How do I hide stack traces in the browser (using Jetty)?

Question

I'm using Jetty as my servlet container. If an exception is thrown in one of my servlets the browser will display an HTTP ERROR 500 with the exception message and a stack trace.

For security reasons I need to hide the stack trace. Is there a way to configure this generally? Or do I need to trap all Throwables in my Servlet?

Thanks

score 7 · Accepted Answer · answered Feb 11 '10 at 17:01

7

You can set up a custom error page in your web.xml file, with something like this:

<error-page>  
  <error-code>500</error-code>  
  <location>/WEB-INF/jsps/errors/error.jsp</location>  
</error-page>

Then in your error.jsp, display a custom message and don't show the stacktrace.

answered Feb 11 '10 at 17:01

lucrussell

5,032
2
33
39

You can by the way display the message in JSP/EL by `${exception.message}`. – BalusC Feb 11 '10 at 17:05

How do I hide stack traces in the browser (using Jetty)?

1 Answers1