Matt,
Glad you managed to sort this out. As I said I was somewhat incapacitated on
the technology front on Friday!
Thanks for taking a look at it and giving your feedback,
Regards,
Nic
On Friday 07 September 2001 4:00 pm, Matt Raible wrote:
> I got this figured out - the SC_FORBIDDEN works GREAT!!
>
> Without the entry in my web.xml - I get an error message from the server
> (or browser if using IE 6).
>
> I changed the entry in my web.xml to have a leading slash ("/") and it
> works great!
>
> <error-page>
> <error-code>403</error-code>
> <location>/accessDenied.jsp</location>
> </error-page>
>
> +1 for adding this to struts 1.1!
>
> --- Matt Raible <[EMAIL PROTECTED]> wrote:
> > Nic,
> >
> > I changed your ActionServlet (line 1573) to return SC_FORBIDDEN in the
> > following code block:
> >
> > if (debug >= 1)
> > log(" Access denied to mapping for path " + path);
> >
> > response.sendError(HttpServletResponse.SC_FORBIDDEN,
> > internal.getMessage("processAccessDenied", path));
> >
> > added this to my web.xml:
> >
> > <error-page>
> > <error-code>403</error-code>
> > <location>accessDenied.jsp</location>
> > </error-page>
> >
> > And now I'm getting the error below - any ideas?
> >
> > [07/Sep/2001 09:23:23:3] info: --------------------------------------
> > [07/Sep/2001 09:23:23:3] info: action: Access denied to mapping for path
> > /searchHolidayMonth
> > [07/Sep/2001 09:23:23:3] info: --------------------------------------
> > [07/Sep/2001 09:23:23:3] error: Exception: SERVLET-run_failed: Failed in
> > running template: [App = timetracker, Servlet = action], java.lang.Strin
> > gIndexOutOfBoundsException: String index out of range: -1
> > Exception Stack Trace:
> > java.lang.StringIndexOutOfBoundsException: String index out of range: -1
> > at java.lang.String.substring(String.java:1492)
> > at
>
> com.netscape.server.servlet.platformhttp.PlatformHttpServletRequest.getRequ
>estDispatcher(Unknown
>
> > Source)
> > at
>
> com.netscape.server.servlet.platformhttp.PlatformHttpServletResponse.sendEr
>ror(Unknown
>
> > Source)
> > at
> > org.apache.struts.action.ActionServlet.process(ActionServlet.java:1573)
> > at
> > org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:500)
> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:865)
> > at
> > com.netscape.server.servlet.servletrunner.ServletInfo.service(Unknown
> > Source) at
>
> com.netscape.server.servlet.platformhttp.PlatformHttpServletResponse.callUr
>i(Unknown
>
> > Source)
> > at
>
> com.netscape.server.servlet.platformhttp.PlatformHttpServletResponse.callUr
>iRestrictOutput(Unknown
>
> > Source)
> > at
>
> com.netscape.server.servlet.platformhttp.PlatformRequestDispatcher.forward(
>Unknown
>
> > Source)
> > at
>
> com.netscape.server.servlet.platformhttp.PlatformHttpServletResponse.sendEr
>ror(Unknown
>
> > Source)
> > at
> > org.apache.struts.action.ActionServlet.process(ActionServlet.java:1573)
> > at
> > org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:500)
> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:865)
> > at
> > com.netscape.server.servlet.servletrunner.ServletInfo.service(Unknown
> > Source) at
> > com.netscape.server.servlet.servletrunner.ServletRunner.execute(Unknown
> > Source)
> > at com.kivasoft.applogic.AppLogic.execute(Unknown Source)
> > at com.kivasoft.applogic.AppLogic.execute(Unknown Source)
> > at com.kivasoft.thread.ThreadBasic.run(Native Method)
> > at java.lang.Thread.run(Thread.java:479)
> >
> > --- Nic Hobbs <[EMAIL PROTECTED]> wrote:
> > > Hi Matt, All,
> > >
> > >
> > > Firstly let me apologise for my absence for the last few weeks ( I seem
> > > to end up doing this at the top of every posting I make ;) but I had a
> > > nasty
> >
> > and
> >
> > > artistic bout of Food Poisoning and then a holiday to contend with.
