Uploaded image for project: 'Application Server 3  4  5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-5810

StringIndexOutOfBoundsException in JvmRouteValve when JSESSIONID is passed without jvmRoute

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: JBossAS-4.2.3.GA
    • Fix Version/s: None
    • Component/s: Web (Tomcat) service
    • Labels:
      None
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      There are 3 workarounds:

      1. Set Connector.emptySessionPath=false in jboss-web.deployer/server.xml. The emptySessionPath is required for JBoss Portal cross context session function, but if you are not using JBoss Portal, it's safe to turn off.
      2. Set UseJK=false in jboss-web.deployer/META-INF/jboss-service.xml. It disables sticky session function completely.
      3. Use custom valve like this:

      public class FixSessionIdValve extends ValveBase {
      public void invoke(Request request, Response response)
      throws IOException, ServletException {
      String requestedSessionId = request.getRequestedSessionId();
      if (requestedSessionId != null &&
      requestedSessionId.indexOf(".") < 0)

      { request.setRequestedSessionId(null); }

      getNext().invoke(request, response);
      }
      }

      Show
      There are 3 workarounds: 1. Set Connector.emptySessionPath=false in jboss-web.deployer/server.xml. The emptySessionPath is required for JBoss Portal cross context session function, but if you are not using JBoss Portal, it's safe to turn off. 2. Set UseJK=false in jboss-web.deployer/META-INF/jboss-service.xml. It disables sticky session function completely. 3. Use custom valve like this: public class FixSessionIdValve extends ValveBase { public void invoke(Request request, Response response) throws IOException, ServletException { String requestedSessionId = request.getRequestedSessionId(); if (requestedSessionId != null && requestedSessionId.indexOf(".") < 0) { request.setRequestedSessionId(null); } getNext().invoke(request, response); } }

      Description

      To reproduce, run the following command for clustered web application twice.

      curl -v --cookie JSESSIONID=aaaaa http://localhost:8080/test/index.jsp

      This problem doesn't exist in JBoss 5, it has been fixed within r63817 commit.

      ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
      java.lang.StringIndexOutOfBoundsException: String index out of range: -1
      at java.lang.String.substring(String.java:1768)
      at org.jboss.web.tomcat.service.session.JvmRouteValve.handleJvmRoute(JvmRouteValve.java:172)
      at org.jboss.web.tomcat.service.session.JvmRouteValve.checkJvmRoute(JvmRouteValve.java:112)
      at org.jboss.web.tomcat.service.session.JvmRouteValve.invoke(JvmRouteValve.java:81)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
      at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:437)
      at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:381)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Thread.java:595)

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  tkimura Takayoshi Kimura
                  Reporter:
                  tkimura Takayoshi Kimura
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: