Default RolesInterceptor not well suited @portlet environment, sending 403 is
forbidden in portlets
---------------------------------------------------------------------------------------------------
Key: WW-2769
URL: https://issues.apache.org/struts/browse/WW-2769
Project: Struts 2
Issue Type: Bug
Components: Core Interceptors
Affects Versions: 2.0.11.2
Environment: Linux 2.6.x, Pluto 1.1.6 & Tomcat 6.0.18
Reporter: Torsten Krah
The default RolesInterceptor does handle a forbidden request in the
handleRejection method with a 403 Error.
However, sending a 403 directly to the request back to the user is forbidden in
a portlet.
The default RolesInterceptor implementation does not handle this very well.
A workaround is to override the handleRejection method of the RolesInterceptor
(and using this one instead of the default) which does throw a custom
exception, which is handled by a global-exception definition which sent the
user to a custom error page displaying a forbidden message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
