0 Replies Latest reply on Sep 25, 2003 12:18 PM by James Kuhn

    Intercepting SecurityException (forwarding to error page)

    James Kuhn Newbie

      Hi,

      I've pretty much got my application authenticating users the way I want.
      However, I'm now having problems with the screen flow when a user
      who does not have the necessary permissions attempts to access
      protected bean data.

      I've found one post in this forum that talks about this issue. If I understand things
      correctly, I can just add a descriptor to my web.xml file that looks like this:

      <error-page>
      <exception-type>
      java.lang.SecurityException
      </exception-type>
      /admin/logOff.jspa
      </error-page>

      Presumably, this should send the user to my logoff page when a security
      exception occurs. However, I'm not seeing any change in behaviour
      after I add this descriptor.

      I've also tried to catch the exception myself. I had only slightly more success
      while using this approach. What happens is the exception is thrown
      (the exception appears in the jboss server console), and then my code
      catches the exception (I'm sending output to the jboss console upon
      catching the exception). But... the exception gets thrown again and again.
      So my attempt at catching it is pretty futile.

      Does anybody have any suggestions for me?