[jira] (JETTY-1541) ArrayIndexOutOfBoundsException with AJP

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

[jira] (JETTY-1541) ArrayIndexOutOfBoundsException with AJP

JIRA jira@codehaus.org
Issue Type: Bug Bug
Affects Versions: 8.1.5
Assignee: Unassigned
Created: 30/Aug/12 7:35 AM
Description:

Trying to serve (through AJP) a resource that's bigger than 8192 bytes raises an AIOOBE (works fine with Tomcat 7.0.26 without any special configuration). I also tried setting bigger values for ResponseBufferSize on Ajp13SocketConnector but without success. This problem look very similar to JETTY-151.

2012-08-30 14:07:15.434:WARN:oejs.ServletHandler:/assets/jquery/jquery.js
java.lang.ArrayIndexOutOfBoundsException: 8192
at org.eclipse.jetty.io.ByteArrayBuffer.poke(ByteArrayBuffer.java:286)
at org.eclipse.jetty.io.AbstractBuffer.put(AbstractBuffer.java:465)
at org.eclipse.jetty.ajp.Ajp13Generator.prepareBuffers(Ajp13Generator.java:670)
at org.eclipse.jetty.ajp.Ajp13Generator.flushBuffer(Ajp13Generator.java:496)
at org.eclipse.jetty.http.AbstractGenerator.blockForOutput(AbstractGenerator.java:502)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:129)
at org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper$SaveContextServletOutputStream.write(SaveContextOnUpdateOrErrorResponseWrapper.java:203)
at java.io.OutputStream.write(OutputStream.java:116)
at org.eclipse.jetty.io.AbstractBuffer.writeTo(AbstractBuffer.java:656)
at org.eclipse.jetty.servlet.DefaultServlet.sendData(DefaultServlet.java:839)
at org.eclipse.jetty.servlet.DefaultServlet.doGet(DefaultServlet.java:504)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:598)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:486)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:542)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:233)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1065)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:413)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:192)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:999)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:224)
at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:98)
at org.springframework.web.servlet.resource.DefaultServletHttpRequestHandler.handleRequest(DefaultServletHttpRequestHandler.java:119)
at org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter.handle(HttpRequestHandlerAdapter.java:49)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:598)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1367)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:144)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1338)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1338)
at org.springframework.web.multipart.support.MultipartFilter.doFilterInternal(MultipartFilter.java:119)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1338)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1338)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:484)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:233)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1065)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:413)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:192)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:999)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:149)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111)
at org.eclipse.jetty.server.Server.handle(Server.java:350)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:454)
at org.eclipse.jetty.server.BlockingHttpConnection.handleRequest(BlockingHttpConnection.java:47)
at org.eclipse.jetty.ajp.Ajp13Connection.access$2900(Ajp13Connection.java:40)
at org.eclipse.jetty.ajp.Ajp13Connection$RequestHandler.headerComplete(Ajp13Connection.java:232)
at org.eclipse.jetty.ajp.Ajp13Parser.parseNext(Ajp13Parser.java:487)
at org.eclipse.jetty.ajp.Ajp13Parser.parseAvailable(Ajp13Parser.java:153)
at org.eclipse.jetty.server.BlockingHttpConnection.handle(BlockingHttpConnection.java:66)
at org.eclipse.jetty.server.bio.SocketConnector$ConnectorEndPoint.run(SocketConnector.java:254)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:603)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:538)
at java.lang.Thread.run(Thread.java:722)

Environment: Windows 7x64, Apache HTTPd 2.4.2 + mod_proxy_ajp, jdk 1.7.0_03, jetty-maven-plugin 8.1.5.v20120716, maven 3.0.4
Project: Jetty
Priority: Major Major
Reporter: Xavier Dury
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
Reply | Threaded
Open this post in threaded view
|

[jira] (JETTY-1541) ArrayIndexOutOfBoundsException with AJP

JIRA jira@codehaus.org
Xavier Dury commented on Bug JETTY-1541

I've been testing the same application with 7.6.5.v20120716 and it works fine.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
Reply | Threaded
Open this post in threaded view
|

[jira] (JETTY-1541) ArrayIndexOutOfBoundsException with AJP

JIRA jira@codehaus.org
In reply to this post by JIRA jira@codehaus.org
 
Xavier Dury edited a comment on Bug JETTY-1541

Testing with 7.6.5.v20120716 gave the same result.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
Reply | Threaded
Open this post in threaded view
|

