Skip to content

Issue #12720 - fix servlet error dispatch for errors generated by SecurityHandler #13693

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 10, 2025
Merged

Issue #12720 - fix servlet error dispatch for errors generated by SecurityHandler #13693

merged 6 commits into from
Nov 10, 2025

Conversation

@lachlan-roberts
Copy link
Contributor

@lachlan-roberts lachlan-roberts commented Oct 10, 2025

Closes #12720

Currently SecurityHandler does only Response.writeError when a 403 response needs to be sent. However this will not dispatch to a servlet error page, for this we need to do AuthenticationState.writeError and handle the case if it returns AuthenticationState.ServeAs.

@lachlan-roberts lachlan-roberts self-assigned this Oct 10, 2025
@gregw
Copy link
Contributor

gregw commented Oct 13, 2025

@lachlan-roberts the CI failures look to be more than flakes.

gregw
gregw requested changes Oct 13, 2025
View reviewed changes
Copy link
Contributor

@gregw gregw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

more than flakes

@lachlan-roberts
Copy link
Contributor Author

lachlan-roberts commented Oct 13, 2025

@gregw the tests are failing because the AuthenticationState.writeError and ErrorHandler.writeError do not support taking a message string.

So do you think i should adjust both the AuthenticationState.writeError and ErrorHandler.writeError API to take a String message, or should I adjust the tests to not check for the !authroized string?

@joakime joakime moved this to 👀 In review in Jetty 12.1.4 - FROZEN Oct 16, 2025
@lachlan-roberts lachlan-roberts requested a review from gregw October 20, 2025 23:33
@lachlan-roberts
PR #13693 - changes from review
c0f394f 
Signed-off-by: Lachlan Roberts <[email protected]>
@lachlan-roberts lachlan-roberts requested a review from gregw October 21, 2025 00:19
gregw
gregw previously requested changes Oct 21, 2025
View reviewed changes
@lachlan-roberts
PR #13693 - changes from review
acb911a 
Signed-off-by: Lachlan Roberts <[email protected]>
@lachlan-roberts lachlan-roberts requested a review from gregw October 29, 2025 01:31
@sbordet sbordet requested a review from joakime November 5, 2025 21:32
@lachlan-roberts lachlan-roberts dismissed gregw’s stale review November 6, 2025 23:30

addressed review

@joakime joakime merged commit c0e3fb6 into jetty-12.1.x Nov 10, 2025
11 checks passed
@joakime joakime deleted the fix/jetty-12.1.x/12720-ErrorDispatchFromSecurityHandler branch November 10, 2025 16:04
@github-project-automation github-project-automation bot moved this from 👀 In review to ✅ Done in Jetty 12.1.4 - FROZEN Nov 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joakime joakime joakime approved these changes

@janbartel janbartel Awaiting requested review from janbartel

@gregw gregw Awaiting requested review from gregw

Assignees

@lachlan-roberts lachlan-roberts

Labels

None yet

Projects

No open projects
Jetty 12.1.4 - FROZEN
Status: ✅ Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Error attributes not set on request in Jetty 12

4 participants

@lachlan-roberts @gregw @joakime