In the case of unexpected errors, most application servers show a default error page. This default error page mostly contains information such as stack traces. Showing full stack traces in a production environment is regarded as a security risk. To avoid this vulnerability, you can configure your own error pages in the web.xml file of your web application. For your convenience, the product contains a ready-to-use error handling servlet. The following example shows how to configure this servlet in the web.xml file:
<servlet id="DefaultErrorHandler">
<servlet-name>DefaultErrorHandler</servlet-name>
<servlet-class>com.softwareag.cis.server.DefaultErrorServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>DefaultErrorHandler</servlet-name>
<url-pattern>/DefaultErrorHandler</url-pattern>
</servlet-mapping>
<error-page>
<exception-type>java.lang.Throwable</exception-type >
<location>/DefaultErrorHandler</location>
</error-page>
The following is a sample error page that has been generated by the
com.softwareag.cis.server.DefaultErrorServlet:
As an alternative to this default error handling servlet, you can add your own error handling servlets and/or error pages.