Announcement Announcement Module
Collapse
No announcement yet.
How To Redirect 403 Response To Friendly Page Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How To Redirect 403 Response To Friendly Page

    Hi,

    Not sure if anyone has done this, but is it possible to redirect the 403 thrown by acegi to a customised page? Does anyone have a solution?

    Regards

  • #2
    In the web.xml, you can define an error page based on the error-code element. This documentation is from BEA, but it's the same for all servlet containers.

    http://e-docs.bea.com/wls/docs81/web...l.html#1017571

    Comment


    • #3
      Thanks Karl,

      did do this:
      <error-page>
      <error-code>403</error-code>
      <location>403.jsp</location>
      </error-page>

      but it never worked..

      Comment


      • #4
        Hmmmm... what page did you get when you tried that?

        Comment


        • #5
          Just looked in one of my old projects. You may be missing a forward slash if the 403.jsp is in the root of your webapp.

          <error-page>
          <error-code>403</error-code>
          <location>/403.jsp</location>
          </error-page>

          Where is the 403.jsp? If you wanted to hit the 403.jsp directly, what URL would you use?

          Comment


          • #6
            Hi,

            have tried the /403.jsp too - that didn't work either. what actaully gets displayed is an auto-generated forbidden page..

            if i hit the 403.jsp directly it does get displayed.

            thanks

            Comment


            • #7
              Right, but you should be able to hit your custom 403.jsp page directly from your browser. Another words:

              http://yoururl:8080/403.jsp

              Sounds like you might be restricting access to your own 403.jsp page .

              Comment


              • #8
                403 error handler on web.xml works fine as kbaum suggested.
                notice that this SecurityContext will contain null authentication when the
                request is forwarded to view layer, like jsp pages.

                I guess it's something to do with HttpSessionIntegrationFilter not filtering
                403 request or something. If you need authentication information on your
                custom error page, I guess you have to populate SecurityContext yourself.
                Check this thread for details.

                Comment


                • #9
                  Thanks Karl,

                  it could be the case - will check later..

                  Thanks..

                  Comment


                  • #10
                    I am using Spring MVC and is it possible to map the access denied exception thrown by Acegi in the application context xml file by using the exceptionResolver bean?

                    <bean id="exceptionResolver" class="org.springframework.web.servlet.handler.Sim pleMappingExceptionResolver">
                    <property name="exceptionMappings">
                    <props>
                    <prop key="<insert name of access denied acegi exception here>">403_accessDenied.jsp</prop>
                    </props>
                    </property>
                    </bean>

                    If yes, what is the correct syntax for the access denied exception thrown by Acegi?

                    Comment


                    • #11
                      Yes, you can catch org.acegisecurity.AccessDeniedException as the MVC controller. The SecurityEnforcementFilter (which usually catches this exception) will never have it propagate up from the DispatcherServlet.

                      Comment


                      • #12
                        Any body successfully used exceptionResolver?

                        I mapped org.acegisecurity.AccessDeniedException in a exceptionResolver, but 403 does not get forwarded to the error page.

                        Can we use Spring settings or we need to use web.xml to forward to a particular jsp file in case of the 403 error?

                        Comment


                        • #13
                          Originally posted by Damendra
                          have tried the /403.jsp too - that didn't work either. what actaully gets displayed is an auto-generated forbidden page..

                          if i hit the 403.jsp directly it does get displayed.
                          If the problem occours in IE, but not in other browsers - it's IE's pretty-error-print functionality that is the problem. Your error page is to small, it needs to be atleast 10kB (add a long comment to make it larger). Read more about the problem at:
                          http://www.hostedfaqs.com/123hosts/f...rror-pages.php

                          BTW: This is a reply to the web.xml solution with the errorcode/-page mapping.

                          - Jørgen Løkke -
                          Last edited by jorlokk; Mar 3rd, 2006, 03:20 AM.

                          Comment


                          • #14
                            In 1.0.0 RC2 we refactored error handling into an ExceptionTranslationFilter, so take a look at that and see if it makes it easier for you to handle 403s in a custom manner.

                            Comment

                            Working...
                            X