glassfish
  1. glassfish
  2. GLASSFISH-16818

Servlet 3.0 Rev a Spec violation // SSL Attributes

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.1.1_b09
    • Component/s: web_container
    • Labels:
      None
    • Environment:

      Windows 7 version 6.1 running on amd64; Cp1252; de_DE (nb)
      Java(TM) SE Runtime Environment (build 1.6.0_24-b07)
      Java HotSpot(TM) 64-Bit Server VM (build 19.1-b02, mixed mode)
      GlassFish 3.1 b43

      Description

      According to the Java™ Servlet Specification Version 3.0 Rev a §3.8 SSL Attributes:

      "If a request has been transmitted over a secure protocol, such as HTTPS [...]
      The Web container must expose the following attributes to the servlet programmer:
      [...]
      SSL session id 'javax.servlet.request.ssl_session_id' String "

      This is not true for the latest GF stable 3.1 b43.
      It still uses the 'javax.servlet.request.ssl_session'.

      See the very simple index.jsp for a testcase ..

        Activity

        Hide
        Shing Wai Chan added a comment -

        Why fix this issue in 3.1.1?
        spec issue

        Which is the targeted build of 3.1.1 for this fix?
        b07

        Do regression tests exist for this issue?
        update web devtests on this

        Which tests should QA (re)run to verify the fix did not destabilize GlassFish?
        SSL related tests.

        Show
        Shing Wai Chan added a comment - Why fix this issue in 3.1.1? spec issue Which is the targeted build of 3.1.1 for this fix? b07 Do regression tests exist for this issue? update web devtests on this Which tests should QA (re)run to verify the fix did not destabilize GlassFish? SSL related tests.
        Hide
        scatari added a comment -

        Approved for 3.1.1.

        Show
        scatari added a comment - Approved for 3.1.1.
        Hide
        Shing Wai Chan added a comment - - edited

        fix in GlassFish 3.1.1
        Sending web/web-core/src/main/java/org/apache/catalina/Globals.java
        Sending web/web-core/src/main/java/org/apache/catalina/connector/Constants.java
        Sending web/web-core/src/main/java/org/apache/catalina/connector/Request.java
        Transmitting file data ...
        Committed revision 47401.

        fix in Grizzly 1.9.x
        utils/src/main/java/com/sun/grizzly/util/net/SSLSupport.java
        [1.9.x 5d329de] incremental fix for http://java.net/jira/browse/GLASSFISH-16818 ("Servlet 3.0 Rev a Spec violation // SSL Attributes")

        fix in Grizzly 2.x
        grizzly/src/main/java/org/glassfish/grizzly/ssl/SSLSupport.java
        [master 63dacab] incremental fix for http://java.net/jira/browse/GLASSFISH-16818 ("Servlet 3.0 Rev a Spec violation // SSL Attributes")

        Show
        Shing Wai Chan added a comment - - edited fix in GlassFish 3.1.1 Sending web/web-core/src/main/java/org/apache/catalina/Globals.java Sending web/web-core/src/main/java/org/apache/catalina/connector/Constants.java Sending web/web-core/src/main/java/org/apache/catalina/connector/Request.java Transmitting file data ... Committed revision 47401. fix in Grizzly 1.9.x utils/src/main/java/com/sun/grizzly/util/net/SSLSupport.java [1.9.x 5d329de] incremental fix for http://java.net/jira/browse/GLASSFISH-16818 ("Servlet 3.0 Rev a Spec violation // SSL Attributes") fix in Grizzly 2.x grizzly/src/main/java/org/glassfish/grizzly/ssl/SSLSupport.java [master 63dacab] incremental fix for http://java.net/jira/browse/GLASSFISH-16818 ("Servlet 3.0 Rev a Spec violation // SSL Attributes")
        Hide
        Shing Wai Chan added a comment -

        fix in GlassFish trunk
        Sending web/web-core/src/main/java/org/apache/catalina/Globals.java
        Sending web/web-core/src/main/java/org/apache/catalina/connector/Constants.java
        Sending web/web-core/src/main/java/org/apache/catalina/connector/Request.java
        Transmitting file data ...
        Committed revision 47410.

        Show
        Shing Wai Chan added a comment - fix in GlassFish trunk Sending web/web-core/src/main/java/org/apache/catalina/Globals.java Sending web/web-core/src/main/java/org/apache/catalina/connector/Constants.java Sending web/web-core/src/main/java/org/apache/catalina/connector/Request.java Transmitting file data ... Committed revision 47410.
        Hide
        Shing Wai Chan added a comment -

        fix in Grizzly 1.0.x
        [1.0.x 513ea37] port incremental fix for issue http://java.net/jira/browse/GLASSFISH-16818 ("Servlet 3.0 Rev a Spec violation // SSL Attributes")

        Show
        Shing Wai Chan added a comment - fix in Grizzly 1.0.x [1.0.x 513ea37] port incremental fix for issue http://java.net/jira/browse/GLASSFISH-16818 ("Servlet 3.0 Rev a Spec violation // SSL Attributes")
        Hide
        Shing Wai Chan added a comment -

        The corresponding fix Grizzly mentioned above is in Grizzly 1.9.36 and is integrated into GlassFish 3.1.1.

        Show
        Shing Wai Chan added a comment - The corresponding fix Grizzly mentioned above is in Grizzly 1.9.36 and is integrated into GlassFish 3.1.1.

          People

          • Assignee:
            Shing Wai Chan
            Reporter:
            myfear
          • Votes:
            1 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: