On Thu, Jan 23, 2014 at 05:50:53PM -0500, Andrew Reid wrote:
>
> Hi again all --
>
> I'm continuing to struggle with complying with enterprise security
> policy. I am using DSpace 3.2, serving xmlui, with the
> Apache JSPUI connector.
Replying to myself to call out and correct a rather confusing
error there -- I am using the Aapche mod_jk connector. My DSpace
interface is xmlui. Jspui is not relevant to this discussion.
-- A.
>
> I have two new requirements I have to try to comply with.
>
> The first is, the security folks would like me to not expose
> tracebacks when Java errors occur. I have followed various
> web guidelines for redirecting errors to a static error page, but
> I can't seem to figure out how to get dspace/xmlui to direct to it.
>
> I put the error page in static/error.html, and when I manually
> go to "<url>/dspace/xmlui/error.html", I see my content.
>
> I then added this stanza:
>
> > <error-page>
> > <excpetion-type>java.lang.Throwable</exception-type>
> > <location>/error.html</location>
> > </error-page>
>
> ... to the web.xml file under WEB-INF for the dspace xmlui web app.
>
> The result of this is that I get "HTTP Status 404" from Tomcat
> for any nontrivial dspace/xmlui URL, including the log-in page.
> (The static URL dspace/xmlui/error.html still works, though!)
>
> I've tried numerous variations on the path in the <location></location>
> in that stanza, with and without the "static" part, with and without
> the leading slash, and with various other pieces of the path, but
> they all give me a Tomact-404. What's the right way to do this?
> I am hoping to be able to show a simple static page, but will be
> happy with anything that works.
>
>
>
> The second requirement is, I have been asked to turn off password
> autocomplete. This involves setting 'autocomplete="off"' in the
> log-in form, but I am having some difficulty navigating the
> code-base -- I'm looking for a low-intervention way of doing this,
> to avoid having "my" DSpace being too different from the upstream,
> and ideally would like to do this *just* for the LDAP log-in form.
>
> Is there a simple way to do this, or should I just keep looking?
>
>
> Thanks in advance -- as you may have discerned, I'm more of a
> sysadmin, my Java and Tomcat skills are not as strong as they maybe
> should be for this kind of thing.
>
> -- A.
> --
> Dr. Andrew C. E. Reid
> Physical Scientist, Computer Operations Administrator
> Center for Theoretical and Computational Materials Science
> National Institute of Standards and Technology, Mail Stop 8555
> Gaithersburg MD 20899 USA
> [email protected]
>
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today.
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> _______________________________________________
> DSpace-tech mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette:
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
--
Dr. Andrew C. E. Reid
Physical Scientist, Computer Operations Administrator
Center for Theoretical and Computational Materials Science
National Institute of Standards and Technology, Mail Stop 8555
Gaithersburg MD 20899 USA
[email protected]
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