> > > Since I
> > >
> > > have been trying to catch up on the several thousand mails that seem to
> >
> > have
> >
> > > been sent whilst I was away!
> > >
> > > On to the real message though. In my original posting (referenced in
> > > your mail) I outlined this as the current functionality, and asked for
> >
> > suggestions
> >
> > > as to what it _should_ do instead. Yours is the first comment I have
> > > had
> >
> > back
> >
> > > on this, as I think you are one of the first to look at it in any
> > > depth.
> >
> > Many
> >
> > > thanks.
> > >
> > > I think you are probably right that we should return a 403 (Forbidden)
> > > as
> >
> > the
> >
> > > default. I would like this to be configurable though so people can
> > > choose.
> >
> > I
> >
> > > can't remember exactly how the code was written now (well, it was a
> > > month
> >
> > or
> >
> > > so ago) and if this is possible, and sadly our network went down for
> >
> > routine
> >
> > > maintenance today and died in the process so I can't even look at the
> > > code
> >
> > at
> >
> > > the moment, let alone test some changes! I will do asap though. Do you
> >
> > still
> >
> > > want a demo webapp or are you happy with how it works now? It sounds
> > > like
> >
> > you
> >
> > > have it working ok.
> > >
> > > Incidently, things have been quiet on the workflow front recently, can
> >
> > anyone
> >
> > > update me with what the latest is? Ta.
> > >
> > > In the next few weeks I have (another) holiday and am quite busy as I
> > > have some bits to clear up before I get sent out to the US for a couple
> > > of
> >
> > months
> >
> > > (I'll be down in Tampa, FL if anyone is interested, or if anyone is
> > > heading
> > >
> > > down there for OOPSLA...? Although I'll not be at OOPSLA myself
> > > unfortunately...so near yet so far...). But when I get out there I hope
> > > to have a little more free time to get more involved. I think I keep
> > > saying
> >
> > that
> >
> > > too...
> > >
> > >
> > > Regards,
> > >
> > > Nic
> > >
> > > On Friday 07 September 2001 2:23 pm, you wrote:
> > > > Nic,
> > > >
> > > > I think the best thing to handle the situation below would be to
> > > > direct
> >
> > the
> >
> > > > user to a return a 403 error (forbidden). Then in the web.xml, it
> > > > might
> >
> > be
> >
> > > > possible to direct your server to route 403 errors to a specific
> > > > page.
> >
> > Is
> >
> > > > there anywhere that you specify returning a 404 error?
> > > >
> > > > This is a comment to the following message at:
> > > > http://husted.com/about/struts/struts-security.htm
> > > >
> > > > But what happens when the user is found to not be in the correct
> > > > role? At the moment the user just gets a page not found at the
> > > > browser level which is good in one way in that if a user went to the
> > > > URL directly they
> >
> > wouldn't
> >
> > > > know if the URL is correct or not but we may want it to go to a
> > > > specific (configurable) 'illegal access' page or something similar.
> > > > Comments?
> > > >
> > > > Thanks,
> > > >
> > > > Matt
> > > >
> > > >
> > > > __________________________________________________
> > > > Do You Yahoo!?
> > > > Get email alerts & NEW webcam video instant messaging with Yahoo!
> >
> > Messenger
> >
> > > > http://im.yahoo.com
> > >
> > > _________________________________________________________
> > > Do You Yahoo!?
> > > Get your free @yahoo.com address at http://mail.yahoo.com
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Get email alerts & NEW webcam video instant messaging with Yahoo!
> > Messenger http://im.yahoo.com
>
> __________________________________________________
> Do You Yahoo!?
> Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
> http://im.yahoo.com
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
