display default 403 forbidden page when there is no customization (#1591)

fixes #1585

Author: tulinkry

src/org/opensolaris/opengrok/web/AuthorizationFilter.java

@@ -60,6 +60,11 @@ public void doFilter(ServletRequest sr, ServletResponse sr1, FilterChain fc) thr
             config.getEnv().getStatistics().addRequestTime(httpReq,
                     "requests_forbidden",
                     System.currentTimeMillis() - processTime);
+
+            if (!config.getEnv().getConfiguration().getForbiddenIncludeFileContent().isEmpty()) {
+                sr.getRequestDispatcher("/eforbidden").forward(sr, sr1);
+                return;
+            }
             httpRes.sendError(403, "Access forbidden");
             return;
         }

web/WEB-INF/web.xml

@@ -200,10 +200,6 @@
     <error-code>500</error-code>
     <location>/error</location>
   </error-page>
-  <error-page>
-      <error-code>403</error-code>
-      <location>/eforbidden</location>
-  </error-page>
   <jsp-config>
       <jsp-property-group>
       <url-pattern>*.jsp</url-pattern>

web/eforbidden.jsp

@@ -17,14 +17,15 @@ information: Portions Copyright [yyyy] [name of copyright owner]
 CDDL HEADER END
 
 Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
---%><%@page  session="false" isErrorPage="true" import="
+--%><%@page  session="false" import="
              org.opensolaris.opengrok.web.PageConfig"
 %><%
-    /* ---------------------- eforbidden.jspf start --------------------- */
-    {
+/* ---------------------- eforbidden.jspf start --------------------- */
+{
+    response.setStatus(HttpServletResponse.SC_FORBIDDEN);
 %>
-<%= PageConfig.get(request).getEnv().getConfiguration().getForbiddenIncludeFileContent()%>
+<%= PageConfig.get(request).getEnv().getConfiguration().getForbiddenIncludeFileContent() %>
 <%
-    }
-    /* ---------------------- eforbidden.jspf end --------------------- */
+}
+/* ---------------------- eforbidden.jspf end --------------------- */
 %>