Reputation: 388
How to return HTTP error code from servlet filter?
I have pages in my web application which are accessible only by the administrator. I wrote filter, but I don't understand how to return HTTP error code(403) from the filter if user isn't the admin.
public class AdminFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
String username = servletRequest.getParameter("username");
String password = servletRequest.getParameter("password");
UserDao userDaoImpl = new UserDaoImpl();
if(userDaoImpl.findByUsername(username).getPassword().equals(password)) {
filterChain.doFilter(servletRequest, servletResponse);
} else {
//respond with 403
}
}
}
I understand that I can redirect to my custom 403 page but I'm wondering how to return HTTP error code.
Upvotes: 14
Views: 22353
Answers (3)
Reputation: 61
Resolved it by setting 401 as error code in the backend and catching the error in angular interceptor as below.
Backend Java code:
(HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
Angular code:
intercept(req: HttpRequest, next: HttpHandler): Observable> {
return next.handle(req)
.catch(error => {
if (error instanceof HttpErrorResponse && error.status == 401) {
this.router.navigateByUrl('/sessionExpired', { replaceUrl: true });
return new EmptyObservable();
}
return _throw(error);
});
}
Upvotes: 2
Reputation: 4437
I have solved in this way:
((HttpServletResponse) response).setStatus(HttpServletResponse.SC_BAD_REQUEST);
(HttpServletResponse) response).sendError(HttpServletResponse.SC_BAD_REQUEST, "HMAC Failed - X-Authenticated-Id not available");
return;
Upvotes: 5
Reputation: 11855
You need to cast servletResponse to HttpServletResponse first:
HttpServletResponse response = (HttpServletResponse) servletResponse;
Then use its sendError() method:
response.sendError(HttpServletResponse.SC_FORBIDDEN);
SC_FORBIDDEN stands for code 403.
By the way, you don't redirect to 403 page, you just respond with that status. If you do that, the servlet container will serve a special 403 page to the user. You can configure that page in your web.xml:
<error-page>
<error-code>403</error-code>
<location>/error-403.htm</location>
</error-page>
This instructs the container to serve your custom page /error-403.htm when you set 403 status.
If you want a redirect, you could use response.sendRedirect() (it issues a 302 redirect).
Upvotes: 35
Related Questions
- How to set http status code when responding to servlet client from Filter class-method in tomcat
- How to set response status code in Filter when controller returns ResponseEntity?
- How to add error message to response body?
- How do I return a JSON response message and an HTTP error code from javax.servlet.filter doFilter method?
- Servlet/filter specific exception handling in java
- Trying to send back error json from Servlet filter instead of allowing the request to go through
- Return Needed in Filter After HttpServletResponse.sendError
- Servlet Filter : how to catch HTTP error
- How can I get the HTTP status code out of a ServletResponse in a ServletFilter?
- How servlet filter will dispatch error message on request page?