[ https://issues.apache.org/jira/browse/WW-2769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17578483#comment-17578483 ]
Torsten Krah commented on WW-2769: ---------------------------------- [~lukaszlenart] 14 years later I must admit my hope that this one will be fixed vanished long long ago - already moved away from struts (and portlets in general) a decade ago ;). > Default RolesInterceptor not well suited @portlet environment, sending 403 is > forbidden in portlets > --------------------------------------------------------------------------------------------------- > > Key: WW-2769 > URL: https://issues.apache.org/jira/browse/WW-2769 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors, Plugin - Portlet > Affects Versions: 2.0.11.2 > Environment: Linux 2.6.x, Pluto 1.1.6 & Tomcat 6.0.18 > Reporter: Torsten Krah > Priority: Major > Fix For: 6.1.0 > > > The default RolesInterceptor does handle a forbidden request in the > handleRejection method with a 403 Error. > However, sending a 403 directly to the request back to the user is forbidden > in a portlet. > The default RolesInterceptor implementation does not handle this very well. > A workaround is to override the handleRejection method of the > RolesInterceptor (and using this one instead of the default) which does throw > a custom exception, which is handled by a global-exception definition which > sent the user to a custom error page displaying a forbidden message. -- This message was sent by Atlassian Jira (v8.20.10#820010)