Announcement Announcement Module
Collapse
No announcement yet.
How To Redirect 403 Response To Friendly Page Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Damendra
    started a topic How To Redirect 403 Response To Friendly Page

    How To Redirect 403 Response To Friendly Page

    Hi,

    Not sure if anyone has done this, but is it possible to redirect the 403 thrown by acegi to a customised page? Does anyone have a solution?

    Regards

  • Ben Alex
    replied
    In 1.0.0 RC2 we refactored error handling into an ExceptionTranslationFilter, so take a look at that and see if it makes it easier for you to handle 403s in a custom manner.

    Leave a comment:


  • jorlokk
    replied
    Originally posted by Damendra
    have tried the /403.jsp too - that didn't work either. what actaully gets displayed is an auto-generated forbidden page..

    if i hit the 403.jsp directly it does get displayed.
    If the problem occours in IE, but not in other browsers - it's IE's pretty-error-print functionality that is the problem. Your error page is to small, it needs to be atleast 10kB (add a long comment to make it larger). Read more about the problem at:
    http://www.hostedfaqs.com/123hosts/f...rror-pages.php

    BTW: This is a reply to the web.xml solution with the errorcode/-page mapping.

    - Jørgen Løkke -
    Last edited by jorlokk; Mar 3rd, 2006, 03:20 AM.

    Leave a comment:


  • adeveloper
    replied
    Any body successfully used exceptionResolver?

    I mapped org.acegisecurity.AccessDeniedException in a exceptionResolver, but 403 does not get forwarded to the error page.

    Can we use Spring settings or we need to use web.xml to forward to a particular jsp file in case of the 403 error?

    Leave a comment:


  • Ben Alex
    replied
    Yes, you can catch org.acegisecurity.AccessDeniedException as the MVC controller. The SecurityEnforcementFilter (which usually catches this exception) will never have it propagate up from the DispatcherServlet.

    Leave a comment:


  • Tardis
    replied
    I am using Spring MVC and is it possible to map the access denied exception thrown by Acegi in the application context xml file by using the exceptionResolver bean?

    <bean id="exceptionResolver" class="org.springframework.web.servlet.handler.Sim pleMappingExceptionResolver">
    <property name="exceptionMappings">
    <props>
    <prop key="<insert name of access denied acegi exception here>">403_accessDenied.jsp</prop>
    </props>
    </property>
    </bean>

    If yes, what is the correct syntax for the access denied exception thrown by Acegi?

    Leave a comment:


  • Damendra
    replied
    Thanks Karl,

    it could be the case - will check later..

    Thanks..

    Leave a comment:


  • feenixx
    replied
    403 error handler on web.xml works fine as kbaum suggested.
    notice that this SecurityContext will contain null authentication when the
    request is forwarded to view layer, like jsp pages.

    I guess it's something to do with HttpSessionIntegrationFilter not filtering
    403 request or something. If you need authentication information on your
    custom error page, I guess you have to populate SecurityContext yourself.
    Check this thread for details.

    Leave a comment:


  • kbaum
    replied
    Right, but you should be able to hit your custom 403.jsp page directly from your browser. Another words:

    http://yoururl:8080/403.jsp

    Sounds like you might be restricting access to your own 403.jsp page .

    Leave a comment:


  • Damendra
    replied
    Hi,

    have tried the /403.jsp too - that didn't work either. what actaully gets displayed is an auto-generated forbidden page..

    if i hit the 403.jsp directly it does get displayed.

    thanks

    Leave a comment:


  • kbaum
    replied
    Just looked in one of my old projects. You may be missing a forward slash if the 403.jsp is in the root of your webapp.

    <error-page>
    <error-code>403</error-code>
    <location>/403.jsp</location>
    </error-page>

    Where is the 403.jsp? If you wanted to hit the 403.jsp directly, what URL would you use?

    Leave a comment:


  • kbaum
    replied
    Hmmmm... what page did you get when you tried that?

    Leave a comment:


  • Damendra
    replied
    Thanks Karl,

    did do this:
    <error-page>
    <error-code>403</error-code>
    <location>403.jsp</location>
    </error-page>

    but it never worked..

    Leave a comment:


  • kbaum
    replied
    In the web.xml, you can define an error page based on the error-code element. This documentation is from BEA, but it's the same for all servlet containers.

    http://e-docs.bea.com/wls/docs81/web...l.html#1017571

    Leave a comment:

Working...
X