JRuby on Rails Production responding with 200 OK even though controller code sets status :unauthorized

Question

My server is running JRuby on Rails on Tomcat with a GWT front end that connects via gwt::RequestBuilder. Everything seems to work fine in when I run WEBrick as well as development mode on Tomcat, but in production mode an odd thing is happening. My login controller has an action that runs when you first hit the page:

def is_logged_in
  if session[:current_user]
    # do some stuff and render response XML
  else
    puts "nothing status unauthorized"
    render :nothing => true, :status => :unauthorized
  end
end

In development, it works fine and I get a 401 Unauthorized error and the GWT picks it up and displays the login screen. In production, I get a 200 OK, with no XML response body even though the "nothing status unauthorized" shows up in the server logs. Clearing the Tomcat temp folder and webapp folder did not help. What gives? Thanks for any help, and hopefully it's something simple I've overlooked.

For reference: I am using JRuby 1.6.6 and Tomcat7 in Windows 7 x64.

Gemfile

source 'http://rubygems.org'

gem 'rails', '3.0.3'

gem 'haml'

# Bundle edge Rails instead:
# gem 'rails', :git => 'git://github.com/rails/rails.git'

platforms :ruby do
  gem 'mysql2'
end

platforms :jruby do
  gem 'activerecord-jdbc-adapter'
  gem 'jdbc-mysql', :require => false
end

group :development do
  gem 'rspec-rails'
end

group :test do
  gem 'rspec'
  gem 'webrat'
end

# Use unicorn as the web server
# gem 'unicorn'

# Deploy with Capistrano
# gem 'capistrano'

# To use debugger (ruby-debug for Ruby 1.8.7+, ruby-debug19 for Ruby 1.9.2+)
# gem 'ruby-debug'
# gem 'ruby-debug19'

# Bundle the extra gems:
# gem 'bj'
# gem 'nokogiri'
# gem 'sqlite3-ruby', :require => 'sqlite3'
# gem 'aws-s3', :require => 'aws/s3'

# Bundle gems for the local environment. Make sure to
# put test-only gems in this group so their generators
# and rake tasks are available in development mode:
# group :development, :test do
#   gem 'webrat'
# end

production.rb

Eiserver::Application.configure do
  # Settings specified here will take precedence over those in config/application.rb

  # The production environment is meant for finished, "live" apps.
  # Code is not reloaded between requests
  config.cache_classes = true

  # Full error reports are disabled and caching is turned on
  config.consider_all_requests_local       = false
  config.action_controller.perform_caching = true

  # Specifies the header that your server uses for sending files
  config.action_dispatch.x_sendfile_header = "X-Sendfile"

  # For nginx:
  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect'

  # If you have no front-end server that supports something like X-Sendfile,
  # just comment this out and Rails will serve the files

  # See everything in the log (default is :info)
  # config.log_level = :debug

  # Use a different logger for distributed setups
  # config.logger = SyslogLogger.new

  # Use a different cache store in production
  # config.cache_store = :mem_cache_store

  # Disable Rails's static asset server
  # In production, Apache or nginx will already do this
  config.serve_static_assets = true

  # Enable serving of images, stylesheets, and javascripts from an asset server
  # config.action_controller.asset_host = "http://assets.example.com"

  # Disable delivery errors, bad email addresses will be ignored
  # config.action_mailer.raise_delivery_errors = false

  # Enable threaded mode
  # config.threadsafe!

  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
  # the I18n.default_locale when a translation can not be found)
  config.i18n.fallbacks = true

  # Send deprecation notices to registered listeners
  config.active_support.deprecation = :notify
end

Update 1

To further elaborate in hopes of some kind soul pointing me in the right direction, I am 98% sure that the issue lies in the Rails code and not GWT, since doing a CURL to the is_logged_in route results in a 200 OK as well.

Update 2

Here's another tidbit I found which at least gets me back to a working state but still leaves a lot of open questions. I had updated to jruby-1.6.6 recently but kept my version jruby-1.6.0 just in case. When I warble using the old jruby, things started working again. But that just points to jruby version and a bunch of gems from which I have no clue how to begin finding a culprit. Is anyone familiar enough with the litany of plugins to point me in the right direction?

Update 3

After shelving and revisiting. I am almost certain it has to do with versions of rails gems being bothersome. I generated WARs with two versions of JRuby I had, 1.6.0 and 1.6.6. The code was identical but 1.6.0 had no problems, while 1.6.6 had the issue mentioned above, which turns out to be that all controllers were always outputting 200 OK responses in production only, no matter what status code I explicitly set. Hopefully someone found a fix for this and has shored it up in newer JRuby gem versions.

Answer 1

Use logger.warn instead of puts. Also, return a header only using head.

logger.warn "nothing status unauthorized"
head :unauthorized