source: trunk/www/exception/exception.jsp @ 7158

Last change on this file since 7158 was 7158, checked in by Nicklas Nordborg, 6 years ago

References #2011: Check that session id and client id match every time a new page is requested

This has now been implemented in the BASE Core API by adding a new Application.getSessionControl() method with 3 string arguments. The older 2-argument version will behave as if net.sf.basedb.clients.web is used.

This is change may break existing clients that are not built on top of the current web client. The only such client we currently know of is the FTP server extension but this is not affected since it doesn't use the Application.getSessionControl() method.

Fixing existing code that is affected should be relatively easy by replacing the old method call with a call to the new method and using the same client id as when the session was created.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 6.9 KB
Line 
1<%-- $Id: exception.jsp 7158 2016-05-25 13:25:41Z nicklas $
2  ------------------------------------------------------------------
3  Copyright (C) 2005 Nicklas Nordborg
4  Copyright (C) 2006 Johan Enell, Jari Häkkinen, Nicklas Nordborg, Martin Svensson
5  Copyright (C) 2007 Johan Enell, Nicklas Nordborg
6
7  This file is part of BASE - BioArray Software Environment.
8  Available at http://base.thep.lu.se/
9
10  BASE is free software; you can redistribute it and/or
11  modify it under the terms of the GNU General Public License
12  as published by the Free Software Foundation; either version 3
13  of the License, or (at your option) any later version.
14
15  BASE is distributed in the hope that it will be useful,
16  but WITHOUT ANY WARRANTY; without even the implied warranty of
17  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  GNU General Public License for more details.
19
20  You should have received a copy of the GNU General Public License
21  along with BASE. If not, see <http://www.gnu.org/licenses/>.
22  ------------------------------------------------------------------
23
24  All exceptions are directed to this page, by the server configuration
25  See <error-page> tag in the /WEB-INF/web.xml file.
26
27  Some exceptions are fowarded to other pages to be able to
28  display a more appropriate error message.
29
30  Only severe, unexpected exceptions, are handled by this page,
31  which will only display a stack trace!
32
33  @author Nicklas
34  @version 2.0
35--%>
36<%@ page pageEncoding="UTF-8" session="false"
37  import="net.sf.basedb.core.Application"
38  import="net.sf.basedb.core.Config"
39  import="net.sf.basedb.core.NotLoggedInException"
40  import="net.sf.basedb.core.PermissionDeniedException"
41  import="net.sf.basedb.core.InvalidDataException"
42  import="net.sf.basedb.core.SessionControl"
43  import="net.sf.basedb.clients.web.WebException"
44  import="net.sf.basedb.clients.web.DuplicateWizardException"
45  import="net.sf.basedb.clients.web.Base"
46  import="net.sf.basedb.clients.web.util.HTML"
47  import="net.sf.basedb.util.Values"
48  import="javax.servlet.ServletException"
49  import="java.sql.Driver"
50  import="java.util.Properties"
51  isErrorPage="true"
52%>
53<%@
54  taglib prefix="base" uri="/WEB-INF/base.tld" %>
55<%
56  SessionControl sc = null;
57  try
58  {
59    sc = Application.isRunning() ? Base.getSessionControl(pageContext, false) : null;
60  }
61  catch (RuntimeException ex)
62  {}
63  final String reportbuglink = sc == null ? "" : Values.getStringOrNull(sc.getClientDefaultSetting("server.links.reportbug"));
64  Throwable ex = exception;
65 
66  if (ex instanceof org.apache.jasper.JasperException)
67  {
68    org.apache.jasper.JasperException jex = (org.apache.jasper.JasperException)ex;
69    if (jex.getRootCause() != null) ex = jex.getRootCause();
70  }
71 
72  if (ex instanceof ServletException)
73  {
74    ServletException sex = (ServletException)ex;
75    if (sex.getRootCause() != null) ex = sex.getRootCause();
76  }
77 
78  if (ex instanceof WebException)
79  {
80    pageContext.forward("/exception/web.jsp");
81    return;
82  }
83  else if (ex instanceof DuplicateWizardException)
84  {
85    pageContext.forward("/exception/duplicate_wizard.jsp");
86    return;
87  }
88  else if (ex instanceof NotLoggedInException)
89  {
90    pageContext.forward("/exception/not_logged_in.jsp");
91    return;
92  }
93  else if (ex instanceof PermissionDeniedException)
94  {
95    pageContext.forward("/exception/permission_denied.jsp");
96    return;
97  }
98  else if (ex instanceof InvalidDataException)
99  {
