In a DSpace instance where we have some secure collections that are only
viewable by certain epersongroups, we are not getting the correct message when
a User clicks on an item they do *not* have access to. Instead of getting the
authorize.jsp screen, we are getting the internal.jsp screen where the standard
server error message displays. I've tracked this down and here's what I've
found:
1. In org.dspace.app.webui.util.JSPManager.showAuthorizeError, the line that
says "response.setStatus(HttpServletResponse.SC_FORBIDDEN);" correctly sets the
response status code to 403 (Forbidden).
2. org.dspace.app.webui.util.JSPManager.showJSP is then executed with
parameters (request, response, "/error/authorize.jsp")
3. request.getRequestDispatcher(jsp).forward(request, response); is then
executed.
4. org.apache.jsp.error.authorize.jsp then gets a
java.lang.NullPointerException error on this line:
"response.setStatus(((Integer)request.getAttribute("javax.servlet.error.status_code")).intValue());"
It appears that when the code in line 4 gets executed,
javax.servlet.error.status_code is null and that's why it's getting a
java.lang.NullPointerException error, so I'm not sure where the status code 403
is being lost.
The strange thing is that we have another DSpace instance where the auth. error
displays just fine. In this instance, we have the same DSpace version
installed (1.5.1), however there is a different Java version on this machine:
java version "1.6.0_07"
Java(TM) SE Runtime Environment (build 1.6.0_07-b06)
Java HotSpot(TM) Server VM (build 10.0-b23, mixed mode)
The version of Java on the machine where we're having the problem is:
java version "1.5.0_18"
Java(TM) Platform, Standard Edition for Business (build 1.5.0_18-b02)
Java HotSpot(TM) Server VM (build 1.5.0_18-b02, mixed mode)
Is it possible that the difference in the Java versions is causing our problem?
I'm thinking maybe this is the answer because when I look at
org.apache.jsp.error.authorize.jsp.java on each machine, they are very
different.
I saw somewhere too that if no authorization response code is passed in, a
general error message will display (can't remember where I saw that).
I know this is a lot of detail, but I sure would appreciate any help if anyone
has the time.
Thanks in advance,
Sue
Sue Walker-Thornton
ConITS Contract
NASA Langley Research Center
Integrated Library Systems Application & Database Administrator
130 Research Drive
Hampton, VA 23666
Office: (757) 224-4074
Fax: (757) 224-4001
Mobile: (757) 506-9903
Email: susan.m.thorn...@nasa.gov<mailto:susan.m.thorn...@nasa.gov>
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
