Hi Andrew (and all), A followup on your custom error page question:
After digging into the code again today, I just figured out a workaround where you *can* use a static HTML error page. I've described it in this comment on DS-1596: https://jira.duraspace.org/browse/DS-1596?focusedCommentId=32607 I also now have a theory for how we *should* be able to fix this in DSpace so that your DSpace theme is applied. But, I think that'll take a bit more time to implement, so for now, the workaround should be "good enough" for your needs. - Tim On 1/24/2014 10:58 AM, Tim Donohue wrote: > Hi Andrew, > > On 1/23/2014 5:28 PM, Andrew Reid wrote: >>> I have two new requirements I have to try to comply with. >>> >>> The first is, the security folks would like me to not expose >>> tracebacks when Java errors occur. I have followed various >>> web guidelines for redirecting errors to a static error page, but >>> I can't seem to figure out how to get dspace/xmlui to direct to it. >>> >>> I put the error page in static/error.html, and when I manually >>> go to "<url>/dspace/xmlui/error.html", I see my content. >>> >>> I then added this stanza: >>> >>>> <error-page> >>>> <excpetion-type>java.lang.Throwable</exception-type> >>>> <location>/error.html</location> >>>> </error-page> >>> >>> ... to the web.xml file under WEB-INF for the dspace xmlui web app. >>> >>> The result of this is that I get "HTTP Status 404" from Tomcat >>> for any nontrivial dspace/xmlui URL, including the log-in page. >>> (The static URL dspace/xmlui/error.html still works, though!) > > This is actually a tough one. It sounds directly related to a known bug: > https://jira.duraspace.org/browse/DS-1596 > > By default, Apache Cocoon (which DSpace XMLUI uses) is capturing & > handling any errors. This is controlled in the sitemap.xmap: > https://github.com/DSpace/DSpace/blob/master/dspace-xmlui/src/main/webapp/sitemap.xmap#L684 > > > By default, what happens is that DSpace XMLUI reformats the Cocoon XML > error via the included "exception2html.xslt": > https://github.com/DSpace/DSpace/blob/master/dspace-xmlui/src/main/webapp/exception2html.xslt > > > This 'exception2html.xslt' is what creates the ugly Java stacktrace > error page. So, you could directly modify this XSLT to change the look > of the error page (and also hide the Java stacktrace). > > Unfortunately, because Cocoon is catching the error, I'm not sure it is > being properly passed up to Tomcat (which might be what you are seeing, > it's hard to tell). For DSpace, we actually had to manually apply a > patch to Apache Cocoon to get it to even properly throw HTTP 404 Error > Codes (as the latest version of Cocoon doesn't do it properly). > Essentially, I suspect part of the problem here is in Apache Cocoon (but > admittedly it's been a while since I've been able to dig in deeply > here). There's more background info on XMLUI error page issues in that > ticket I've linked above. > > If you (or anyone else listening in) manage to find a better solution, I > think we'd all like to hear it! > > >>> The second requirement is, I have been asked to turn off password >>> autocomplete. This involves setting 'autocomplete="off"' in the >>> log-in form, but I am having some difficulty navigating the >>> code-base -- I'm looking for a low-intervention way of doing this, >>> to avoid having "my" DSpace being too different from the upstream, >>> and ideally would like to do this *just* for the LDAP log-in form. >>> >>> Is there a simple way to do this, or should I just keep looking? > > In the XMLUI, the actual HTML is generated via the XSLTs in the theme > you are using. So, the answer to this depends on your *theme*. > > By default, DSpace XMLUI uses the "Mirage" theme, which itself loads up > the 'dr2xhtml-alt' base theme for most of the basic XSLT stylesheets. > > If you are using Mirage / dri2xhtml-alt, then the XSLT template which > creates *all* forms can be found here: > > https://github.com/DSpace/DSpace/blob/master/dspace-xmlui/src/main/webapp/themes/dri2xhtml-alt/core/elements.xsl#L90 > > > If you *only* want to set "autocomplete='off'" for the LDAP login form, > you likely could add a simple "xsl:if" into this template...something like: > > <form> > ... > <xsl:if test="@id='aspect.eperson.LDAPLogin.div.login'"> > <xsl:attribute name="autocomplete">off</xsl:attribute> > </xsl:if> > ... > </form> > > NOTE: I'm *guessing* at the proper @id value here. I don't have an LDAP > enabled site to look at. But, you should be able to find the @id value > by browsing to your LDAP login page, and adding "?XML" on the end of the > URL. What you will then see is the underlying XML of that page (which > the XSLT then transforms to XHTML obviously). You want to find the > value of the @id attribute on the "<div interactive='yes'>" (that XML > <div> tag gets changed to an HTML <form> tag). > > Hopefully that helps! > - Tim ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
