javax.servlet.ServletException: Invalid JSP file /jsp/num/numguess.jsp (WAS: ShowSource in examples throws exception)

2001-07-04 Thread Hamish MacEwan 

Hi,

This problem has been posted to the mailing list before at:

http://mikal.org/interests/java/tomcat/archive/view?mesg=24751

Unfortunately I can't seem to find any reply to this, the email address isn't 
complete, a Google search found the poster, but his email appears to have died...

But... I'm sure there's an answer somewhere.

Can you help?

The problem the  original post covers is still present in 3.2.2.

Thanks in advance.


Hamish MacEwan.


-
Protect yourself from spam, use http://sneakemail.com

ShowSource in examples throws exception

2001-04-11 Thread Emil S. Petkov 

I have installed Tomcat 3.2.1 with the default configuration files -- still did not 
care to make changes. Then connected to the examples page -- everything fine, examples 
work.

However, showing the source of a jsp page using sourse.jsp does not work and throws 
JspTagException.
In
$TOMCAT_HOME/webapps/examples/WEB-INF/classes/examples/ShowSource.java
the following code does that:

...
public int doEndTag() throws JspException {
if ((jspFile.indexOf( ".." ) = 0) ||
(jspFile.toUpperCase().indexOf("/WEB-INF/") != 0) ||
(jspFile.toUpperCase().indexOf("/META-INF/") != 0))
throw new JspTagException("Invalid JSP file " + jspFile);
...

As far as I can recall the 2nd and the 3rd conditions were added for security reasons. 
However, as I read them, they mean that the jsp file path SHOULD begin with 
"/WEB-INF/" or "/META-INF/". Is it really what they meant? Shouldn't the access to 
WEB-INF and META-INF be denied (i.e. in the above confitions '= 0' or ' != -1', or at 
least "= 0") -- at least this is what the apache conf chunk does. Well -- we have for 
the numguess example an URL of 
http://localhost:8080/examples/jsp/source.jsp?/jsp/num/numguess.jsp -- i.e. it does 
not meet the condition and throws exception.

It is not clear to me what does an absolute path mean when calling a method from a jsp.

(Bellow is what I get if somebody cares to read it)

Thanx in advance for any assistance.

Best regards,
Emil S. Petkov


Error: 500
Location: /examples/jsp/source.jsp
Internal Servlet Error:

javax.servlet.ServletException: Invalid JSP file /jsp/num/numguess.jsp
 at 
org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:459)
 at 
jsp._0002fjsp_0002fsource_0002ejspsource_jsp_1._jspService(_0002fjsp_0002fsource_0002ejspsource_jsp_1.java:89)
 at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
 at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:177)
 at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:318)
 at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:391)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
 at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:404)
 at org.apache.tomcat.core.Handler.service(Handler.java:286)
 at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
 at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:797)
 at org.apache.tomcat.core.ContextManager.service(ContextManager.java:743)
 at 
org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpConnectionHandler.java:210)
 at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
 at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498)
 at java.lang.Thread.run(Thread.java:484)

Root cause: 
javax.servlet.jsp.JspTagException: Invalid JSP file /jsp/num/numguess.jsp
 at examples.ShowSource.doEndTag(ShowSource.java:26)
 at 
jsp._0002fjsp_0002fsource_0002ejspsource_jsp_1._jspService(_0002fjsp_0002fsource_0002ejspsource_jsp_1.java:76)
 at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
 at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:177)
 at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:318)
 at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:391)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
 at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:404)
 at org.apache.tomcat.core.Handler.service(Handler.java:286)
 at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
 at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:797)
 at org.apache.tomcat.core.ContextManager.service(ContextManager.java:743)
 at 
org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpConnectionHandler.java:210)
 at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
 at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498)
 at java.lang.Thread.run(Thread.java:484)