Bug 58015 - servlet-api.jar from WAR files not being excluded
servlet-api.jar from WAR files not being excluded
Status: RESOLVED FIXED
Product: Tomcat 8
Classification: Unclassified
Component: Catalina
8.0.23
PC Linux
: P2 regression (vote)
: ----
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2015-06-09 19:49 UTC by Jason McIntosh
Modified: 2015-06-10 08:03 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jason McIntosh 2015-06-09 19:49:13 UTC
tomcat.util.scan.StandardJarScanFilter.jarsToSkip
has the servlet-api and servlet-api* files in the list.

Deploy a war where an "idiot developer" included "servlet-api-2.5.jar" in the WEB-INF/lib folder.  Try and hit a JSP page, and it fails, due to the "The method getDispatcherType() is undefined for the type HttpServletRequest" error.

Then, rather than redeploying, stop tomcat, go into the $CATALINA_HOME/webapps/war/WEB-INF/lib/
and remove servlet-api-2.5.jar and start tomcat

You can then hit the JSP pages.  Note, to re-verify, delete the work folder, remove the unpacked war, and try again to recreate the issue.  Off hand, it appears that the jarsToSkip SHOULD be excluding servlet-api-2.5.jar from wars loaded into it, but it doesn't appear to be behaving.  

Note, this isn't related to Bug 57020 - this is entirely on the server side with a war that worked fine on Tomcat 6 & Tomcat 7.  The same war is failing on tomcat 8 with the above for JSP pages.
Comment 1 Mark Thomas 2015-06-09 20:07:36 UTC
I haven't tested this (yet) but the code to prevent loading of Servlet API classes from the web app is still present.

jarsToSkip is completely unrelated to this feature.
Comment 2 Mark Thomas 2015-06-09 22:43:47 UTC
That was fun.

I found a bunch of edge case bugs in the web application class loader in this area that should all now be fixed in trunk.

It is getting late here so I'll back-port the fixes to earlier versions tomorrow.
Comment 3 Mark Thomas 2015-06-10 08:03:02 UTC
I've back-ported the various edge cases fixes as well as the specific fix for this bug. It will be included 8.0.24 onwards.