Hi all,

In my application, if a user requests content they don't have authoritzation for, I throw an Unauthorized ... Exception and send an http error code, 403.

When this is configured, I am getting this exception:

java.lang.NullPointerException
     at org.jboss.seam.faces.HttpError.send(HttpError.java:59)
     at org.jboss.seam.faces.Navigator.error(Navigator.java:32)
     at org.jboss.seam.exception.ErrorHandler.handle(ErrorHandler.java:30)
     at org.jboss.seam.exception.Exceptions.handle(Exceptions.java:76)
     at org.jboss.seam.web.ExceptionFilter.endWebRequestAfterException(ExceptionFilter.java:114)
     at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:70)

<error-page>
     <error-code>403</error-code>
     <location>${page.error.unauthorized}</location>
</error-page>

<exception class="org.jboss.seam.security.AuthorizationException">
          <http-error error-code="403"/>
          <message severity="WARNING">You don't have authorization to access the requested resource.</message>
     </exception>

Is this the proper configuration for sending the client a 403 error code as well as redirecting to that error page?

Thanks,

Walter