disable stack trace in websphere liberty profile for MobileFirst Platform Foundation apps

0
votes

When you access an invalid URL on worklight server from a browser (e.g. http://mywebserver.com/myApp/ThisIsaFileThatDoesNotExist) the stack trace gets flashed on your browser.

We need to disable the stack trace (for security reasons). Our setup is MobileFirst Platform Foundation 6.3 with WebSphere Liberty Profile 8.5.5.

Below is the message that is displayed in the browser.

"Exception thrown by application class 'com.worklight.core.auth.impl.AuthenticationFilter.doFilter:272' java.lang.RuntimeException: java.io.FileNotFoundException: SRVE0190E: File not found: /ThisIsaFileThatDoesNotExist at com.worklight.core.auth.impl.AuthenticationFilter.doFilter(AuthenticationFilter.java:272) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:207) at [internal classes] Caused by: java.io.FileNotFoundException: SRVE0190E: File not found: /ThisIsaFileThatDoesNotExist at com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor.handleRequest(DefaultExtensionProcessor.java:528) at [internal classes] at com.worklight.core.auth.impl.AuthenticationFilter$1.execute(AuthenticationFilter.java:217) at com.worklight.core.auth.impl.AuthenticationServiceBean.accessResource(AuthenticationServiceBean.java:76) at com.worklight.core.auth.impl.AuthenticationFilter.doFilter(AuthenticationFilter.java:222) ... 2 more"

We need to disable showing the stack trace as it is considered a problem.

1
websphereibm-mobilefirst

1 Answers

0
votes

You would need to create a custom JSP error page for your MobileFirst runtime. You can make the custom error page say whatever you want it to say.

To do this, you need to take apart the runtime WAR (unzip it), and add a custom error page to the deployment descriptor. I used this page as an example for how to create the custom error page. I put the example "error.jsp" file in the root directory of the WAR file (alongside the WEB-INF and META-INF directories), and put this in the WEB-INF/web.xml file, right before the closing "/web-app" tag:

<error-page>
   <error-code>404</error-code>
   <location>/error.jsp</location>
</error-page>

Then I zip'ed up the files into a modified WAR file, and replaced the WAR file on the server with that one. After doing this, I started the MobileFirst Platform Server, and hitting any non-existing URLs used the custom error page that I defined (in the error.jsp file), not the default one.

There may be other/better ways of going about this (in particular, it might be better to relocate the custom error page file into the WEB-INF/classes/conf directory, just to avoid having extraneous files in the root directory of the WAR file), but this worked fine for me.