100    pageContext.forward("/exception/invalid_data.jsp");
101    return;
102  }
103
104  final String jdbcDriver = Config.getString("db.driver");
105  String driverVersion = "";
106  try
107  {
108    final Driver driver = (Driver)Class.forName(jdbcDriver).newInstance();
109    driverVersion = "(version " + driver.getMajorVersion() + "." + driver.getMinorVersion() + ")";
110  }
111  catch (Throwable t)
112  {} 
113  final Properties properties = System.getProperties();
114  final Runtime runtime = Runtime.getRuntime();
115  String exceptionClassName = ex.getClass().getName().replaceAll("net.sf.basedb.core.", "");
116%>
117<base:page type="default" menu="exception" title="Unexpected error">
118<base:head scripts="exception.js" styles="popup.css" />
119<base:body data-resize-if-popup="1">
120  <h1><%=exceptionClassName + " on page "+request.getAttribute("javax.servlet.error.request_uri")%></h1>
121 
122  <div class="content bottomborder" style="bottom: 3em;">
123    <table class="fullform outlined topborder">
124    <tr>
125      <th>BASE Version</th>
126      <td><%=Application.getVersionString()%></td>
127    </tr>
128    <tr>
129      <th>Web server</th>
130      <td><%=application.getServerInfo()%></td>
131    </tr>
132    <tr>
133      <th>Database Server</th>
134      <td><%=Application.getDatabaseVersionString()%></td>
135    </tr>
136    <tr>
137      <th>Database Dialect</th>
138      <td><%=Config.getString("db.dialect")%></td>
139    </tr>
140    <tr>
141      <th>JDBC Driver</th>
142      <td><%=jdbcDriver%> <%=driverVersion%></td>
143    </tr>
144    <tr>
145      <th>Operating system</th>
146      <td><%=properties.getProperty("os.name")%> 
147        <%=properties.getProperty("os.arch")%>
148        <%=properties.getProperty("os.version")%>
149        </td>
150    </tr>
151    <tr>
152      <th>Java runtime</th>
153      <td><%=properties.getProperty("java.runtime.name")%> 
154        (<%=properties.getProperty("java.runtime.version")%>),
155        <a href="<%=properties.getProperty("java.vendor.url")%>" target="_blank"><%=properties.getProperty("java.vendor")%></a></td>
156    </tr>
157    <tr>
158      <th class="subprompt">Memory</th>
159      <td>Total: <%=Values.formatBytes(runtime.totalMemory())%><br>
160        Free: <%=Values.formatBytes(runtime.freeMemory()) %><br>
161        Max: <%=Values.formatBytes(runtime.maxMemory()) %></td>
162    </tr>
163    <tr>
164      <th>Browser</th>
165      <td><%=HTML.encodeTags(request.getHeader("User-Agent"))%></td>
166    </tr>
167    <tr>
168      <th>Error message</th>
169      <td><%=HTML.formatLineBreaks(HTML.encodeTags(ex.getMessage(), ""))%></td>
170    </tr>
171    <tr class="dynamic">
172      <th>Stacktrace</th>
173      <td>
174        <%
175        StackTraceElement[] st = ex.getStackTrace();
176        out.println("<pre>");
177        out.println(exceptionClassName);
178        int i = 0;
179        for (i=0; i < st.length && i < 8; i++)
180        {
181          out.print("...at ");
182          out.println(HTML.encodeTags(st[i].toString().replaceAll("net.sf.basedb.core.", "")));
183        }
184        out.println("</pre>");
185        if ((i < st.length) || (ex.getCause() != null))
186        {
187          out.println("<pre id=\"error_detail\" style=\"display:none;\">");
188          while (ex != null)
189          {
190            for (int j=i; j < st.length; j++)
191            {
192              out.print("...at ");
193              out.println(HTML.encodeTags(st[j].toString().replaceAll("net.sf.basedb.core.", "")));
194            }
195            ex = ex.getCause();
196            if (ex != null)
197            {
198              st = ex.getStackTrace();
199              i = 0;
200              out.print("\nCaused by: "+ex.getClass().getName()+": " + ex.getMessage() + "\n");
201            }
202          }
203          out.println("</pre>");
204        }
205        %>
206        <base:icon 
207          id="showMoreDetails"
208          data-show-id="error_detail"
209          image="gonext.png"><%=st.length-i%> more...</base:icon>
210      </td>
211    </table>
212  </div>
213 
214  <base:buttongroup subclass="dialogbuttons">
215    <base:button id="goback" title="Back"/>
216    <base:button id="close" title="Close"/>
217    <base:button id="reportbug" title="Report bug&hellip;" image="bug.png"
218      data-report-link="<%=HTML.encodeTags(reportbuglink) %>"
219      visible="<%=HTML.isValidUrl(reportbuglink)%>"/>
220  </base:buttongroup>
221
222</base:body>
223</base:page>
224
Note: See TracBrowser for help on using the repository browser.