GTNPORTAL-1348?page=com.atlassian.jira.plug...
]
kien nguyen reassigned GTNPORTAL-1348:
--------------------------------------
Assignee: kien nguyen
Login page then username or password is incorrect shown as JSP source
code.
---------------------------------------------------------------------------
Key: GTNPORTAL-1348
URL: https://jira.jboss.org/browse/GTNPORTAL-1348
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Environment: Gatein under apache web server.
Reporter: Andrey Parfonov
Assignee: kien nguyen
Fix For: 3.2.0-GA
Original Estimate: 4 hours
Remaining Estimate: 4 hours
When code in org.exoplatform.web.login.ErrorLoginServlet (line 69)
context.getRequestDispatcher("/login/jsp/login.jsp").include(req, resp);
replaced by
context.getRequestDispatcher("/login/jsp/login.jsp").forward(req, resp);
After that problem is gone. There is now more source code of JSP but HTML
with correct message about wrong password.
NOTE if tomcat used without apache front-end problem not appear (why is not clear)
Using include method looks as not quite correct because headers include
'Content-Type' (it is the core of problem) may not be copied from JSP.
The included servlet cannot change the response status code or headers.
Need complex testing to be sure changes include by forward does not break
anything.
As alternative solution (if forward method is not acceptable in some reason) is
possible to set Content-Type header directly in
org.exoplatform.web.login.ErrorLoginServlet
but it looks much worse IMO
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:18 p.m.
New subject: [JBoss JIRA] Work started: (GTNPORTAL-1348) Login page then username or password is incorrect shown as JSP source code.
[
https://jira.jboss.org/browse/GTNPORTAL-1348?page=com.atlassian.jira.plug...
]
Work on GTNPORTAL-1348 started by kien nguyen.
Login page then username or password is incorrect shown as JSP source
code.
---------------------------------------------------------------------------
Key: GTNPORTAL-1348
URL: https://jira.jboss.org/browse/GTNPORTAL-1348
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Environment: Gatein under apache web server.
Reporter: Andrey Parfonov
Assignee: kien nguyen
Fix For: 3.2.0-GA
Original Estimate: 4 hours
Remaining Estimate: 4 hours
When code in org.exoplatform.web.login.ErrorLoginServlet (line 69)
context.getRequestDispatcher("/login/jsp/login.jsp").include(req, resp);
replaced by
context.getRequestDispatcher("/login/jsp/login.jsp").forward(req, resp);
After that problem is gone. There is now more source code of JSP but HTML
with correct message about wrong password.
NOTE if tomcat used without apache front-end problem not appear (why is not clear)
Using include method looks as not quite correct because headers include
'Content-Type' (it is the core of problem) may not be copied from JSP.
The included servlet cannot change the response status code or headers.
Need complex testing to be sure changes include by forward does not break
anything.
As alternative solution (if forward method is not acceptable in some reason) is
possible to set Content-Type header directly in
org.exoplatform.web.login.ErrorLoginServlet
but it looks much worse IMO
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:55 p.m.
New subject: [JBoss JIRA] Commented: (GTNPORTAL-1348) Login page then username or password is incorrect shown as JSP source code.
[
https://jira.jboss.org/browse/GTNPORTAL-1348?page=com.atlassian.jira.plug...
]
kien nguyen commented on GTNPORTAL-1348:
----------------------------------------
I found in the Servlet spec said about RequestDispatcher.include() method:
"It can only write information to the ServletOutputStream or Writer of the
response object and commit a response by writing content past the end of the
response buffer, or by explicitly calling the flushBuffer method of the
ServletResponse interface. It cannot set headers or call any method that affects
the headers of the response. Any attempt to do so must be ignored."
That means: setting text/html content-type (in login.jsp) will be ignored.
Iam not sure implementation of Tomcat on this but we shouldn't set anything to headers
in include dispatcher servlet
I also make some tests: it's almost OK for alternative forward() method or add setting
content-type before calling include() method (in ErrorLoginServlet.java)
Login page then username or password is incorrect shown as JSP source
code.
---------------------------------------------------------------------------
Key: GTNPORTAL-1348
URL: https://jira.jboss.org/browse/GTNPORTAL-1348
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Environment: Gatein under apache web server.
