Tomcat: Custom Error Pages

This is the latest in my series of short posts related to configuring Tomcat, as I work on getting a Tomcat/ACF10 development environment stood up next to my existing Apache/JRun/ACF9 application stack. See the first post in the series for a bit of background.

There are several reasons you may want to set up custom error pages to be served by Tomcat when different kinds of errors or exceptions are encountered. These reasons might include:

  • Security: the default error pages served by Tomcat can include information about the server and its configuration that could be considered a vulnerability (e.g.., file paths, configuration or version information)
  • Application-specific error handling: you may want to provide site- or application-specific information about the error to assist the user (or the developer!)

Part of the servlet specification allows for the definition of error pages to be served up based on either an exception or an error code in the following format:

<web-app>
   ...
   <error-page>
      <exception-type>java.lang.NullPointerException</error-code>
      <location>/nullpointer.jsp</location>
   </error-page>

   <error-page>
      <error-code>404</error-code>
      <location>/404.html</location>
   </error-page>
   ...
</web-app>

The specific files served up can be static HTML or dynamic pages of any type supported by the server. The paths are relative to the root of the web application.

Because the default error pages served up by Tomcat include version information, I typically define a basic set of error pages for HTTP 403 and 404 status codes, place those pages in a ./errors/ folder off the Web root and then reference them in ./WEB-INF/web.xml for my application.