Issue Details (XML | Word | Printable)

Key: GLASSFISH-16818
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Shing Wai Chan
Reporter: myfear
Votes: 1
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
glassfish

Servlet 3.0 Rev a Spec violation // SSL Attributes

Created: 07/Jun/11 09:20 PM   Updated: 17/Oct/11 11:01 PM   Resolved: 22/Jun/11 04:16 PM
Component/s: web_container
Affects Version/s: None
Fix Version/s: 3.1.1_b09

Time Tracking:
Not Specified

File Attachments: 1. File index.jsp (0.7 kB) 07/Jun/11 09:20 PM - myfear

Environment:

Windows 7 version 6.1 running on amd64; Cp1252; de_DE (nb)
Java(TM) SE Runtime Environment (build 1.6.0_24-b07)
Java HotSpot(TM) 64-Bit Server VM (build 19.1-b02, mixed mode)
GlassFish 3.1 b43


Tags: 3_1_1-approved
Participants: myfear, scatari and Shing Wai Chan


 Description  « Hide

According to the Java™ Servlet Specification Version 3.0 Rev a §3.8 SSL Attributes:

"If a request has been transmitted over a secure protocol, such as HTTPS [...]
The Web container must expose the following attributes to the servlet programmer:
[...]
SSL session id 'javax.servlet.request.ssl_session_id' String "

This is not true for the latest GF stable 3.1 b43.
It still uses the 'javax.servlet.request.ssl_session'.

See the very simple index.jsp for a testcase ..



Shing Wai Chan added a comment - 08/Jun/11 02:51 PM

Why fix this issue in 3.1.1?
spec issue

Which is the targeted build of 3.1.1 for this fix?
b07

Do regression tests exist for this issue?
update web devtests on this

Which tests should QA (re)run to verify the fix did not destabilize GlassFish?
SSL related tests.


scatari added a comment - 08/Jun/11 02:57 PM

Approved for 3.1.1.


Shing Wai Chan added a comment - 09/Jun/11 12:45 PM - edited

fix in GlassFish 3.1.1
Sending web/web-core/src/main/java/org/apache/catalina/Globals.java
Sending web/web-core/src/main/java/org/apache/catalina/connector/Constants.java
Sending web/web-core/src/main/java/org/apache/catalina/connector/Request.java
Transmitting file data ...
Committed revision 47401.

fix in Grizzly 1.9.x
utils/src/main/java/com/sun/grizzly/util/net/SSLSupport.java
[1.9.x 5d329de] incremental fix for http://java.net/jira/browse/GLASSFISH-16818 ("Servlet 3.0 Rev a Spec violation // SSL Attributes")

fix in Grizzly 2.x
grizzly/src/main/java/org/glassfish/grizzly/ssl/SSLSupport.java
[master 63dacab] incremental fix for http://java.net/jira/browse/GLASSFISH-16818 ("Servlet 3.0 Rev a Spec violation // SSL Attributes")


Shing Wai Chan added a comment - 09/Jun/11 03:19 PM

fix in GlassFish trunk
Sending web/web-core/src/main/java/org/apache/catalina/Globals.java
Sending web/web-core/src/main/java/org/apache/catalina/connector/Constants.java
Sending web/web-core/src/main/java/org/apache/catalina/connector/Request.java
Transmitting file data ...
Committed revision 47410.


Shing Wai Chan added a comment - 13/Jun/11 09:13 AM

fix in Grizzly 1.0.x
[1.0.x 513ea37] port incremental fix for issue http://java.net/jira/browse/GLASSFISH-16818 ("Servlet 3.0 Rev a Spec violation // SSL Attributes")


Shing Wai Chan added a comment - 22/Jun/11 04:16 PM

The corresponding fix Grizzly mentioned above is in Grizzly 1.9.36 and is integrated into GlassFish 3.1.1.