3 Replies Latest reply on Feb 6, 2013 1:52 PM by Jörg Hoh

    Change the error message if user does not have appropiate rights ?

    Sean1288

      I want to show a different message is user does not have appropiate rights to access a page rather then default 404 page.

        • 1. Re: Change the error message if user does not have appropiate rights ?
          Jörg Hoh Adobe Employee

          Your error handler should use a session with elevated rights (preferable a user with read-access on all content, but no write access, and of course not an admin session) to check if this page is there. If it's there, you can change the http statuscode to 403 Not allowed.

           

          kind regards,

          Jörg

          • 2. Re: Change the error message if user does not have appropiate rights ?
            Yogesh Upadhyay Level 4

            This is what We did in past (Not sure if this is best way though). Extend /libs/sling/servlet/errorhandler/default.jsp under /apps and then using admin session (As Jörg said not recommeded)  Or any user with read access session check if page exist. If page exist and still status code is 404 that mean user do not have access to that resource then set status code to 403.

             

            This code seems ugly but could not find any other better way (So actually you are capturing 404 and mocking it 403).

             

            if(statusCode==404){

                    boolean pageExist = true;

                    SlingRepository repo = sling.getService(SlingRepository.class);

                    Session userSession = "Get user session with read access right"

                    try{

                        url = request.getRequestURI().replace(".html","");

                        url = url.replace(".json","");

                        url = url.replace(".xml","");

                        url= URLDecoder.decode(url, "UTF-8");

             

                       if(!userSession.itemExists(url)){

                           pageExist=false;

                       }

                    }catch(Exception e){

                        pageExist=false;

                    }finally{

                        if(userSession!=null){

                            userSession.logout();

                        }

                    }

             

             

                    if(pageExist && statusCode==404 && !isAuthor){

             

                        Externalizer externalizer = sling.getService(Externalizer.class);

                            redirect = externalizer.absoluteLink(slingRequest, slingRequest.getScheme(), "Your 403 page");

                         }

             

                        statusCode = 403;

             

                        response.sendRedirect(redirect);

             

             

                    }

             

             

            Yogesh

            www.wemblog.com

            • 3. Re: Change the error message if user does not have appropiate rights ?
              Jörg Hoh Adobe Employee

              boolean pageExists = false;

              ResourceResolverFactory rrfac = sling.getService(ResourceResolverFactory.class);

              try {

                Map<String,Object> authInfo;

                authInfo.put(ResourceResolverFactory.USER_IMPERSONATION,"myreadonlyuser");

                ResourceResolver rr = rrfac.getAdministrativeResourceResolver(authInfo);

                pageExists = (rr.resolve(request,request.getRequestURL()) != NonExistingResource); 

              } finally {

                rr.close();

              } catch (Exception e) {

                log.warn ("Cannot check for existing resource ", e);

              }

               

              Use the ResourceResolver instead of the JCR API. It will take all sling mappings, sling:alias, vanity paths etc into consideration.

               

              Jörg