Details
Major Description
CAPTCHARenderer.renderCAPTCHA throws exception in case session is missing. This happens because session attribute is set after the image being rendered. The fix would involve setting the attribute before rendering the image.
Full stack trace:
java.lang.IllegalStateException: Cannot create a session after the response has been committed
at org.apache.catalina.connector.Request.doGetSession(Request.java:2221)
at org.apache.catalina.connector.Request.getSession(Request.java:2031)
at org.apache.catalina.connector.RequestFacade$GetSessionPrivilegedAction.run(RequestFacade.java:196)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:830)
at org.apache.myfaces.context.servlet.SessionMap.setAttribute(SessionMap.java:56)
at org.apache.myfaces.util.AbstractAttributeMap.put(AbstractAttributeMap.java:105)
at org.apache.myfaces.util.AbstractAttributeMap.put(AbstractAttributeMap.java:38)
at org.apache.myfaces.custom.captcha.CAPTCHARenderer.renderCAPTCHA(CAPTCHARenderer.java:207)
at org.apache.myfaces.custom.captcha.CAPTCHARenderer.serveResource(CAPTCHARenderer.java:159)
at org.apache.myfaces.renderkit.html.util.NonBufferingAddResource.serveResource(NonBufferingAddResource.java:544)
at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:268)
at sun.reflect.GeneratedMethodAccessor244.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:595)