[jira] (JETTY-1541) ArrayIndexOutOfBoundsException with AJP

JIRA jira@codehaus.org
In reply to this post by JIRA jira@codehaus.org
 
Xavier Dury edited a comment on Bug JETTY-1541

Sorry, I disabled the Spring Security Filter and then everything worked fine. So it seems it's a spring-related problem.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
Reply | Threaded
Open this post in threaded view
|

[jira] (JETTY-1541) ArrayIndexOutOfBoundsException with AJP

JIRA jira@codehaus.org
In reply to this post by JIRA jira@codehaus.org
 
Xavier Dury edited a comment on Bug JETTY-1541

Sorry, I disabled the Spring Security Filter and then everything worked fine. So it seems it's a spring-related problem.

I filed a bug at springsource: https://jira.springsource.org/browse/SEC-2039

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
Reply | Threaded
Open this post in threaded view
|

[jira] (JETTY-1541) ArrayIndexOutOfBoundsException with AJP

JIRA jira@codehaus.org
In reply to this post by JIRA jira@codehaus.org
Jan Bartel commented on Bug JETTY-1541

Thanks for following up with the spring community. It could be that spring is tickling some bug in the ajp13 code too. I have to say that we get very little enthusiasm for maintaining the ajp13 code, especially given how hold and creaky the protocol is. Most folks have switched to mod proxy: http://wiki.eclipse.org/Jetty/Howto/Configure_AJP13

regards
Jan

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
Reply | Threaded
Open this post in threaded view
|

[jira] (JETTY-1541) ArrayIndexOutOfBoundsException with AJP

JIRA jira@codehaus.org
In reply to this post by JIRA jira@codehaus.org

The problem is that Jetty's HttpOutput/Ajp13Generator treats a invocation of ServletOutputStream.write(byte[] b, int off, int len) differently than ServletOutputStream.write(byte b). You can see this with the sample project I have attached. To reproduce the problem setup Jetty with AJP and visit the index page (i.e. http://localhost/JETTY-1541/). There will be two links on the index page. The first link demonstrates that write(byte[] b, int off, int len) works properly using the WorksServlet. The second link demonstrates that write(byte b) fails using the FailsServlet. As you can see the FailsServlet fails with the same error you are seeing in your application, yet there are no Spring or Spring Security dependencies. Try again over HTTP (i.e. directly against Jetty) and both links work properly.

So why does removing Spring Security 3.1.2 cause the issue? This is because Spring Security is overriding the ServletOutputStream which delegates to the original stream. However, rather than overriding all the methods of ServletOutputStream Spring Security is only overriding the abstract methods and delegating to the original ServletOutputStream. This means that when write(byte[] b, int off, int len) is invoked, Spring Security implements that by invoking ServletOutputStream.write(byte b) on the original ServletOutputStream implementation. This conversion is how the JDK implements ServletOutputStream. As the project I have attached demonstrates, the write(byte b) method is broken when using Jetty's AJP support. Spring Security is just revealing this existing issue in Jetty.

Change By: Rob Winch (30/Aug/12 10:46 PM)
Attachment: JETTY-1541.zip
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
Reply | Threaded
Open this post in threaded view
|

[jira] (JETTY-1541) ArrayIndexOutOfBoundsException with AJP

JIRA jira@codehaus.org
In reply to this post by JIRA jira@codehaus.org
 
Rob Winch edited a comment on Bug JETTY-1541

The problem is that Jetty's HttpOutput/Ajp13Generator treats a invocation of ServletOutputStream.write(byte[] b, int off, int len) differently than ServletOutputStream.write(byte b). You can see this with the sample project I have attached. To reproduce the problem setup Jetty with AJP and visit the index page (i.e. http://localhost/JETTY-1541/). There will be two links on the index page. The first link demonstrates that write(byte[] b, int off, int len) works properly using the WorksServlet. The second link demonstrates that write(byte b) fails using the FailsServlet. As you can see the FailsServlet fails with the same error you are seeing in your application, yet there are no Spring or Spring Security dependencies. Try again over HTTP (i.e. directly against Jetty) and both links work properly.

