Mantis - Resin
Viewing Issue Advanced Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
5521 crash always 09-07-13 01:55 09-26-13 11:25
Reporter: arjan_tijms Platform:  
Assigned To: ferg OS:  
Priority: normal OS Version:  
Status: closed Product Version: 4.0.36  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.38  
Summary: 0005521: cookie-config and tracking-mode not supported by Resin
Description: A web.xml file for Servlet 3.0, containing the following content will cause a fatal crash in Resin 4.0.36

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" [^]
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" [^]
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee [^] http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" [^]
    metadata-complete="false"
>
    <session-config>
        
        <cookie-config>
            <http-only>true</http-only>
        </cookie-config>
        
        <tracking-mode>COOKIE</tracking-mode>
    </session-config>
...

The error reported is:

{resin-port-8080-48} WEB-INF/web.xml:129: <cookie-config> is an unexpected tag (parent <session-config> starts at 127).
                       
                       127: <session-config>
                       128:
                       129: <cookie-config>
                       130: <http-only>true</http-only>
                       131: </cookie-config>
                       
                       
                       <session-timeout xmlns="http://java.sun.com/xml/ns/javaee"> [^] is expected,
                       or </session-config> may close.

This is of course not correct. <cookie-config> is perfectly valid to be at that location. The particular web.xml works on every other Servlet 3.0 container (JBoss EAP 6.1, GlassFish 3.1.22, TomEE 1.5.2, Liberty 8.5.5, WebLogic 12.1.2, etc etc).

Programmatically setting this in a ServletContainerInitializer doesn't work either. The following code will thrown an exception in Resin 4.0.36:

Set<SessionTrackingMode> trackingModes = new HashSet<SessionTrackingMode>();
trackingModes.add(URL);
servletContext.setSessionTrackingModes(trackingModes);
servletContext.getSessionCookieConfig().setHttpOnly(true);

The exception is:

 {resin-53} Could not set session config
                      java.lang.UnsupportedOperationException: unimplemented
                          at com.caucho.server.webapp.ServletContextImpl.setSessionTrackingModes(ServletContextImpl.java:552)

The same code however works in every other Servlet 3.0 container. Since these methods are in the official Java EE API, I guess they should be implemented (apparently the TCK did not test these particular ones?)
Steps To Reproduce:
Additional Information:
Relationships
Attached Files:

Notes
(0006326)
ferg   
09-26-13 11:25   
server/01eg

The API missing from the TCK is a surprise (although it's almost always the case that the TCK has some holes.)

The XML is less of a surprise, because it's a heavier-weight test to check XML than the APIs, and so the TCK does less of that. The XML testing is generally more of our responsibility.