| Author |
Customize "Error 403: AuthorizationFailed" page
|
|
|
| Hello all,
I have an application that uses J2EE security. We're using BA. For resources to which a user is not granted access to they receive the "Error 403: AuthorizationFailed" page. I would like to replace or redirect that event to my own page but I'm not sure ho
w.
Could someone direct me to a page or doc that tells me how? Thanks.
| |
| Aditya Wresniyandaka 2006-01-29, 9:47 pm |
| In the Web Deployment Descriptor, you can specify what page to display when the users encounter error 403.
| |
|
| > In the Web Deployment Descriptor, you can specify
> what page to display when the users encounter error
> 403.
Thank you for your response. I was under the impression that you may have been able to do that in the descriptor but wasn't sure what to add. The docs I found made references to setting an error page in the context of setting up a forms based login, ie. &
lt;form-login-page> & <form-error-page>. Is that what you are referring to?
Once again thanks.
| |
| Aditya Wresniyandaka 2006-01-29, 9:47 pm |
| No - this is not what I meant. If you open the Deployment Descriptor, with say Websphere Studio App Developer, you should see four sections: Welcome pages, Login, Error pages, Exceptions.
What you were referring to was the second one, which is dealing specifically with the Login process. I was referring to the third one, which really handles the HTML error codes.
It should be within a block like the following:
<error-page id="ErrorCodeErrorPage_1133453892160">
<error-code>403</error-code>
<location>/my403ErrorPage.jsp</location>
</error-page>
Depending on your application, you could specify /logon.jsp in the <location/> tag. This way when error 403 is thrown, the user gets presented with the logon page.
| |
|
| Ah I see. I don't have the benefit of the WSAD or RAD at the moment so I wasn't sure where to look.
I will follow this lead. Thanks for the tip.
| |
| Paul Ilechko 2006-01-29, 9:47 pm |
| jnegron@dtcc.com wrote:
> Ah I see. I don't have the benefit of the WSAD or RAD at the moment
> so I wasn't sure where to look.
>
> I will follow this lead. Thanks for the tip.
If you don't have WSAD you can see the same things in the ASTK, which is
freely available with WAS.
Also, just want to point out that Basic Auth is not very secure, as it
sends passwords in clear text. Hope you're using SSL ... (but you
probably knew this already).
Paul.
| |
|
| I just installed the ASTK yesterday evening, so I'll be exploring that shortly. We typically don't use WSAD/RAD/ASTK in our day to day hence my lack of familiarity with it.
> Also, just want to point out that Basic Auth is not very secure, as it
> sends passwords in clear text. Hope you're using SSL ... (but you
> probably knew this already).
Yup. We're working out some of the mechanics with respect to TAM and J2EE security but thanks for the friendly reminder.
=)
| |
| Paul Ilechko 2006-01-29, 9:47 pm |
| jnegron@dtcc.com wrote:
> I just installed the ASTK yesterday evening, so I'll be exploring
> that shortly. We typically don't use WSAD/RAD/ASTK in our day to day
> hence my lack of familiarity with it.
>
>
>
>
> Yup. We're working out some of the mechanics with respect to TAM and
> J2EE security but thanks for the friendly reminder.
>
> =)
I just realized who I was responding to .. of course you guys know this
stuff, we've discussed it often enough ;-)
| |
|
| No worries Paul. Any and all responses are always appreciated.
|
|
|
|