Bug 43393 - x:out provokes an IllegalStateException if session is forbidden
Summary: x:out provokes an IllegalStateException if session is forbidden
Status: RESOLVED DUPLICATE of bug 35216
Alias: None
Product: Taglibs
Classification: Unclassified
Component: Standard Taglib (show other bugs)
Version: 1.1
Hardware: Other other
: P2 normal (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2007-09-14 03:08 UTC by Sylvain Laurent
Modified: 2007-10-16 23:29 UTC (History)
0 users

JSP to test this issue (615 bytes, application/octet-stream)
2007-10-11 16:16 UTC, Bjorn Townsend

Note You need to log in before you can comment on or make changes to this bug.
Description Sylvain Laurent 2007-09-14 03:08:20 UTC
If a JSP page that prevents using the http session has an <x:out> tag, there's 
an IllegalStateException thrown.
The problem is in XPathUtil.getVariableQNames() where a call to 
pageContext.getAttributeNamesInScope(PageContext.SESSION_SCOPE) is done 
without first checking that the session is available...
Comment 1 Bjorn Townsend 2007-10-11 16:16:12 UTC
Created attachment 20965 [details]
JSP to test this issue


I tried reproducing this issue by setting the session page directive to false
(see attached JSP file) but I couldn't get it to fail -- it works fine for me.
What method are you using to deny access to the HTTP session in the page?

In order to help me investigate this, can you provide the following:

- Your JSP version
- Your servlet API version
- Your app server and version
- If at all possible, a copy of the JSP that is failing for you

FYI, I attempted my reproduction on Tomcat 5.5.20 with JSP 2.0 and web-app 2.4
(and taglibs 1.1.2). 

Comment 2 Henri Yandell 2007-10-16 23:25:48 UTC
Looking at the code, there's a comment referring to this issue being dealt with
in http://issues.apache.org/bugzilla/show_bug.cgi?id=35216. 
Comment 3 Bjorn Townsend 2007-10-16 23:27:26 UTC
Henri's right -- I've reverted to a version prior to the fix for 35216 being
committed, and I am able to reproduce the issue using the JSP I attached
previously.  So it looks like this is a dupe of 35216 and is fixed in trunk.
Comment 4 Henri Yandell 2007-10-16 23:29:40 UTC
Resolving as a duplicate. 

*** This bug has been marked as a duplicate of 35216 ***