Mantis - Resin
Viewing Issue Advanced Details
5521 crash always 09-07-13 01:55 09-26-13 11:25
arjan_tijms  
ferg  
normal  
closed 4.0.36  
fixed  
none    
none 4.0.38  
0005521: cookie-config and tracking-mode not supported by Resin
A web.xml file for Servlet 3.0, containing the following content will cause a fatal crash in Resin 4.0.36

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" [^]
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" [^]
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee [^] http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" [^]
    metadata-complete="false"
>
    <session-config>
        
        <cookie-config>
            <http-only>true</http-only>
        </cookie-config>
        
        <tracking-mode>COOKIE</tracking-mode>
    </session-config>
...

The error reported is:

{resin-port-8080-48} WEB-INF/web.xml:129: <cookie-config> is an unexpected tag (parent <session-config> starts at 127).
                       
                       127: <session-config>
                       128:
                       129: <cookie-config>
                       130: <http-only>true</http-only>
                       131: </cookie-config>
                       
                       
                       <session-timeout xmlns="http://java.sun.com/xml/ns/javaee"> [^] is expected,
                       or </session-config> may close.

This is of course not correct. <cookie-config> is perfectly valid to be at that location. The particular web.xml works on every other Servlet 3.0 container (JBoss EAP 6.1, GlassFish 3.1.22, TomEE 1.5.2, Liberty 8.5.5, WebLogic 12.1.2, etc etc).

Programmatically setting this in a ServletContainerInitializer doesn't work either. The following code will thrown an exception in Resin 4.0.36:

Set<SessionTrackingMode> trackingModes = new HashSet<SessionTrackingMode>();
trackingModes.add(URL);
servletContext.setSessionTrackingModes(trackingModes);
servletContext.getSessionCookieConfig().setHttpOnly(true);

The exception is:

 {resin-53} Could not set session config
                      java.lang.UnsupportedOperationException: unimplemented
                          at com.caucho.server.webapp.ServletContextImpl.setSessionTrackingModes(ServletContextImpl.java:552)

The same code however works in every other Servlet 3.0 container. Since these methods are in the official Java EE API, I guess they should be implemented (apparently the TCK did not test these particular ones?)

Notes
(0006326)
ferg   
09-26-13 11:25   
server/01eg

The API missing from the TCK is a surprise (although it's almost always the case that the TCK has some holes.)

The XML is less of a surprise, because it's a heavier-weight test to check XML than the APIs, and so the TCK does less of that. The XML testing is generally more of our responsibility.