Issue: Application running Apache CXF webservices handles response.sendError() differently when running in Jetty 6.1.21 than in
Tomcat 6.0.29 or SpringSource tc Runtime 2.1.0.RELEASE, where as the Jetty response has a status code of HTTP 403 Forbidden and Tomcat has a status code of HTTP 500 Internal Server Error. My client is GWT, and I am trying to detect the HTTP 403 status, which works with the server application running on Jetty but not on Tomcat or SpringSource tc.
Questions: Is this a configuration issue for Tomcat? Do I need to write my own ErrorReportValve implementation?
I have searched various forums (here, and via Google search) for a solution, to no avail. I have tried setting " errorReportValveClass = "" in Tomcat server.xml, and I still get HTTP 500 but with a blank page. I have also tried various settings for cfx.xml to propogate the response status, but that did not work either. I know these are not "Tomcat" changes per se, but I did not want to cross post and Tomcat forum seemed to be the right place to start.
Note: responses captured using Chrome Poster 1.4 running on Google Chrome 8.0.552.224
My application (Spring 3) is generating the following in a Spring Security Filter Bean (extends org.springframework.web.filter.GenericFilterBean):
response.sendError(403, "System Lockout");
throw new WebApplicationException();
Additional configuration details:
web.xml
-------
<
servlet>
<servlet-name>CXFServlet</servlet-name>
<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/secure/*</url-pattern>
</servlet-mapping>
<!-- The following two tags configure Spring security. -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
applicationContext-resource.xml
-------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxrs="http://cxf.apache.org/jaxrs"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxrs
http://cxf.apache.org/schemas/jaxrs.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-jaxrs-binding.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<jaxrs:server id="user" address="/">
<jaxrs:serviceBeans>
<ref bean="userResource" />
</jaxrs:serviceBeans>
<jaxrs:extensionMappings>
<entry key="xml" value="application/xml" />
<entry key="json" value="application/json" />
</jaxrs:extensionMappings>
</jaxrs:server>
</beans>
Jetty 6.1.21 Response:
status: 403 System Lockout
Content-Length: 1393
Server: Jetty(6.1.21)
Content-Type: text/html; charset=iso-8859-1
Cache-Control: must-revalidate,no-cache,no-store
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 403 System Lockout</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /agency/secure/user. Reason:
<pre> System Lockout</pre></p><hr /><i><small>Powered by
Jetty://</small></i><br/>
</body>
</html>
SpringSource tc Runtime 2.1.0.RELEASE Response (please note that this is about the same response I get from Tomcat, except for the error page--it is still seen as HTTP 500 instead of HTTP 403):
status: 500 Internal Server Error
Date: Fri, 31 Dec 2010 15:48:36 GMT
Content-Encoding: gzip
Connection: close
Content-Length: 793
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
<html><head><title>SpringSource tc Runtime 2.1.0.RELEASE/6.0.29.B.RELEASE - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - </h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>The server encountered an internal error () that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>javax.ws.rs.WebApplicationException
net.dds.commons.security.PidCidAuthenticationFilter.doFilter(PidCidAuthenticationFilter.java:105)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the SpringSource tc Runtime 2.1.0.RELEASE/6.0.29.B.RELEASE logs.</u></p><HR size="1" noshade="noshade"><h3>SpringSource tc Runtime 2.1.0.RELEASE/6.0.29.B.RELEASE</h3></body></html>