tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Osipov, Michael" <>
Subject RE: StandardHostValve kills custom error message
Date Thu, 12 Apr 2012 15:05:49 GMT
Konstantin Kolinko wrote:
> 2012/4/12 Osipov, Michael <>:
>> Hi folks,
>> I am sending a custom error message in my authenticator but it gets
>> removed by the StandardHostValve. 
>> This is what I do in my authenticator:
>> catch (PrivilegedActionException e) {
>>   logger.error("Unable to login as the service principal",
>> e.getException()); 
>>   response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
>>     "Unable to login as the service principal");
>>   request.setAttribute(Globals.EXCEPTION_ATTR, e);
> What happens if you switch the order of the above two lines?

Same behavior. The method setAttribute does not trigger anything which modifies the above
error state.

>>   return false;
>> }
>> The message is not diplayed because in line 282 to 286 the message
>> is killed by: 
>> else {
>>            // A custom error-page has not been defined for the
>> exception 
>>            // that was thrown during request processing. Check if an
>>            // error-page for error code 500 was specified and if so,
>>            // send that page back as the response.
>> response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); 
>>            // The response is an error
>>            response.setError();
>>            status(request, response);
>>        }
>> It seems like this valve does not care if it handles an uncaught
>> exception or a deliberate exception. 
>> Can this be fixed without patching the valve?
>> I guess not. I would file a ticket about that: A mere
>> response#isError call would suffice to wrap that behavior and pass
>> the response as is.  
> My understanding is that it is responsibility of the Container to
> provide the value for the request attribute
> "javax.servlet.error.exception"
> You cannot set it.
> See 10.9.1 in Servlet 3.0 spec.

Maybe, but the message field is not automatically populated by the valve if no custom error
page exists nor does the ErrorReportValue retrieves the throwable message as message. The
HTML area is, in that case, simply blank:
HTTP 500 - <empty>

Not really helpful.

> Can't you just throw new ServletException(PrivilegedActionException);

I can't, ServletException cannot be thrown in the authenticate method. A RuntimeException
results in blank page. Anyway,  there would be no change because the valve will still be stuck
in the else block and no one ever assigns the throwable#getMessage to reponse#setMessage.

In my option, both the StandardHostValve and maybe the ErrorReportValve deserve some improvement.

With best regards,
Michael Osipov
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message