Bug 35216

Summary: x:forEach causes session scope exception
Product: Taglibs Reporter: Eric Haszlakiewicz <erh+apache>
Component: Standard TaglibAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: critical CC: puckman, slaurent
Priority: P2    
Version: 1.1.0   
Target Milestone: ---   
Hardware: Other   
OS: other   
Attachments: Test + Fix patch

Description Eric Haszlakiewicz 2005-06-04 00:14:02 UTC
Using the x:forEach tag on a page that does not participate in a session causes
an exception because something tries to access a session scope variable.

I discovered this problem while using:
  Standard taglib 1.1.2
  Tomcat 5.0.27
  Java 1.4.2

This simple jsp page fails:
<%@ page session="false" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/xml" prefix="x" %>

<x:parse xml="<content/>" var="doc" scope="request" />

<x:forEach select="$doc//*">
    foo
</x:forEach>

with this error:
java.lang.IllegalStateException: Cannot access session scope in page that does
not participate in any session
  at
org.apache.jasper.runtime.PageContextImpl.doGetAttributeNamesInScope(PageContextImpl.java:501)
  at
org.apache.jasper.runtime.PageContextImpl.getAttributeNamesInScope(PageContextImpl.java:487)
  at
org.apache.taglibs.standard.tag.common.xml.XPathUtil.getVariableQNames(XPathUtil.java:100)
  at
org.apache.taglibs.standard.tag.common.xml.XPathUtil.fillVarStack(XPathUtil.java:772)
  at
org.apache.taglibs.standard.tag.common.xml.XPathUtil.selectNodes(XPathUtil.java:522)
  at
org.apache.taglibs.standard.tag.common.xml.ForEachTag.prepare(ForEachTag.java:50)
  at javax.servlet.jsp.jstl.core.LoopTagSupport.doStartTag(LoopTagSupport.java:227)
  at org.apache.jsp.ttt_jsp._jspx_meth_x_forEach_0(ttt_jsp.java:106)
  at org.apache.jsp.ttt_jsp._jspService(ttt_jsp.java:61)
  at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
etc...
Comment 1 Rahul 2005-06-04 01:12:27 UTC
Seems, to me, that XPathUtil#getVariableQNames() misses checking whether the 
session should be accessed. Inlining a patch, given its size, I'm not too 
worried about losing the diff formatting.

Index: XPathUtil.java
===================================================================
RCS file: /usr/local/cvsroot/apache/jakarta-taglibs-standard-1.1.2-
src/standard/src/org/apache/taglibs/standard/tag/common/xml/XPathUtil.java,v
retrieving revision 1.1
diff -c -r1.1 XPathUtil.java
*** XPathUtil.java	3 Jun 2005 22:47:11 -0000	1.1
--- XPathUtil.java	3 Jun 2005 22:58:59 -0000
***************
*** 97,112 ****
              variableVector.addElement( new QName(null, varName ) );
              globalVarSize++;
          }
!         enum_ = pageContext.getAttributeNamesInScope( 
!             PageContext.SESSION_SCOPE );
!         while ( enum_.hasMoreElements() ) {
!             String varName = (String)enum_.nextElement();
!             QName varQName = new QName ( SESSION_NS_URL, SESSION_P,varName); 
!             //Adding both namespace qualified QName and just localName
!             variableVector.addElement( varQName );
!             globalVarSize++;
!             variableVector.addElement( new QName(null, varName ) );
!             globalVarSize++;
          }
          enum_ = pageContext.getAttributeNamesInScope( 
              PageContext.APPLICATION_SCOPE );
--- 97,117 ----
              variableVector.addElement( new QName(null, varName ) );
              globalVarSize++;
          }
!         if (pageContext.getSession() != null) {
!             // we may have a page directive preventing session 
creation/access
!             // do not attempt to retrieve attribute names in session scope
!             // @see [ http://issues.apache.org/bugzilla/show_bug.cgi?
id=35216 ]
!             enum_ = pageContext.getAttributeNamesInScope( 
!                 PageContext.SESSION_SCOPE );
!             while ( enum_.hasMoreElements() ) {
!                 String varName = (String)enum_.nextElement();
!                 QName varQName = new QName ( SESSION_NS_URL, 
SESSION_P,varName); 
!                 //Adding both namespace qualified QName and just localName
!                 variableVector.addElement( varQName );
!                 globalVarSize++;
!                 variableVector.addElement( new QName(null, varName ) );
!                 globalVarSize++;
!             }
          }
          enum_ = pageContext.getAttributeNamesInScope( 
              PageContext.APPLICATION_SCOPE );
Comment 2 Eric Haszlakiewicz 2005-06-06 00:15:53 UTC
I just tried recompiling XPathUtil.java with that patch.  It worked.  Thanks for
the quick response!
Comment 3 Rahul Akolkar 2005-09-13 16:12:05 UTC
*** Bug 36637 has been marked as a duplicate of this bug. ***
Comment 4 Paul Benedict 2006-09-09 20:59:54 UTC
This bug still exists in 1.1.2. I am getting it also for <x:parse>. Will a 1.1.3
soon be available? I am using it in an RSS feed and it's ridiculous I have to
have a session to do XML parsing with this tag.
Comment 5 Henri Yandell 2006-12-27 14:01:22 UTC
Created attachment 19308 [details]
Test + Fix patch

Uses Rahul's inline patch and adds a Cactus test.
Comment 6 Paul Benedict 2006-12-27 22:34:27 UTC
Thanks Henri. I locally patched this myself too, but when will an official
release be available? Is that on the horizon at all?
Comment 7 Henri Yandell 2006-12-28 08:51:52 UTC
I'm working towards a new 1.1.x release:

http://wiki.apache.org/jakarta-taglibs/Standard_1%2e1%2e3

So it's more on the horizon now than it has been :) The patch/test will get
committed next week (I put a day a week in).
Comment 8 Henri Yandell 2007-01-03 12:09:08 UTC
svn ci -m "Applying Rahul's patch and my test case for #35216 - the illegal
state exception is protected from via a != null"   

Sending        src/org/apache/taglibs/standard/tag/common/xml/XPathUtil.java
Adding         test/org/apache/taglibs/standard/tag/el/xml/Test35216.java
Adding         test/web/org/apache/taglibs/standard/tag/el/xml/Test35216.jsp
Transmitting file data ...
Committed revision 492277.
Comment 9 Henri Yandell 2007-10-16 23:29:40 UTC
*** Bug 43393 has been marked as a duplicate of this bug. ***