https://bz.apache.org/bugzilla/show_bug.cgi?id=59654
Bug ID: 59654
Summary: Jsp spec violation in tld identifying?
Product: Tomcat 7
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P2
Component: Jasper
Assignee: dev@tomcat.apache.org
Reporter: huxing.zh...@gmail.com
What the spec says:
JSP.7.3.1 Identifying Tag Library Descriptors
...
TLD files should not be placed in /WEB-INF/classes or /WEB-INF/lib, and must
not be placed inside /WEB-INF/tags or a subdirectory of it, unless named
implicit.tld and intended to configure an implicit tag library with its JSP
version and tlib-version.
Out test case:
We have simple web app with the following structure:
test
├── WEB-INF
│ ├── classes
│ └── tags
│ └── test.tld
└── taglib.jsp
test.tld:
<?xml version="1.0" encoding="UTf-8" ?>
<taglib version="2.0">
<description></description>
<display-name></display-name>
<tlib-version>1.0</tlib-version>
<short-name>f</short-name>
<function>
<name>get</name>
<function-class>java.lang.System</function-class>
<function-signature>java.lang.String
getProperty(java.lang.String)</function-signature>
</function>
</taglib>
taglib.jsp:
<%@page contentType="text/html;charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib uri="/WEB-INF/tags/test.tld" prefix="f"%>
<html>
<body>
<h3>${f:get("java.home")}</h3>
</body>
</html>
Tomcat 7.0.69 behavior:
After deploying the test web app and visit
http://localhost:8080/test/taglib.jsp, the jsp page gets compiled and java home
has been correctly displayed.
Tomcat 8 & 9 trunk behavior:
When visiting http://localhost:8080/test/taglib.jsp, server responded with HTTP
500:
HTTP Status 500 - Unable to find taglib "f" for URI: /WEB-INF/tags/test.tld
org.apache.jasper.JasperException: Unable to find taglib "f" for URI:
/WEB-INF/tags/test.tld
org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:55)
org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:277)
org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:75)
org.apache.jasper.compiler.TagLibraryInfoImpl.<init>(TagLibraryInfoImpl.java:183)
org.apache.jasper.compiler.Parser.parseTaglibDirective(Parser.java:421)
org.apache.jasper.compiler.Parser.parseDirective(Parser.java:479)
org.apache.jasper.compiler.Parser.parseElements(Parser.java:1435)
org.apache.jasper.compiler.Parser.parse(Parser.java:139)
org.apache.jasper.compiler.ParserController.doParse(ParserController.java:227)
org.apache.jasper.compiler.ParserController.parse(ParserController.java:100)
org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:199)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:356)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:336)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:323)
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:585)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:363)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
Conclusion:
Clearly the tomcat 7 behavior is against spec, which I think should be fixed.
Analysis:
After some digging, I found that the tld file is skipped during tld scan phase.
However, when parsing tag lib directive, the
org.apache.jasper.compiler.TagLibraryInfoImpl#generateTLDLocation didn't check
the tld file location that is prohibited by spec.
Since the implementation is quite different between tomcat 7 % tomcat 8+. I
found it hard to backport the tomcat 8 implementation to tomcat 7. Therefore,
the fix should be specific to tomcat 7(tomcat 6 is not investigated.)
Proposed Fix:
Please refer to the attachment.
I've added a dedicated message to indicate such an behaivor is violating spec.
p.s.
Should we also add the dedicated message to tomcat 8+ ? Because the message
"Unable to find taglib "f" for URI: /WEB-INF/tags/test.tld" is somewhat
confusing. The file does exist, it is the spec that requires tomcat not to load
it.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