Reporter: Andrey Parfonov
Assignee: kien nguyen
Fix For: 3.2.0-GA
Original Estimate: 4 hours
Remaining Estimate: 4 hours
When code in org.exoplatform.web.login.ErrorLoginServlet (line 69)
context.getRequestDispatcher("/login/jsp/login.jsp").include(req, resp);
replaced by
context.getRequestDispatcher("/login/jsp/login.jsp").forward(req, resp);
After that problem is gone. There is now more source code of JSP but HTML
with correct message about wrong password.
NOTE if tomcat used without apache front-end problem not appear (why is not clear)
Using include method looks as not quite correct because headers include
'Content-Type' (it is the core of problem) may not be copied from JSP.
The included servlet cannot change the response status code or headers.
Need complex testing to be sure changes include by forward does not break
anything.
As alternative solution (if forward method is not acceptable in some reason) is
possible to set Content-Type header directly in
org.exoplatform.web.login.ErrorLoginServlet
but it looks much worse IMO
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:58 p.m.
New subject: [JBoss JIRA] Work stopped: (GTNPORTAL-1348) Login page then username or password is incorrect shown as JSP source code.
[
https://jira.jboss.org/browse/GTNPORTAL-1348?page=com.atlassian.jira.plug...
]
Work on GTNPORTAL-1348 stopped by kien nguyen.
Login page then username or password is incorrect shown as JSP source
code.
---------------------------------------------------------------------------
Key: GTNPORTAL-1348
URL: https://jira.jboss.org/browse/GTNPORTAL-1348
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Environment: Gatein under apache web server.
Reporter: Andrey Parfonov
Assignee: kien nguyen
Fix For: 3.2.0-GA
Original Estimate: 4 hours
Remaining Estimate: 4 hours
When code in org.exoplatform.web.login.ErrorLoginServlet (line 69)
context.getRequestDispatcher("/login/jsp/login.jsp").include(req, resp);
replaced by
context.getRequestDispatcher("/login/jsp/login.jsp").forward(req, resp);
After that problem is gone. There is now more source code of JSP but HTML
with correct message about wrong password.
NOTE if tomcat used without apache front-end problem not appear (why is not clear)
Using include method looks as not quite correct because headers include
'Content-Type' (it is the core of problem) may not be copied from JSP.
The included servlet cannot change the response status code or headers.
Need complex testing to be sure changes include by forward does not break
anything.
As alternative solution (if forward method is not acceptable in some reason) is
possible to set Content-Type header directly in
org.exoplatform.web.login.ErrorLoginServlet
but it looks much worse IMO
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:01 a.m.
New subject: [JBoss JIRA] Updated: (GTNPORTAL-1348) Login page then username or password is incorrect shown as JSP source code.
[
https://jira.jboss.org/browse/GTNPORTAL-1348?page=com.atlassian.jira.plug...
]
kien nguyen updated GTNPORTAL-1348:
-----------------------------------
Attachment: 2010-08-06-GTNPORTAL-1348.patch
we can't use forward() here if we want to use some information for outputing to client
such as clearing cookie, etc. So we should use include() and set Content-Type header
directly in org.exoplatform.web.login.ErrorLoginServlet.
I attached a patch to resolve problem using include() method.
Login page then username or password is incorrect shown as JSP source
code.
---------------------------------------------------------------------------
Key: GTNPORTAL-1348
URL: https://jira.jboss.org/browse/GTNPORTAL-1348
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Environment: Gatein under apache web server.
Reporter: Andrey Parfonov
Assignee: kien nguyen
Fix For: 3.2.0-GA
Attachments: 2010-08-06-GTNPORTAL-1348.patch
Original Estimate: 4 hours
Remaining Estimate: 4 hours
When code in org.exoplatform.web.login.ErrorLoginServlet (line 69)
context.getRequestDispatcher("/login/jsp/login.jsp").include(req, resp);
replaced by
context.getRequestDispatcher("/login/jsp/login.jsp").forward(req, resp);
After that problem is gone. There is now more source code of JSP but HTML
with correct message about wrong password.
NOTE if tomcat used without apache front-end problem not appear (why is not clear)
Using include method looks as not quite correct because headers include
'Content-Type' (it is the core of problem) may not be copied from JSP.
The included servlet cannot change the response status code or headers.
Need complex testing to be sure changes include by forward does not break
anything.
As alternative solution (if forward method is not acceptable in some reason) is
possible to set Content-Type header directly in
org.exoplatform.web.login.ErrorLoginServlet
but it looks much worse IMO
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
11:30 p.m.
New subject: [JBoss JIRA] Updated: (GTNPORTAL-1348) Login page then username or password is incorrect shown as JSP source code.
