https://bz.apache.org/bugzilla/show_bug.cgi?id=59654
Bug ID: 59654 Summary: Jsp spec violation in tld identifying? Product: Tomcat 7 Version: trunk Hardware: All OS: All Status: NEW Severity: major Priority: P2 Component: Jasper Assignee: dev@tomcat.apache.org Reporter: huxing.zh...@gmail.com What the spec says: JSP.7.3.1 Identifying Tag Library Descriptors ... TLD files should not be placed in /WEB-INF/classes or /WEB-INF/lib, and must not be placed inside /WEB-INF/tags or a subdirectory of it, unless named implicit.tld and intended to configure an implicit tag library with its JSP version and tlib-version. Out test case: We have simple web app with the following structure: test ├── WEB-INF │ ├── classes │ └── tags │ └── test.tld └── taglib.jsp test.tld: <?xml version="1.0" encoding="UTf-8" ?> <taglib version="2.0"> <description></description> <display-name></display-name> <tlib-version>1.0</tlib-version> <short-name>f</short-name> <function> <name>get</name> <function-class>java.lang.System</function-class> <function-signature>java.lang.String getProperty(java.lang.String)</function-signature> </function> </taglib> taglib.jsp: <%@page contentType="text/html;charset=UTF-8" pageEncoding="UTF-8"%> <%@ taglib uri="/WEB-INF/tags/test.tld" prefix="f"%> <html> <body> <h3>${f:get("java.home")}</h3> </body> </html> Tomcat 7.0.69 behavior: After deploying the test web app and visit http://localhost:8080/test/taglib.jsp, the jsp page gets compiled and java home has been correctly displayed. Tomcat 8 & 9 trunk behavior: When visiting http://localhost:8080/test/taglib.jsp, server responded with HTTP 500: HTTP Status 500 - Unable to find taglib "f" for URI: /WEB-INF/tags/test.tld org.apache.jasper.JasperException: Unable to find taglib "f" for URI: /WEB-INF/tags/test.tld org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:55) org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:277) org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:75) org.apache.jasper.compiler.TagLibraryInfoImpl.<init>(TagLibraryInfoImpl.java:183) org.apache.jasper.compiler.Parser.parseTaglibDirective(Parser.java:421) org.apache.jasper.compiler.Parser.parseDirective(Parser.java:479) org.apache.jasper.compiler.Parser.parseElements(Parser.java:1435) org.apache.jasper.compiler.Parser.parse(Parser.java:139) org.apache.jasper.compiler.ParserController.doParse(ParserController.java:227) org.apache.jasper.compiler.ParserController.parse(ParserController.java:100) org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:199) org.apache.jasper.compiler.Compiler.compile(Compiler.java:356) org.apache.jasper.compiler.Compiler.compile(Compiler.java:336) org.apache.jasper.compiler.Compiler.compile(Compiler.java:323) org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:585) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:363) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340) javax.servlet.http.HttpServlet.service(HttpServlet.java:729) org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) Conclusion: Clearly the tomcat 7 behavior is against spec, which I think should be fixed. Analysis: After some digging, I found that the tld file is skipped during tld scan phase. However, when parsing tag lib directive, the org.apache.jasper.compiler.TagLibraryInfoImpl#generateTLDLocation didn't check the tld file location that is prohibited by spec. Since the implementation is quite different between tomcat 7 % tomcat 8+. I found it hard to backport the tomcat 8 implementation to tomcat 7. Therefore, the fix should be specific to tomcat 7(tomcat 6 is not investigated.) Proposed Fix: Please refer to the attachment. I've added a dedicated message to indicate such an behaivor is violating spec. p.s. Should we also add the dedicated message to tomcat 8+ ? Because the message "Unable to find taglib "f" for URI: /WEB-INF/tags/test.tld" is somewhat confusing. The file does exist, it is the spec that requires tomcat not to load it. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org