0 Replies Latest reply on Mar 1, 2006 3:55 AM by valuelabs_sree

    how to trap 403 error of jboss and display the Custom Error

    valuelabs_sree
    valuelabs_sree Mar 1, 2006 3:55 AM

      I tried to handle error code(HTTP ERROR CODE ; 401, 403, 404, 500) through web.xml in my application. But the server does not recognize the changes and showing the same browser messages.

      (we have authourized some jsps/URLs based on jaas form based authenticaiton of jboss. So when I click on the application, it prompts for userid/password and opens the page accordigly if that user is Autoized user.when the user is Unauthorized it is diplaying form-errorpage but the problem is if there are two uses one user is having permission to two differnet jsps,then if the user is trying to access the page for which he has no access permission it is displaying "You are not authorized to view this page".)

      Instead we want to display our cusotm error message.

      Environment: Appserver : Jboss3.2.5
      OS : Windows

      this is my web.xml


      <?xml version="1.0" encoding="ISO-8859-1"?>

      <!DOCTYPE web-app
      PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
      "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">

      <web-app>

      <!-- Standard Action Servlet Configuration (with debugging) -->
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Web Page seurity</web-resource-name>
      Define which roles have access to the Web pages in this Web Application.Other (more specific) security permissions will be defined in web.xml servlet tags as well as in EJB descriptors, either a bean-level or method-level permissions.
      <url-pattern>/logon.jsp/*</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>

      </web-resource-collection>
      <auth-constraint>
      <role-name>testRole</role-name>

      </auth-constraint>
      </security-constraint>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Web Page Security</web-resource-name>
      Define which roles have access to the Web pages in this Web Application.Other (more specific) security permissions will be defined in web.xml servlet tags as well as in EJB descriptors, either a bean-level or method-level permissions.
      <url-pattern>/quote.jsp/*</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>

      </web-resource-collection>
      <auth-constraint>
      <role-name>admin</role-name>

      </auth-constraint>
      </security-constraint>

      <login-config>

      <auth-method>FORM</auth-method>
      <form-login-config>
      <form-login-page>/Errorpages/login.jsp</form-login-page>
      <form-error-page>/Errorpages/login_error.html</form-error-page>
      </form-login-config>
      </login-config>



      <security-role>
      <role-name>testRole</role-name>
      </security-role>

      <security-role>
      <role-name>admin</role-name>
      </security-role>

      </web-app>

      as the above web.xml says there are two different users with two different roles(test Role and admin) each one is having access to differnt jsps when the user in admin trying to access that page which is having access permission to testRole then this 403 error happening,i want to catch that and display my customized eror page.

      I have edited the web.xml as follows, but it did not redirect to errorPage.jsp(custom error page)



      <!-- Standard Action Servlet Configuration (with debugging) -->

      <error-page>
      <error-code>403</error-code>
      /ErrorPage.jsp
      </error-page>

      .... ....
      .... ....
      .... ....
      </web-app>

      • 2067 Views
      • Tags: