Hi,
There is a fundamental issue with the servlet API when using error
pages for filter deployments.
For error pages to take effect it is necessary to utilize the
HttpServletResponse.sendError method, but this can only be used when
deployed as a servlet.
One approach you can take is to register an exception mapper for
WebApplicationException and then adapt the response returned for that
given a 403 status code.
@Provider
public MyMapper implements ExceptionMapper<WebApplicationException> {
public Response toResponse(WebApplicationException ex) {
Response r = ex.getResponse();
if (r.getStatus() == 403 && r.getEntity() == null) {
return Response.fromResponse(r).entity(new Viewable("/
403response", null)).build();
} else {
return r;
}
}
}
Paul.
On Nov 27, 2010, at 6:45 PM, tmp wrote:
>
> Hello!
>
> I'm securing my webapplication with the help of JDBCRealm and the
> RolesAllowedResourceFilterFactory from jersey.
> Here you can see an excerpt of the web.xml:
> http://www.sourcepod.com/mvdqdg95-3887
> As you can see, all requests are mapped to a java class. This class
> uses the
> @RolesAllowed annotation:
> http://www.sourcepod.com/uaurwl11-3888
>
> Everything works fine, but now I want to return a customized error
> page (for
> example an own jsp file) when the access is forbidden. Do you know
> how to
> achieve this?
>
> I tried to declare a <error-page> tag inside the web.xml but this
> doesn't
> work.
> Any ideas?
> Thanks in advance!
> --
> View this message in context: http://jersey.576304.n2.nabble.com/RolesAllowed-Customizing-error-pages-tp5780105p5780105.html
> Sent from the Jersey mailing list archive at Nabble.com.