So why does removing Spring Security 3.1.2 cause the issue? This is because Spring Security is overriding the ServletOutputStream which delegates to the original stream. However, rather than overriding all the methods of ServletOutputStream Spring Security is only overriding the abstract methods and delegating to the original ServletOutputStream. This means that when write(byte[] b, int off, int len) is invoked, Spring Security implements that by invoking ServletOutputStream.write(byte b) on the original ServletOutputStream implementation. This conversion is how the JDK implements ServletOutputStream. As the project I have attached demonstrates, the write(byte b) method is broken when using Jetty's AJP support. Spring Security is just revealing this existing issue in Jetty.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
Reply | Threaded
Open this post in threaded view
|

[jira] (JETTY-1541) ArrayIndexOutOfBoundsException with AJP

JIRA jira@codehaus.org
In reply to this post by JIRA jira@codehaus.org
 
Rob Winch edited a comment on Bug JETTY-1541

I have already followed up on the Spring Security JIRA, but thought I would also follow up here...

The problem is that Jetty's HttpOutput/Ajp13Generator treats a invocation of ServletOutputStream.write(byte[] b, int off, int len) differently than ServletOutputStream.write(byte b). You can see this with the sample project I have attached. To reproduce the problem setup Jetty with AJP and visit the index page (i.e. http://localhost/JETTY-1541/). There will be two links on the index page. The first link demonstrates that write(byte[] b, int off, int len) works properly using the WorksServlet. The second link demonstrates that write(byte b) fails using the FailsServlet. As you can see the FailsServlet fails with the same error you are seeing in your application, yet there are no Spring or Spring Security dependencies. Try again over HTTP (i.e. directly against Jetty) and both links work properly.

So why does removing Spring Security 3.1.2 cause the issue? This is because Spring Security is overriding the ServletOutputStream which delegates to the original stream. However, rather than overriding all the methods of ServletOutputStream Spring Security is only overriding the abstract methods and delegating to the original ServletOutputStream. This means that when write(byte[] b, int off, int len) is invoked, Spring Security implements that by invoking ServletOutputStream.write(byte b) on the original ServletOutputStream implementation. This conversion is how the JDK implements ServletOutputStream. As the project I have attached demonstrates, the write(byte b) method is broken when using Jetty's AJP support. Spring Security is just revealing this existing issue in Jetty.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
Reply | Threaded
Open this post in threaded view
|

[jira] (JETTY-1541) ArrayIndexOutOfBoundsException with AJP

JIRA jira@codehaus.org
In reply to this post by JIRA jira@codehaus.org

Here is a prospective patch that removes all the differences between handling write(byte) and write(byte[]).

Unfortunately it does affect the HTTP side of things, so I don't think it is safe to put in the point release of jetty 7/8 going out this week.

Also I don't currently have an AJP setup that I can try.

Can you build from source and try this? If not can I send you some jars to try to see if this resolves the problem.

Change By: Greg Wilkins (31/Aug/12 2:25 AM)
Attachment: jetty-1541.diff
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
Reply | Threaded
Open this post in threaded view
|

[jira] (JETTY-1541) ArrayIndexOutOfBoundsException with AJP

JIRA jira@codehaus.org
In reply to this post by JIRA jira@codehaus.org
Rob Winch commented on Bug JETTY-1541

I can confirm that the patch resolves the issue. To test, I applied the patch to the jetty-8.1.5.v20120716 branch, built the project, and copied the jetty-http, jetty-ajp, and jetty-server jars to a downloaded copy of jetty-8.1.5.v20120716 distribution's lib folder. I was able to confirm this fixes the sample application I attached here. I also confirmed it fixes a sample application (see SEC-2039) that was able to reproduce the issue when using Spring Security.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
Reply | Threaded
Open this post in threaded view
|

[jira] (JETTY-1541) ArrayIndexOutOfBoundsException with AJP

JIRA jira@codehaus.org
In reply to this post by JIRA jira@codehaus.org
Greg Wilkins commented on Bug JETTY-1541

Rob,

Thanks for checking this.

I'll try to sneak this into the release coming out this week... but I need to triple check the changes do not break pure HTTP, as the change is to treat all single byte writes as a write of a 1 byte array (avoiding duplicate code - where one version might miss a bug fix (as I think was the root cause of this issue)).

But if it does not make this release, it will be in the next.

cheers

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
Reply | Threaded
Open this post in threaded view
|

[jira] (JETTY-1541) ArrayIndexOutOfBoundsException with AJP

JIRA jira@codehaus.org
In reply to this post by JIRA jira@codehaus.org
Change By: Jan Bartel (03/Sep/12 1:39 AM)
Component/s: AJP
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
--------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email