Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-3811

dont let struts auto catch Exception and send 500 error

    XMLWordPrintableJSON

Details

    Description

      struts2 with spring security.

      The Spring Security security method interceptor may throw an org.springframework.security.access.AccessDeniedException. It need be catched by org.springframework.security.web.access.ExceptionTranslationFilter, then be translated to be a 403 error.

      But the org.apache.struts2.dispatcher.Dispatcher always catch the Exception which throwed from their actions, and converted them to a 500 error, So the behavior of spring security becomes wired. Neither I cannot define a <error-page> with <exception-type>org.springframework.security.access.AccessDeniedException, or <error-page><error-code>403</error-code>, because struct2 already hide all of the details of this exception.

      Now I just have two options to choose, First is use ExceptionMappingInterceptor and mapping AccessDeniedException to 403.jsp, this causes duplicated configuration, I have to define 403.jsp both of web.xml and struts.xml.

      Second choice is modifying source code of Dispatcher, just comments the 533 line:
      sendError(request, response, context, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e);

      I wish there could be an option like 'struts.convert.exception=false' to close this default behavior, so we could use spring security with struts2 more flexibility

      Attachments

        Activity

          People

            lukaszlenart Lukasz Lenart
            xuhuisheng Xu Hui Sheng
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: