struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (WW-3811) dont let struts auto catch Exception and send 500 error
Date Wed, 09 May 2012 05:50:30 GMT

     [ https://issues.apache.org/jira/browse/WW-3811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Lukasz Lenart updated WW-3811:
------------------------------

    Fix Version/s: 2.3.4
    
> dont let struts auto catch Exception and send 500 error
> -------------------------------------------------------
>
>                 Key: WW-3811
>                 URL: https://issues.apache.org/jira/browse/WW-3811
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Dispatch Filter
>    Affects Versions: 2.3.3
>         Environment: struts2, spring security
>            Reporter: Xu Hui Sheng
>              Labels: catchexception, springsecurity
>             Fix For: 2.3.4
>
>
> struts2 with spring security.
>  The Spring Security security method interceptor may throw an org.springframework.security.access.AccessDeniedException.
 It need be catched by org.springframework.security.web.access.ExceptionTranslationFilter,
then be translated to be a 403 error.
>  But the org.apache.struts2.dispatcher.Dispatcher always catch the Exception which throwed
from their actions, and converted them to a 500 error, So the behavior of spring security
becomes wired. Neither I cannot define a <error-page> with <exception-type>org.springframework.security.access.AccessDeniedException,
or <error-page><error-code>403</error-code>, because struct2 already hide
all of the details of this exception.
> Now I just have two options to choose,  First is use ExceptionMappingInterceptor and
mapping AccessDeniedException to 403.jsp, this causes duplicated configuration, I have to
define 403.jsp both of web.xml and struts.xml.
> Second choice is modifying source code of Dispatcher, just comments the 533 line:
>             sendError(request, response, context, HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
e);
> I wish there could be an option like 'struts.convert.exception=false' to close this default
behavior, so we could use spring security with struts2 more flexibility

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message