[
https://issues.apache.org/jira/browse/WW-2769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17578483#comment-17578483
]
Torsten Krah commented on WW-2769:
----------------------------------
[~lukaszlenart] 14 years later I must admit my hope that this one will be fixed
vanished long long ago - already moved away from struts (and portlets in
general) a decade ago ;).
> Default RolesInterceptor not well suited @portlet environment, sending 403 is
> forbidden in portlets
> ---------------------------------------------------------------------------------------------------
>
> Key: WW-2769
> URL: https://issues.apache.org/jira/browse/WW-2769
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors, Plugin - Portlet
> Affects Versions: 2.0.11.2
> Environment: Linux 2.6.x, Pluto 1.1.6 & Tomcat 6.0.18
> Reporter: Torsten Krah
> Priority: Major
> Fix For: 6.1.0
>
>
> The default RolesInterceptor does handle a forbidden request in the
> handleRejection method with a 403 Error.
> However, sending a 403 directly to the request back to the user is forbidden
> in a portlet.
> The default RolesInterceptor implementation does not handle this very well.
> A workaround is to override the handleRejection method of the
> RolesInterceptor (and using this one instead of the default) which does throw
> a custom exception, which is handled by a global-exception definition which
> sent the user to a custom error page displaying a forbidden message.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
