Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-2769

Default RolesInterceptor not well suited @portlet environment, sending 403 is forbidden in portlets

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.0.11.2
    • Fix Version/s: Future
    • Labels:
      None
    • Environment:

      Linux 2.6.x, Pluto 1.1.6 & Tomcat 6.0.18

      Description

      The default RolesInterceptor does handle a forbidden request in the handleRejection method with a 403 Error.
      However, sending a 403 directly to the request back to the user is forbidden in a portlet.
      The default RolesInterceptor implementation does not handle this very well.

      A workaround is to override the handleRejection method of the RolesInterceptor (and using this one instead of the default) which does throw a custom exception, which is handled by a global-exception definition which sent the user to a custom error page displaying a forbidden message.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                tkrah Torsten Krah
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated: