记wildfly20中servlet StringIndexOutOfBoundsException的bug
今天遇到一个sessionFilter在tomcat中运行正常,部署到wildfly-20.0.0.final中运行报错的bug,记录下
示例代码:
1 @WebFilter(filterName = "sessionFilter", urlPatterns = "*.do")
2 @Order(1)
3 public class SessionFilter implements Filter {
4
5 @Override
6 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
7 throws IOException, ServletException {
8 chain.doFilter(request, response);
9 }
10
11 @Override
12 public void init(FilterConfig fConfig) throws ServletException {
13
14 }
15
16 @Override
17 public void destroy() {
18
19 }
20 }
wildfly运行错误,
2022-06-29 16:37:47,551 INFO [stdout] (default task-116) java.lang.StringIndexOutOfBoundsException: String index out of range: -3 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at java.lang.String.substring(String.java:1967) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.servlet.spec.HttpServletRequestImpl.getHttpServletMapping(HttpServletRequestImpl.java:255) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at vip.aaitec.radar.filters.SessionFilter.doFilter(SessionFilter.java:56) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:126) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:64) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:101) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:119) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 2022-06-29 16:37:47,551 INFO [stdout] (default task-116) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:370) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) 2022-06-29 16:37:47,552 INFO [stdout] (default task-116) at java.lang.Thread.run(Thread.java:748)
追踪代码到undertow-servlet-2.1.3.Final.jar包下HttpServletRequest的实现类io.undertow.servlet.spec.HttpServletRequestImpl类调用getHttpServletMapping()方法时数组越界,源码如下:
1 @Override 2 public HttpServletMapping getHttpServletMapping() { 3 ServletRequestContext src = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); 4 ServletPathMatch match = src.getOriginalServletPathMatch(); 5 if(getDispatcherType() == DispatcherType.FORWARD) { 6 match = src.getServletPathMatch(); 7 } 8 String matchValue; 9 switch (match.getMappingMatch()) { 10 case EXACT: 11 matchValue = match.getMatched(); 12 if(matchValue.startsWith("/")) { 13 matchValue = matchValue.substring(1); 14 } 15 break; 16 case DEFAULT: 17 case CONTEXT_ROOT: 18 matchValue = ""; 19 break; 20 case PATH: 21 matchValue = match.getRemaining(); 22 if(matchValue.startsWith("/")) { 23 matchValue = matchValue.substring(1); 24 } 25 break; 26 case EXTENSION: 27 matchValue = match.getMatched().substring(0, match.getMatched().length() - match.getMatchString().length() + 1);//此处越界 28 if(matchValue.startsWith("/")) { 29 matchValue = matchValue.substring(1); 30 } 31 break; 32 default: 33 matchValue = match.getRemaining(); 34 } 35 return new MappingImpl(matchValue, match.getMatchString(), match.getMappingMatch(), match.getServletChain().getManagedServlet().getServletInfo().getName()); 36 }
修复方案:升级wildfly,undertow-servlet版本到2.2.6.Final以上。
BUG参见:https://issues.redhat.com/browse/UNDERTOW-1844
浙公网安备 33010602011771号