I just wanted to let everyone know that I finally solved this problem by
commenting out the following line in /error/authorize.jsp:
<%@ page isErrorPage="true" %>
I also had to do it in the other error JSPs in order for them to be correctly
displayed when the corresponding error occurred (invalid-id, integrity, 404,
etc).
This is actually great because it corrects the display of an "Internal Server
Error" when a User types or clicks on a bad link for a handle. Now the correct
error message displays, indicating:
Invalid Identifier
The identifier 2122/35e8e8e does not correspond to a valid Object......
Now I'm wondering if other folks have had this problem and, if so, should this
be considered a "bug" and be corrected in a future release?
Thanks,
Sue Walker-Thornton
NASA Langley Research Center, Hampton, VA 23666
757-224-4074
________________________________
From: Thornton, Susan M. (LARC-B702)[RAYTHEON TECHNICAL SERVICES COMPANY]
[mailto:[email protected]]
Sent: Tuesday, January 05, 2010 12:50 PM
To: [email protected]
Subject: [Dspace-tech] Problem with authorization error display in DSpace 1.5.1
In a DSpace instance where we have some secure collections that are only
viewable by certain epersongroups, we are not getting the correct message when
a User clicks on an item they do *not* have access to. Instead of getting the
authorize.jsp screen, we are getting the internal.jsp screen where the standard
server error message displays. I've tracked this down and here's what I've
found:
1. In org.dspace.app.webui.util.JSPManager.showAuthorizeError, the line that
says "response.setStatus(HttpServletResponse.SC_FORBIDDEN);" correctly sets the
response status code to 403 (Forbidden).
2. org.dspace.app.webui.util.JSPManager.showJSP is then executed with
parameters (request, response, "/error/authorize.jsp")
3. request.getRequestDispatcher(jsp).forward(request, response); is then
executed.
4. org.apache.jsp.error.authorize.jsp then gets a
java.lang.NullPointerException error on this line:
"response.setStatus(((Integer)request.getAttribute("javax.servlet.error.status_code")).intValue());"
It appears that when the code in line 4 gets executed,
javax.servlet.error.status_code is null and that's why it's getting a
java.lang.NullPointerException error, so I'm not sure where the status code 403
is being lost.
The strange thing is that we have another DSpace instance where the auth. error
displays just fine. In this instance, we have the same DSpace version
installed (1.5.1), however there is a different Java version on this machine:
java version "1.6.0_07"
Java(TM) SE Runtime Environment (build 1.6.0_07-b06)
Java HotSpot(TM) Server VM (build 10.0-b23, mixed mode)
The version of Java on the machine where we're having the problem is:
java version "1.5.0_18"
Java(TM) Platform, Standard Edition for Business (build 1.5.0_18-b02)
Java HotSpot(TM) Server VM (build 1.5.0_18-b02, mixed mode)
Is it possible that the difference in the Java versions is causing our problem?
I'm thinking maybe this is the answer because when I look at
org.apache.jsp.error.authorize.jsp.java on each machine, they are very
different.
I saw somewhere too that if no authorization response code is passed in, a
general error message will display (can't remember where I saw that).
I know this is a lot of detail, but I sure would appreciate any help if anyone
has the time.
Thanks in advance,
Sue
Sue Walker-Thornton
ConITS Contract
NASA Langley Research Center
Integrated Library Systems Application & Database Administrator
130 Research Drive
Hampton, VA 23666
Office: (757) 224-4074
Fax: (757) 224-4001
Mobile: (757) 506-9903
Email: [email protected]<mailto:[email protected]>
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
