Hi Andrew, On 1/23/2014 5:28 PM, Andrew Reid wrote: >> I have two new requirements I have to try to comply with. >> >> The first is, the security folks would like me to not expose >> tracebacks when Java errors occur. I have followed various >> web guidelines for redirecting errors to a static error page, but >> I can't seem to figure out how to get dspace/xmlui to direct to it. >> >> I put the error page in static/error.html, and when I manually >> go to "<url>/dspace/xmlui/error.html", I see my content. >> >> I then added this stanza: >> >>> <error-page> >>> <excpetion-type>java.lang.Throwable</exception-type> >>> <location>/error.html</location> >>> </error-page> >> >> ... to the web.xml file under WEB-INF for the dspace xmlui web app. >> >> The result of this is that I get "HTTP Status 404" from Tomcat >> for any nontrivial dspace/xmlui URL, including the log-in page. >> (The static URL dspace/xmlui/error.html still works, though!)
This is actually a tough one. It sounds directly related to a known bug: https://jira.duraspace.org/browse/DS-1596 By default, Apache Cocoon (which DSpace XMLUI uses) is capturing & handling any errors. This is controlled in the sitemap.xmap: https://github.com/DSpace/DSpace/blob/master/dspace-xmlui/src/main/webapp/sitemap.xmap#L684 By default, what happens is that DSpace XMLUI reformats the Cocoon XML error via the included "exception2html.xslt": https://github.com/DSpace/DSpace/blob/master/dspace-xmlui/src/main/webapp/exception2html.xslt This 'exception2html.xslt' is what creates the ugly Java stacktrace error page. So, you could directly modify this XSLT to change the look of the error page (and also hide the Java stacktrace). Unfortunately, because Cocoon is catching the error, I'm not sure it is being properly passed up to Tomcat (which might be what you are seeing, it's hard to tell). For DSpace, we actually had to manually apply a patch to Apache Cocoon to get it to even properly throw HTTP 404 Error Codes (as the latest version of Cocoon doesn't do it properly). Essentially, I suspect part of the problem here is in Apache Cocoon (but admittedly it's been a while since I've been able to dig in deeply here). There's more background info on XMLUI error page issues in that ticket I've linked above. If you (or anyone else listening in) manage to find a better solution, I think we'd all like to hear it! >> The second requirement is, I have been asked to turn off password >> autocomplete. This involves setting 'autocomplete="off"' in the >> log-in form, but I am having some difficulty navigating the >> code-base -- I'm looking for a low-intervention way of doing this, >> to avoid having "my" DSpace being too different from the upstream, >> and ideally would like to do this *just* for the LDAP log-in form. >> >> Is there a simple way to do this, or should I just keep looking? In the XMLUI, the actual HTML is generated via the XSLTs in the theme you are using. So, the answer to this depends on your *theme*. By default, DSpace XMLUI uses the "Mirage" theme, which itself loads up the 'dr2xhtml-alt' base theme for most of the basic XSLT stylesheets. If you are using Mirage / dri2xhtml-alt, then the XSLT template which creates *all* forms can be found here: https://github.com/DSpace/DSpace/blob/master/dspace-xmlui/src/main/webapp/themes/dri2xhtml-alt/core/elements.xsl#L90 If you *only* want to set "autocomplete='off'" for the LDAP login form, you likely could add a simple "xsl:if" into this template...something like: <form> ... <xsl:if test="@id='aspect.eperson.LDAPLogin.div.login'"> <xsl:attribute name="autocomplete">off</xsl:attribute> </xsl:if> ... </form> NOTE: I'm *guessing* at the proper @id value here. I don't have an LDAP enabled site to look at. But, you should be able to find the @id value by browsing to your LDAP login page, and adding "?XML" on the end of the URL. What you will then see is the underlying XML of that page (which the XSLT then transforms to XHTML obviously). You want to find the value of the @id attribute on the "<div interactive='yes'>" (that XML <div> tag gets changed to an HTML <form> tag). Hopefully that helps! - Tim ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
