This appears to be caused by the recent change listed in the changelog as:
"Fix class loader decision on the delegation for class loading and resource lookup and make it faster too. (rjung)"
org.apache.catalina.loader.WebAppClassLoaderBase.filter() is testing if name starts with "javax" or "org", and then tries to get the next character using name.charAt(). But if name is just "javax" or "org", then name.charAt() for the next character will throw StringIndexOutOfBoundsException.
Which results in rather than the expected ClassNotFoundException, causes instead:
java.lang.StringIndexOutOfBoundsException: String index out of range: 3
java.lang.String.charAt(String.java:658)
org.apache.catalina.loader.WebappClassLoaderBase.filter(WebappClassLoaderBase.java:2780)
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1253)
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1142)
org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:125)
org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:62)
java.lang.Class.forName0(Native Method)
java.lang.Class.forName(Class.java:264)
org.apache.jsp.index_jsp._jspService(index_jsp.java:116)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:438)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
While this example is contrived, it causes real world problems for Mozilla Rhino which is testing "java", "javax", "org", "com", "edu", "net", to make sure that they are indeed top-level packages and do not resolve to a class and can deal with the expected ClassNotFoundException but can't deal with the unexpected StringIndexOutOfBoundsException.
This appears to be caused by the recent change listed in the changelog as:
"Fix class loader decision on the delegation for class loading and resource lookup and make it faster too. (rjung)"
org.apache. catalina. loader. WebAppClassLoad erBase. filter( ) is testing if name starts with "javax" or "org", and then tries to get the next character using name.charAt(). But if name is just "javax" or "org", then name.charAt() for the next character will throw StringIndexOutO fBoundsExceptio n.
the following jsp demonstrates the issue:
<%@ page contentType= "text/html; charset= UTF-8" language="java" %> $Title$ </title> forName( "org");
<html>
<head>
<title>
</head>
<body>
<%
Class.
%>
</body>
</html>
Which results in rather than the expected ClassNotFoundEx ception, causes instead:
java.lang. StringIndexOutO fBoundsExceptio n: String index out of range: 3 String. charAt( String. java:658) catalina. loader. WebappClassLoad erBase. filter( WebappClassLoad erBase. java:2780) catalina. loader. WebappClassLoad erBase. loadClass( WebappClassLoad erBase. java:1253) catalina. loader. WebappClassLoad erBase. loadClass( WebappClassLoad erBase. java:1142) jasper. servlet. JasperLoader. loadClass( JasperLoader. java:125) jasper. servlet. JasperLoader. loadClass( JasperLoader. java:62) Class.forName0( Native Method) Class.forName( Class.java: 264) jsp.index_ jsp._jspService (index_ jsp.java: 116) jasper. runtime. HttpJspBase. service( HttpJspBase. java:70) servlet. http.HttpServle t.service( HttpServlet. java:729) jasper. servlet. JspServletWrapp er.service( JspServletWrapp er.java: 438) jasper. servlet. JspServlet. serviceJspFile( JspServlet. java:396) jasper. servlet. JspServlet. service( JspServlet. java:340) servlet. http.HttpServle t.service( HttpServlet. java:729) tomcat. websocket. server. WsFilter. doFilter( WsFilter. java:52)
java.lang.
org.apache.
org.apache.
org.apache.
org.apache.
org.apache.
java.lang.
java.lang.
org.apache.
org.apache.
javax.
org.apache.
org.apache.
org.apache.
javax.
org.apache.
While this example is contrived, it causes real world problems for Mozilla Rhino which is testing "java", "javax", "org", "com", "edu", "net", to make sure that they are indeed top-level packages and do not resolve to a class and can deal with the expected ClassNotFoundEx ception but can't deal with the unexpected StringIndexOutO fBoundsExceptio n.