Hide Forgot
++ This bug is a clone of bug 777741 ++ Complexity: Low Date of First Response: 2008-01-03 13:33:29 Workaround Description: In SOA production setup use neutral error pages to displaying HTTP 404, 500 errors. project_key: SOA The error page of the jmx-console spits out JSP source code, which is not desirable for the SOA production setup as exception messages could leak technical data to attackers. Maybe a more general JBAPP problem. http://127.0.0.1:8080/jmx-console/DisplayOpResult HTTP Status 500 - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception org.apache.jasper.JasperException: An exception occurred processing JSP page /displayOpResult.jsp at line 12 9: </head> 10: <body> 11: 12: <jsp:useBean id='opResultInfo' type='org.jboss.jmx.adaptor.control.OpResultInfo' scope='request'/> 13: 14: <table width="100%"> 15: <table> Stacktrace: org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:518) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:411) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266) javax.servlet.http.HttpServlet.service(HttpServlet.java:803) org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) root cause javax.servlet.ServletException: java.lang.InstantiationException: bean opResultInfo not found within scope org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:855) org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:784) org.apache.jsp.displayOpResult_jsp._jspService(displayOpResult_jsp.java:145) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:803) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:387) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266) javax.servlet.http.HttpServlet.service(HttpServlet.java:803) org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) root cause java.lang.InstantiationException: bean opResultInfo not found within scope org.apache.jsp.displayOpResult_jsp._jspService(displayOpResult_jsp.java:67) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:803) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:387) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266) javax.servlet.http.HttpServlet.service(HttpServlet.java:803) org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) note The full stack trace of the root cause is available in the JBossWeb/2.0.0.GA_CP05 logs.
Yes, I agree. Can you move it, or create a linked issue in EAP Marc?
Marc, did you create an EAP issue for this?
Link: Added: This issue depends JBPAPP-529
Need to monitor the related link and check fix when it appears.
The source code is no longer displayed with 4.3.0 IR2. as the URL: http://127.0.0.1:8080/jmx-console/DisplayOpResult does not result in an error.
The root issue - JSP code exposure is still there, try this URL http://localhost:8080/jmx-console/cluster/clusterView.jsp
This appears to be a problem with EAP 4.3.0 CP02. It is unlikely that it will be fixed for SOA 4.3.0 GA.
Link: Added: This issue related SOA-875
Removed FP01 Fix since we do not put bug fixes into FPs.
Seeing this in 4.2 CP03 - for example JSP code displayed with http://localhost:8080/jmx-console/cluster/clusterView.jsp
Link: Added: This issue related SOA-1118
Fixed with revision 3017 of: build-tools/builders/soa/p-consoles/build.xml build-tools/builders/soa/p-consoles/jmx-console/web.xml Commit message: JIRA: SOA-257 Don't overwrite the EAP JMX console web.xml. We now see the fix for JBPAPP-529 too.
Verified in ER6