Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Liberty test suite fails when checking for the CSRF header #289

Open
jesse-gallagher opened this issue Dec 14, 2021 · 2 comments
Open

Liberty test suite fails when checking for the CSRF header #289

jesse-gallagher opened this issue Dec 14, 2021 · 2 comments
Labels
server:liberty Targets OpenLiberty server
Milestone

Comments

@jesse-gallagher
Copy link
Contributor

After applying the changes in #288 and using a Liberty 21.0.0.12 JEE 9 beta, there is one test failure: org.eclipse.krazo.test.CsrfIT.testFormHeaderOk.

Specifically, the failure is that the header it's looking for (X-CSRF-TOKEN) is not present in the response. Judging from the output, it looks like possibly it's another case of "Cannot set header", though this time actually causing trouble. Unfortunately, the stack trace for that isn't any more specific than the previous similar issues:

[WARNING ] SRVE8094W: WARNING: Cannot set header. Response already committed.  Stack trace of errant attempt to set header: 
        at com.ibm.ws.webcontainer.srt.SRTServletResponse.setHeader(SRTServletResponse.java:1764)
        at [internal classes].(Unknown Source)
        at org.eclipse.krazo.core.ViewableWriter$DelegatingServletOutputStream.write(ViewableWriter.java:196)
        at java.base/java.io.OutputStream.write(OutputStream.java:157)
        at java.base/sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:233)
        at java.base/sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:312)
        at java.base/sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:316)
        at java.base/sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:153)
        at java.base/java.io.OutputStreamWriter.flush(OutputStreamWriter.java:251)
        at java.base/java.io.PrintWriter.flush(PrintWriter.java:396)
        at org.eclipse.krazo.core.ViewableWriter.writeTo(ViewableWriter.java:169)
        at org.eclipse.krazo.core.ViewableWriter.writeTo(ViewableWriter.java:1)
        at org.jboss.resteasy.core.interception.jaxrs.ServerWriterInterceptorContext.lambda$writeTo$1(ServerWriterInterceptorContext.java:79)
        at [internal classes].(Unknown Source)
@erdlet
Copy link
Member

erdlet commented Dec 15, 2021

Thanks for opening the ticket. I remember we had this stacktrace before some time ago.I'll check the old issues later.

@chkal
Copy link
Contributor

chkal commented Dec 24, 2021

Such an exception basically means, that some component did commit the response BEFORE the ViewableWriter was invoked. Committing a response is typically caused by calling HttpServletResponse.getWriter() or HttpServletResponse.getOutputStream().

Unfortunately, this is really hard to debug. One way would be to use a Servlet filter to replace the HttpServletResponse which a custom implementation which logs calls to getWriter() or getOutputStream(). Or maybe increasing the log level of Liberty could help!?

@erdlet erdlet added the server:liberty Targets OpenLiberty server label Jun 20, 2022
@erdlet erdlet added this to the 3.1.0 milestone Aug 10, 2022
@erdlet erdlet modified the milestones: 3.1.0, Future Mar 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
server:liberty Targets OpenLiberty server
Projects
None yet
Development

No branches or pull requests

3 participants