Skip to content

Tomcat default stacktrace page will be displayed with invalid locale cookie value #8075

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
IsaoTakahashi opened this issue Jan 24, 2017 · 2 comments
Closed

Tomcat default stacktrace page will be displayed with invalid locale cookie value #8075

IsaoTakahashi opened this issue Jan 24, 2017 · 2 comments
Assignees
@wilkinsona
Labels
status: duplicate A duplicate of another issue

Comments

@IsaoTakahashi
Copy link

IsaoTakahashi commented Jan 24, 2017
edited by snicoll
Loading

I've found some case that stacktrace is exposed when I use CookieLocaleResolver.

With inputting invalid value (e.g. ') in locale cookie, IllegalArgumentException is thrown and it is not handled any error handler.
As result, tomcat default stacktrace page is displayed.

Although I define Error Handling logic belows, it doesn't work for this situation.

  • declare class extending ExceptionHandlerExceptionResolver and add handler with @Exceptionhandler(Exception.class)
  • add server.error.whitelabel.enabled=false to avoid displaying whitelabel page

Here is a stacktrace on error page.

java.lang.IllegalArgumentException: Locale part "'" contains invalid characters
	org.springframework.util.StringUtils.validateLocalePart(StringUtils.java:719)
	org.springframework.util.StringUtils.parseLocaleString(StringUtils.java:699)
	org.springframework.web.servlet.i18n.CookieLocaleResolver.parseLocaleValue(CookieLocaleResolver.java:247)
	org.springframework.web.servlet.i18n.CookieLocaleResolver.parseLocaleCookieIfNecessary(CookieLocaleResolver.java:193)
	org.springframework.web.servlet.i18n.CookieLocaleResolver.resolveLocaleContext(CookieLocaleResolver.java:165)
	org.springframework.web.servlet.DispatcherServlet.buildLocaleContext(DispatcherServlet.java:1069)
	org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:959)
	org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
	org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	org.springframework.boot.web.filter.ApplicationContextHeaderFilter.doFilterInternal(ApplicationContextHeaderFilter.java:55)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:105)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:89)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

Related Issue

I think #7936 is similar situation.

Appendix

I created tiny demo app.
You can reproduce the issue with the app below.
IsaoTakahashi/cookie-locale-exception
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jan 24, 2017
@wilkinsona wilkinsona self-assigned this Jan 24, 2017
@wilkinsona
Copy link
Member

@IsaoTakahashi Thanks for the sample. This is indeed similar to #7936. Like that issue there's not much that we can do in Boot about this so I've opened SPR-15182 to see if CookieLocaleResolver can be made more robust. In the meantime, you can use the workaround described in that issue.

@wilkinsona wilkinsona added status: duplicate A duplicate of another issue and removed status: waiting-for-triage An issue we've not yet triaged labels Jan 24, 2017
@IsaoTakahashi
Copy link
Author

@wilkinsona Many thanks for handling!
Just now I've tried with 1.5.0.BUILD-SNAPSHOT and confirmed it is fixed.
(templates/error.html is responded to user)

Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wilkinsona wilkinsona

Labels
status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wilkinsona @IsaoTakahashi @spring-projects-issues