In a DSpace instance where we have some secure collections that are only viewable by certain epersongroups, we are not getting the correct message when a User clicks on an item they do *not* have access to. Instead of getting the authorize.jsp screen, we are getting the internal.jsp screen where the standard server error message displays. I've tracked this down and here's what I've found:
1. In org.dspace.app.webui.util.JSPManager.showAuthorizeError, the line that says "response.setStatus(HttpServletResponse.SC_FORBIDDEN);" correctly sets the response status code to 403 (Forbidden). 2. org.dspace.app.webui.util.JSPManager.showJSP is then executed with parameters (request, response, "/error/authorize.jsp") 3. request.getRequestDispatcher(jsp).forward(request, response); is then executed. 4. org.apache.jsp.error.authorize.jsp then gets a java.lang.NullPointerException error on this line: "response.setStatus(((Integer)request.getAttribute("javax.servlet.error.status_code")).intValue());" It appears that when the code in line 4 gets executed, javax.servlet.error.status_code is null and that's why it's getting a java.lang.NullPointerException error, so I'm not sure where the status code 403 is being lost. The strange thing is that we have another DSpace instance where the auth. error displays just fine. In this instance, we have the same DSpace version installed (1.5.1), however there is a different Java version on this machine: java version "1.6.0_07" Java(TM) SE Runtime Environment (build 1.6.0_07-b06) Java HotSpot(TM) Server VM (build 10.0-b23, mixed mode) The version of Java on the machine where we're having the problem is: java version "1.5.0_18" Java(TM) Platform, Standard Edition for Business (build 1.5.0_18-b02) Java HotSpot(TM) Server VM (build 1.5.0_18-b02, mixed mode) Is it possible that the difference in the Java versions is causing our problem? I'm thinking maybe this is the answer because when I look at org.apache.jsp.error.authorize.jsp.java on each machine, they are very different. I saw somewhere too that if no authorization response code is passed in, a general error message will display (can't remember where I saw that). I know this is a lot of detail, but I sure would appreciate any help if anyone has the time. Thanks in advance, Sue Sue Walker-Thornton ConITS Contract NASA Langley Research Center Integrated Library Systems Application & Database Administrator 130 Research Drive Hampton, VA 23666 Office: (757) 224-4074 Fax: (757) 224-4001 Mobile: (757) 506-9903 Email: susan.m.thorn...@nasa.gov<mailto:susan.m.thorn...@nasa.gov>
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech