Hi again all --
I'm continuing to struggle with complying with enterprise security
policy. I am using DSpace 3.2, serving xmlui, with the
Apache JSPUI connector.
I have two new requirements I have to try to comply with.
The first is, the security folks would like me to not expose
tracebacks when Java errors occur. I have followed various
web guidelines for redirecting errors to a static error page, but
I can't seem to figure out how to get dspace/xmlui to direct to it.
I put the error page in static/error.html, and when I manually
go to "<url>/dspace/xmlui/error.html", I see my content.
I then added this stanza:
> <error-page>
> <excpetion-type>java.lang.Throwable</exception-type>
> <location>/error.html</location>
> </error-page>
... to the web.xml file under WEB-INF for the dspace xmlui web app.
The result of this is that I get "HTTP Status 404" from Tomcat
for any nontrivial dspace/xmlui URL, including the log-in page.
(The static URL dspace/xmlui/error.html still works, though!)
I've tried numerous variations on the path in the <location></location>
in that stanza, with and without the "static" part, with and without
the leading slash, and with various other pieces of the path, but
they all give me a Tomact-404. What's the right way to do this?
I am hoping to be able to show a simple static page, but will be
happy with anything that works.
The second requirement is, I have been asked to turn off password
autocomplete. This involves setting 'autocomplete="off"' in the
log-in form, but I am having some difficulty navigating the
code-base -- I'm looking for a low-intervention way of doing this,
to avoid having "my" DSpace being too different from the upstream,
and ideally would like to do this *just* for the LDAP log-in form.
Is there a simple way to do this, or should I just keep looking?
Thanks in advance -- as you may have discerned, I'm more of a
sysadmin, my Java and Tomcat skills are not as strong as they maybe
should be for this kind of thing.
-- A.
--
Dr. Andrew C. E. Reid
Physical Scientist, Computer Operations Administrator
Center for Theoretical and Computational Materials Science
National Institute of Standards and Technology, Mail Stop 8555
Gaithersburg MD 20899 USA
[email protected]
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
