Nic,
I changed your ActionServlet (line 1573) to return SC_FORBIDDEN in the
following code block:
if (debug >= 1)
log(" Access denied to mapping for path " + path);
response.sendError(HttpServletResponse.SC_FORBIDDEN,
internal.getMessage("processAccessDenied", path));
added this to my web.xml:
<error-page>
<error-code>403</error-code>
<location>accessDenied.jsp</location>
</error-page>
And now I'm getting the error below - any ideas?
[07/Sep/2001 09:23:23:3] info: --------------------------------------
[07/Sep/2001 09:23:23:3] info: action: Access denied to mapping for path
/searchHolidayMonth
[07/Sep/2001 09:23:23:3] info: --------------------------------------
[07/Sep/2001 09:23:23:3] error: Exception: SERVLET-run_failed: Failed in
running template: [App = timetracker, Servlet = action], java.lang.Strin
gIndexOutOfBoundsException: String index out of range: -1
Exception Stack Trace:
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(String.java:1492)
at
com.netscape.server.servlet.platformhttp.PlatformHttpServletRequest.getRequestDispatcher(Unknown
Source)
at
com.netscape.server.servlet.platformhttp.PlatformHttpServletResponse.sendError(Unknown
Source)
at
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1573)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:500)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:865)
at
com.netscape.server.servlet.servletrunner.ServletInfo.service(Unknown Source)
at
com.netscape.server.servlet.platformhttp.PlatformHttpServletResponse.callUri(Unknown
Source)
at
com.netscape.server.servlet.platformhttp.PlatformHttpServletResponse.callUriRestrictOutput(Unknown
Source)
at
com.netscape.server.servlet.platformhttp.PlatformRequestDispatcher.forward(Unknown
Source)
at
com.netscape.server.servlet.platformhttp.PlatformHttpServletResponse.sendError(Unknown
Source)
at
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1573)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:500)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:865)
at
com.netscape.server.servlet.servletrunner.ServletInfo.service(Unknown Source)
at
com.netscape.server.servlet.servletrunner.ServletRunner.execute(Unknown Source)
at com.kivasoft.applogic.AppLogic.execute(Unknown Source)
at com.kivasoft.applogic.AppLogic.execute(Unknown Source)
at com.kivasoft.thread.ThreadBasic.run(Native Method)
at java.lang.Thread.run(Thread.java:479)
--- Nic Hobbs <[EMAIL PROTECTED]> wrote:
> Hi Matt, All,
>
>
> Firstly let me apologise for my absence for the last few weeks ( I seem to
> end up doing this at the top of every posting I make ;) but I had a nasty and
>
> artistic bout of Food Poisoning and then a holiday to contend with. Since I
> have been trying to catch up on the several thousand mails that seem to have
> been sent whilst I was away!
>
> On to the real message though. In my original posting (referenced in your
> mail) I outlined this as the current functionality, and asked for suggestions
>
> as to what it _should_ do instead. Yours is the first comment I have had back
>
> on this, as I think you are one of the first to look at it in any depth. Many
>
> thanks.
>
> I think you are probably right that we should return a 403 (Forbidden) as the
>
> default. I would like this to be configurable though so people can choose. I
> can't remember exactly how the code was written now (well, it was a month or
> so ago) and if this is possible, and sadly our network went down for routine
> maintenance today and died in the process so I can't even look at the code at
>
> the moment, let alone test some changes! I will do asap though. Do you still
> want a demo webapp or are you happy with how it works now? It sounds like you
>
> have it working ok.
>
> Incidently, things have been quiet on the workflow front recently, can anyone
>
> update me with what the latest is? Ta.
>
> In the next few weeks I have (another) holiday and am quite busy as I have
> some bits to clear up before I get sent out to the US for a couple of months
> (I'll be down in Tampa, FL if anyone is interested, or if anyone is heading
> down there for OOPSLA...? Although I'll not be at OOPSLA myself
> unfortunately...so near yet so far...). But when I get out there I hope to
> have a little more free time to get more involved. I think I keep saying that
>
> too...
>
>
> Regards,
>
> Nic
>
>
>
>
>
>
> On Friday 07 September 2001 2:23 pm, you wrote:
> > Nic,
> >
> > I think the best thing to handle the situation below would be to direct the
> > user to a return a 403 error (forbidden). Then in the web.xml, it might be
> > possible to direct your server to route 403 errors to a specific page. Is
> > there anywhere that you specify returning a 404 error?
> >
> > This is a comment to the following message at:
> > http://husted.com/about/struts/struts-security.htm
> >
> > But what happens when the user is found to not be in the correct role? At
> > the moment the user just gets a page not found at the browser level which
> > is good in one way in that if a user went to the URL directly they wouldn't
> > know if the URL is correct or not but we may want it to go to a specific
> > (configurable) 'illegal access' page or something similar. Comments?
> >
> > Thanks,
> >
> > Matt
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
> > http://im.yahoo.com
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com