[
https://jira.jboss.org/browse/GTNPORTAL-1348?page=com.atlassian.jira.plug...
]
Minh Hoang TO updated GTNPORTAL-1348:
-------------------------------------
Labels: sprint_36 patch_proposed (was: sprint_36)
Login page then username or password is incorrect shown as JSP source
code.
---------------------------------------------------------------------------
Key: GTNPORTAL-1348
URL: https://jira.jboss.org/browse/GTNPORTAL-1348
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Environment: Gatein under apache web server.
Reporter: Andrey Parfonov
Assignee: kien nguyen
Fix For: 3.2.0-GA
Attachments: 2010-08-06-GTNPORTAL-1348.patch
Original Estimate: 4 hours
Remaining Estimate: 4 hours
When code in org.exoplatform.web.login.ErrorLoginServlet (line 69)
context.getRequestDispatcher("/login/jsp/login.jsp").include(req, resp);
replaced by
context.getRequestDispatcher("/login/jsp/login.jsp").forward(req, resp);
After that problem is gone. There is now more source code of JSP but HTML
with correct message about wrong password.
NOTE if tomcat used without apache front-end problem not appear (why is not clear)
Using include method looks as not quite correct because headers include
'Content-Type' (it is the core of problem) may not be copied from JSP.
The included servlet cannot change the response status code or headers.
Need complex testing to be sure changes include by forward does not break
anything.
As alternative solution (if forward method is not acceptable in some reason) is
possible to set Content-Type header directly in
org.exoplatform.web.login.ErrorLoginServlet
but it looks much worse IMO
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
1:52 a.m.
New subject: [JBoss JIRA] Assigned: (GTNPORTAL-1348) Login page then username or password is incorrect shown as JSP source code.
[
https://jira.jboss.org/browse/GTNPORTAL-1348?page=com.atlassian.jira.plug...
]
Khoi Nguyen reassigned GTNPORTAL-1348:
--------------------------------------
Assignee: Khoi Nguyen (was: kien nguyen)
Login page then username or password is incorrect shown as JSP source
code.
---------------------------------------------------------------------------
Key: GTNPORTAL-1348
URL: https://jira.jboss.org/browse/GTNPORTAL-1348
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Environment: Gatein under apache web server.
Reporter: Andrey Parfonov
Assignee: Khoi Nguyen
Fix For: 3.2.0-GA
Attachments: 2010-08-06-GTNPORTAL-1348.patch
Original Estimate: 4 hours
Remaining Estimate: 4 hours
When code in org.exoplatform.web.login.ErrorLoginServlet (line 69)
context.getRequestDispatcher("/login/jsp/login.jsp").include(req, resp);
replaced by
context.getRequestDispatcher("/login/jsp/login.jsp").forward(req, resp);
After that problem is gone. There is now more source code of JSP but HTML
with correct message about wrong password.
NOTE if tomcat used without apache front-end problem not appear (why is not clear)
Using include method looks as not quite correct because headers include
'Content-Type' (it is the core of problem) may not be copied from JSP.
The included servlet cannot change the response status code or headers.
Need complex testing to be sure changes include by forward does not break
anything.
As alternative solution (if forward method is not acceptable in some reason) is
possible to set Content-Type header directly in
org.exoplatform.web.login.ErrorLoginServlet
but it looks much worse IMO
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:04 a.m.
New subject: [JBoss JIRA] Commented: (GTNPORTAL-1348) Login page then username or password is incorrect shown as JSP source code.
[
https://jira.jboss.org/browse/GTNPORTAL-1348?page=com.atlassian.jira.plug...
]
Khoi Nguyen commented on GTNPORTAL-1348:
----------------------------------------
In webserver, we could configure default content-type for request to resource, so, we
should set content-type is 'text/html' in own servlet programmatically
Login page then username or password is incorrect shown as JSP source
code.
---------------------------------------------------------------------------
Key: GTNPORTAL-1348
URL: https://jira.jboss.org/browse/GTNPORTAL-1348
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Environment: Gatein under apache web server.
Reporter: Andrey Parfonov
Assignee: Khoi Nguyen
Fix For: 3.2.0-GA
Attachments: 2010-08-06-GTNPORTAL-1348.patch
Original Estimate: 4 hours
Remaining Estimate: 4 hours
When code in org.exoplatform.web.login.ErrorLoginServlet (line 69)
context.getRequestDispatcher("/login/jsp/login.jsp").include(req, resp);
replaced by
context.getRequestDispatcher("/login/jsp/login.jsp").forward(req, resp);
After that problem is gone. There is now more source code of JSP but HTML
with correct message about wrong password.
