Bug 48371 - addWebXmlMappings does not place servlet tags correctly
Summary: addWebXmlMappings does not place servlet tags correctly
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Jasper (show other bugs)
Version: 6.0.20
Hardware: PC Windows XP
: P2 minor (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-12-10 18:16 UTC by Lee Clemens
Modified: 2010-03-03 17:40 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Lee Clemens 2009-12-10 18:16:34 UTC
If there is a commented-out <security-constraint> or commented-out <servlet> tag and addWebXmlMappings="true", the JSP's servlet and servlet-mapping tags are placed incorrectly and Tomcat will not start due to "--" being inside a comment.

Basically, it seems the web.xml is not parsed correctly when using addWebXmlMappings and you cannot have above tags commented out, or new servlet tags will be placed incorrectly and comment tags not respected.
Comment 1 Konstantin Kolinko 2009-12-22 19:23:15 UTC
Can you provide step-by-step instructions, how to reproduce it on a fresh instance of Tomcat?
Comment 2 Lee Clemens 2009-12-24 09:29:06 UTC
In the webapp's web.xml, have display-name and then description.  Before the listener, include the snippet below(commented out).

Run an ANT script to precompile JSPs:

<import file="${tomcat.home}/bin/catalina-tasks.xml"/>
<jasper validateXml="false"
                uriroot="${work.core}"
                webXmlFragment="${jsp.generated.web.xml}"
                addWebXmlMappings="true"
                outputDir="${work.src}"/>

The resulting web.xml ${jsp.generated.web.xml} is malformed.

Here is the snippet from the web.xml before instructing jasper to addWebXmlMappings.

  <!--
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Entire Application</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    -->

    <!--<security-constraint>
        <web-resource-collection>
            <web-resource-name>Deny Direct Access</web-resource-name>
            <description>Deny direct access to JSPs. All such requests should be
                handled by the Container in the protection domain
            </description>
            <url-pattern>*.jsp</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>NoOneCanAccess</role-name>
        </auth-constraint>
    </security-constraint>
    <security-role>
        <role-name>NoOneCanAccess</role-name>
    </security-role>-->


    <!-- modify in web.xml in tomcat/conf/
   <servlet>
       <servlet-name>jsp</servlet-name>
       <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
       <init-param>
           <param-name>fork</param-name>
           <param-value>false</param-value>
       </init-param>
       <init-param>
           <param-name>xpoweredBy</param-name>
           <param-value>false</param-value>
       </init-param>
       <init-param>
           <param-name>compilerSourceVM</param-name>
           <param-value>1.5</param-value>
       </init-param>
       <init-param>
           <param-name>compilerTargetVM</param-name>
           <param-value>1.5</param-value>
       </init-param>
       <load-on-startup>3</load-on-startup>
   </servlet> -->
Comment 3 Mark Thomas 2010-02-13 19:24:11 UTC
This has been fixed in trunk and proposed for 6.0.x
Comment 4 Mark Thomas 2010-03-03 17:40:52 UTC
This has been fixed for 6.0.x and will be included in 6.0.26 onwards.