I tried to handle error code(HTTP ERROR CODE ; 401, 403, 404, 500) through
web.xml in my application. But the server does not recognize the changes and
showing the same browser messages.
(we have authourized some jsps/URLs based on jaas form based authenticaiton of
jboss. So when I click on the application, it prompts for userid/password and
opens the page accordigly if that user is Autoized user.when the user is
Unauthorized it is diplaying form-errorpage but the problem is if there are two
uses one user is having permission to two differnet jsps,then if the user is
trying to access the page for which he has no access permission it is
displaying "You are not authorized to view this page".)
Instead we want to display our cusotm error message.
Environment: Appserver : Jboss3.2.5
OS : Windows
this is my web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd";>
<web-app>
<!-- Standard Action Servlet Configuration (with debugging) -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Web Page seurity</web-resource-name>
Define which roles have access to the Web pages in this Web
Application.Other (more specific) security permissions will be defined in
web.xml servlet tags as well as in EJB descriptors, either a bean-level or
method-level permissions.
<url-pattern>/logon.jsp/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>testRole</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Web Page Security</web-resource-name>
Define which roles have access to the Web pages in this Web
Application.Other (more specific) security permissions will be defined in
web.xml servlet tags as well as in EJB descriptors, either a bean-level or
method-level permissions.
<url-pattern>/quote.jsp/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Errorpages/login.jsp</form-login-page>
<form-error-page>/Errorpages/login_error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>testRole</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>
</web-app>
as the above web.xml says there are two different users with two different
roles(test Role and admin) each one is having access to differnt jsps when the
user in admin trying to access that page which is having access permission to
testRole then this 403 error happening,i want to catch that and display my
customized eror page.
I have edited the web.xml as follows, but it did not redirect to
errorPage.jsp(custom error page)
<!-- Standard Action Servlet Configuration (with debugging) -->
<error-page>
<error-code>403</error-code>
/ErrorPage.jsp
</error-page>
.... ....
.... ....
.... ....
</web-app>
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3927020#3927020
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3927020
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