NOTE if tomcat used without apache front-end problem not appear (why is not clear)
Using include method looks as not quite correct because headers include
'Content-Type' (it is the core of problem) may not be copied from JSP.
The included servlet cannot change the response status code or headers.
Need complex testing to be sure changes include by forward does not break
anything.
As alternative solution (if forward method is not acceptable in some reason) is
possible to set Content-Type header directly in
org.exoplatform.web.login.ErrorLoginServlet
but it looks much worse IMO
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
9:45 p.m.
New subject: [JBoss JIRA] Resolved: (GTNPORTAL-1348) Login page then username or password is incorrect shown as JSP source code.
[
https://jira.jboss.org/browse/GTNPORTAL-1348?page=com.atlassian.jira.plug...
]
Trong Tran resolved GTNPORTAL-1348.
-----------------------------------
Resolution: Done
Login page then username or password is incorrect shown as JSP source
code.
---------------------------------------------------------------------------
Key: GTNPORTAL-1348
URL: https://jira.jboss.org/browse/GTNPORTAL-1348
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Environment: Gatein under apache web server.
Reporter: Andrey Parfonov
Assignee: Khoi Nguyen
Fix For: 3.2.0-GA
Attachments: 2010-08-06-GTNPORTAL-1348.patch
Original Estimate: 4 hours
Remaining Estimate: 4 hours
When code in org.exoplatform.web.login.ErrorLoginServlet (line 69)
context.getRequestDispatcher("/login/jsp/login.jsp").include(req, resp);
replaced by
context.getRequestDispatcher("/login/jsp/login.jsp").forward(req, resp);
After that problem is gone. There is now more source code of JSP but HTML
with correct message about wrong password.
NOTE if tomcat used without apache front-end problem not appear (why is not clear)
Using include method looks as not quite correct because headers include
'Content-Type' (it is the core of problem) may not be copied from JSP.
The included servlet cannot change the response status code or headers.
Need complex testing to be sure changes include by forward does not break
anything.
As alternative solution (if forward method is not acceptable in some reason) is
possible to set Content-Type header directly in
org.exoplatform.web.login.ErrorLoginServlet
but it looks much worse IMO
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
9:23 p.m.
New subject: [JBoss JIRA] Closed: (GTNPORTAL-1348) Login page then username or password is incorrect shown as JSP source code.
[
https://issues.jboss.org/browse/GTNPORTAL-1348?page=com.atlassian.jira.pl...
]
Hang Nguyen closed GTNPORTAL-1348.
----------------------------------
Login page then username or password is incorrect shown as JSP source
code.
---------------------------------------------------------------------------
Key: GTNPORTAL-1348
URL: https://issues.jboss.org/browse/GTNPORTAL-1348
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Environment: Gatein under apache web server.
Reporter: Andrey Parfonov
Assignee: Khoi Nguyen
Labels: portal-s41, sprint_36, worked
Fix For: 3.2.0-GA
Attachments: 2010-08-06-GTNPORTAL-1348.patch
Original Estimate: 4 hours
Remaining Estimate: 4 hours
When code in org.exoplatform.web.login.ErrorLoginServlet (line 69)
context.getRequestDispatcher("/login/jsp/login.jsp").include(req, resp);
replaced by
context.getRequestDispatcher("/login/jsp/login.jsp").forward(req, resp);
After that problem is gone. There is now more source code of JSP but HTML
with correct message about wrong password.
NOTE if tomcat used without apache front-end problem not appear (why is not clear)
Using include method looks as not quite correct because headers include
'Content-Type' (it is the core of problem) may not be copied from JSP.
The included servlet cannot change the response status code or headers.
Need complex testing to be sure changes include by forward does not break
anything.
As alternative solution (if forward method is not acceptable in some reason) is
possible to set Content-Type header directly in
org.exoplatform.web.login.ErrorLoginServlet
but it looks much worse IMO
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5117
days inactive
5294
days old
11 comments
6 participants
participants (6)
-
Andrey Parfonov (JIRA) -
Hang Nguyen (JIRA)
-
Khoi Nguyen (JIRA)
-
kien nguyen (JIRA)
-
Minh Hoang TO (JIRA)
-
Trong Tran (JIRA)