error page in web.xml giving 404

Question

In one of my project, I need to handle the 404(Resource not found) and 403(Access Denied). I am giving the configuration in web.xml as

<error-page>
        <error-code>404</error-code>
        <location>/WEB_INF/jsp/web/exception/weberror.jsp</location>
    </error-page>

    <error-page>
        <error-code>403</error-code>
        <location>/WEB_INF/jsp/web/exception/accessDenied.jsp</location>
    </error-page>
</error-page>

Now when the access denied generates, browser is showing me native 404. I also remove the friendly error page setting in browser but on removing that I am getting a blank page.

My jsps are in WEB-INF folder. The path where all jsps are places is

/WEB_INF/jsp/

Please help me out. If I am missing something?

Answer 1

Files under /WEB-INF/ are protected from direct access by the client, this is defined in the Java EE specification. So your error pages will have to reside outside this directory. Try moving them to a dedicated location, e. g. /errors/404.jsp.

Answer 2

The error pointed above looks on web.xml as cvc-complex-type.2.4.a: Invalid content was found starting with element 'location'.

<error-page><location>/error</location></error-page>

Error which it generates is

{"java.sun.com/xml/ns/javaee":error-code, "java.sun.com/xml/ns/javaee":exception-type} is expected.

It is correct that avoidance of mapping specific error code with error page has started with servlet 3.0 specification so I got it resolved with the following change: http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd version=3.0

Look at the version change from anything to 3.0

Answer 3

The problem is that you are using WEB_INF instead of WEB-INF. all the resources mentioned under WEB-INF are protected from client and cannot be directly accessed so its always a good practice to move it out of the WEB-INF.

Thanks

Answer 4

What's about using WEB-INF instead of WEB_INF in your web.xml ?