Hide stack trace thrown by Tomcat while deploying JasperReports Server due to an error

Problem :  

Hide the stack trace thrown by Tomcat (Application Server) when something goes wrong or there is an error in some configuration file while deploying JasperReports Server.

Cause :

When trying to change some configuration files or when adding some customization like (configuring JasperReports Server to use external authentication) we may make some mistake and the JasperReports Server login page may not be accessible and instead, we could see a Tomcat Page with a Stack trace which may be considered as a security issue by some. The stack trace is thrown by tomcat and not by Jasperserver which is why the Jasperserver settings do not hide even after configuring ../WEB-INF/applicationContext-security.xml file to hide the stack trace.

Resolution : 

The default Tomcat configuration includes an AccessLogValve. These are normally configured per host but may also be configured per engine or per context as required. The Error Report Valve is a simple error handler for HTTP status codes in Tomcat that will generate and return HTML error pages. The default ErrorReportValve includes the Tomcat version number in the response and can display stack traces and/or JSP source code to clients when an error occurs. To avoid this, custom error handling can be configured within each web application.

Hiding the tomcat stack trace could be achieved by adding the following lines to the host section of your server.xml file under <apche-tomcat>conf  where you should already have the AccessLogValve:

<Valve className="org.apache.catalina.valves.ErrorReportValve" 

    showReport="false" 

    showServerInfo="false"/> 

Disabling both showServerInfo and showReport will now only return the HTTP status code.

More information about this could be found in tomcat docs:

https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Error_Report_Valve