From jira-events at lists.jboss.org Mon Jun 23 12:10:29 2008
Content-Type: multipart/mixed; boundary="===============0472895239312352377=="
MIME-Version: 1.0
From: Clive Saldanha (JIRA) <jira-events at lists.jboss.org>
To: jboss-jira at lists.jboss.org
Subject: [jboss-jira] [JBoss JIRA] Commented: (JBAS-5657) JSP source code
 exposure in jmx-console
Date: Mon, 23 Jun 2008 12:10:28 -0400
Message-ID: <31145945.1214237428896.JavaMail.jira@cloud.prod.atl2.jboss.com>
In-Reply-To: 24038701.1214237198914.JavaMail.jira@cloud.prod.atl2.jboss.com

--===============0472895239312352377==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

    [ http://jira.jboss.com/jira/browse/JBAS-5657?page=3Dcomments#action_12=
418527 ] =

            =

Clive Saldanha commented on JBAS-5657:
--------------------------------------

>From jsp docs:

The <jsp:useBean> element locates or instantiates a JavaBeans component. <j=
sp:useBean> first attempts to locate an instance of the Bean. If the Bean d=
oes not exist, <jsp:useBean> instantiates it from a class or serialized tem=
plate.

In the patch I check whether it's using an existing Bean from the request s=
cope or if it has instantiated a new one. If the one from the request scope=
 is null I redirect the page to the displayMbeans page.


> JSP source code exposure in jmx-console
> ---------------------------------------
>
>                 Key: JBAS-5657
>                 URL: http://jira.jboss.com/jira/browse/JBAS-5657
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) =

>          Components: JMX/Web Console
>    Affects Versions: JBossAS-4.2.2.GA
>            Reporter: Clive Saldanha
>         Assigned To: Darran Lofthouse
>             Fix For: JBossAS-4.2.3.GA
>
>         Attachments: JBAS-5657.patch
>
>
> The error page of the jmx-console spits out JSP source code. =

> http://127.0.0.1:8080/jmx-console/DisplayOpResult
> HTTP Status 500 -
> type Exception report
> message
> description The server encountered an internal error () that prevented it=
 from fulfilling this request.
> exception
> org.apache.jasper.JasperException: An exception occurred processing JSP p=
age /displayOpResult.jsp at line 12
> 9: </head>
> 10: <body>
> 11:
> 12: <jsp:useBean id=3D'opResultInfo' type=3D'org.jboss.jmx.adaptor.contro=
l.OpResultInfo' scope=3D'request'/>
> 13:
> 14: <table width=3D"100%">

-- =

This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: htt=
p://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       =20

--===============0472895239312352377==--