gzipResponseFilter conflicts with Spring Security Filter

[GoogleCodeExporter]

What steps will reproduce the problem?
Login with username and password leads to the error page instead of the default 
target url.
Authentication is managed through 
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFi
lter.

What is the expected output? What do you see instead?
Expected: default target page after success authentication.
See: error page.

What OmniFaces version are you using? What JSF impl/version are you using?
OmniFaces: omnifaces-1.5-SNAPSHOT-20130331.jar
JSF: Mojarra (Glassfisg 3.1.2.2)
PrimeFaces 3.5
Spring Framework 3.1.2
Spring Security 3.1.2

Please provide any additional information below.
This error is thrown:
SEVERE: Error Rendering View[/login.xhtml]
java.lang.IllegalStateException: PWC3990: getWriter() has already been called 
for this response
    at org.apache.catalina.connector.Response.getOutputStream(Response.java:674)
    at org.apache.catalina.connector.ResponseFacade.getOutputStream(ResponseFacade.java:206)
    at org.omnifaces.servlet.GzipHttpServletResponse$GzipThresholdOutputStream.createGzipOutputStreamIfNecessary(GzipHttpServletResponse.java:256)
    at org.omnifaces.servlet.GzipHttpServletResponse$GzipThresholdOutputStream.write(GzipHttpServletResponse.java:192)
    at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
    at sun.nio.cs.StreamEncoder.implWrite(StreamEncoder.java:282)
      .
      .

INFO: Exception when handling error trying to reset the response.
java.lang.IllegalStateException: PWC3990: getWriter() has already been called 
for this response
    at org.apache.catalina.connector.Response.getOutputStream(Response.java:674)
    at org.apache.catalina.connector.ResponseFacade.getOutputStream(ResponseFacade.java:206)
    at org.omnifaces.servlet.GzipHttpServletResponse$GzipThresholdOutputStream.createGzipOutputStreamIfNecessary(GzipHttpServletResponse.java:256)
    at org.omnifaces.servlet.GzipHttpServletResponse$GzipThresholdOutputStream.write(GzipHttpServletResponse.java:192)
    at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
    at sun.nio.cs.StreamEncoder.implWrite(StreamEncoder.java:282)
    at sun.nio.cs.StreamEncoder.write(StreamEncoder.java:125)

I tried to put gzipResponseFilter before and after the 
springSecurityFilterChain, same result.

Original issue reported on code.google.com by fouad-ba...@t-online.de on 6 Apr 2013 at 9:38

[GoogleCodeExporter]

Original comment by balusc on 8 Apr 2013 at 10:55

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

I did a quick test with:

- spring-security-samples-tutorial-3.1.3.RELEASE.war (see also 
http://static.springsource.org/spring-security/site/start-here.html)
- omnifaces-1.5-SNAPSHOT-20130407.jar (the current snapshot as available via 
"Download")
- GzipResponseFilter mapped in web.xml on URL pattern of /* with REQUEST and 
ERROR dispatchers
- Glassfish 3.1.2.2 whose Mojarra version happens to be upgraded to 2.1.21

I tried all pages in the tutorial and everything works just fine. GZIP response 
filter should actually be registered before all dispatching filters, but it 
actually didn't matter if I registered it after the Spring Security filter 
(GZIP filter would otherwise just be skipped altogether).

I only used a newer OmniFaces 1.5 snapshot version, but that shouldn't make any 
difference as GzipResponseFilter hasn't been changed between the versions.

I am also using a newer Mojarra version than originally bundled in Glassfish, 
but I don't believe that this would ever be the cause. 

Can you please post the full stack trace? Can you please let me know if the 
Spring Security sample WAR works for you?

Original comment by balusc on 13 Apr 2013 at 10:11

[GoogleCodeExporter]

Any feedback? Have you also tried to reproduce it as described in my previous 
comment?

Original comment by balusc on 20 Apr 2013 at 2:30

[GoogleCodeExporter]

Sorry, I was so busy this week. The full stack trace is in the attached file.

I'm gonna do a test with the Spring Security sample now.

Original comment by fouad-ba...@t-online.de on 21 Apr 2013 at 7:41

Attachments:

• omnifaces-stacktrace.txt

[GoogleCodeExporter]

.. and this is the configuration I am using:

<filter>
    <filter-name>gzipResponseFilter</filter-name>
    <filter-class>org.omnifaces.filter.GzipResponseFilter</filter-class>
<init-param>
    <description>
        The threshold size in bytes. Must be a number between 0 and 9999. Defaults to 500.
    </description>
    <param-name>threshold</param-name>
    <param-value>500</param-value>
</init-param>
<init-param>
    <param-name>mimetypes</param-name>
       <param-value>
        text/css, text/javascript, application/javascript, application/json
       </param-value>
</init-param>
</filter>
<filter-mapping>
    <filter-name>gzipResponseFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping> 

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>    
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>INCLUDE</dispatcher>
        <dispatcher>ERROR</dispatcher>
        <!--   <dispatcher>ASYNC</dispatcher>  -->
    </filter-mapping>

Original comment by fouad-ba...@t-online.de on 21 Apr 2013 at 7:54

[GoogleCodeExporter]

I did the test with the Spring Security sample and same configuration as above 
- No error.
But this is not surprising, because the sample app is pure Spring and OmniFaces 
is an utility library for JSF 2!

Original comment by fouad-ba...@t-online.de on 22 Apr 2013 at 5:20

[GoogleCodeExporter]

I'm just trying to reproduce your problem so that I can debug and naildown it 
myself.

Please create a copy of your webapp, remove as many as possible artifacts while 
the problem is still reproducable and then create a WAR of it and attach it 
here.

Original comment by balusc on 23 Apr 2013 at 12:29

[GoogleCodeExporter]

Closing off as NoRepro as I can't reproduce it and the reporter didn't leave 
any feedback.

If you still face this problem and are able to demonstrate this problem using a 
WAR file with the smallest possible minimum required code to reproduce it, then 
please create a new issue.

Original comment by balusc on 6 Jul 2013 at 1:22

• Changed state: NoRepro