Util class for JSP Taglibs is violating Servlet specificatio
Project moved to GitHub
Brought to you by:
broneill,
scolebourne
In the JSP taglibs, the format tags are making calls to the Util class to manage the Locale's and conform to the JSTL specification. However, they are also setting the response Locale using the setLocale method on the ServletResponse interface.
This violates the servlet specification because by the time these tags are being execute the output stream and writer have already been used and bytes might have been already flushed. This method is only to be called before the Writer or ServletOutputStream have been retrieved.
This also makes it impossible to perform application specific Locale handling.
Therefore, this code should be removed.
Logged In: YES
user_id=167326
Originator: NO
Doesn't the servlet container just ignore calls to setLocale() once the response has been committed? I'm not sure if this is violating the servlet spec, or is just misleading.
Logged In: YES
user_id=1541332
Originator: YES
Here's an example violation. These code snippets are executed in order:
(Some code in Servlet before response is committed)
response.setLocale(Locale.DE);
(Joda in JSP)
response.setLocale(Locale.EN);
(Some other JSP taglib or code called by the JSP)
Locale locale = response.getLocale();
// Locale is now English
As you can see, the locale going back to the client is going to be German. Then Joda changes it locally, which the client won't ever see. Finally, some other code attempts to retrieve the locale from the response, which will now be English. However, the client really thinks the Locale is German, but everything else now believes it is English.
My concern is that Joda is using an API that should only be set by the application and not a taglib. If you want to manage locales I would suggest using an attribute in the request or page context and not messing around with the response.
I'm not sure if the Servlet container will ignore the call after bytes have been sent in the response, but in any case, I'm just not sure that setting this at all and hard-coding it is a good idea. I would remove all of this type of code and allow the application to control this behavior. Right now, the application might have the locale set by JODA and not know, which could introduce unexpected bugs.
I considered changing this, but with no tests or testing environment I could not check if it worked. This project is now on GitHub, so I advise anyone still interested to fork the project, fix this and send a pull request.