Force.com sites redirects to “Authorization Required” page in case something goes wrong behind the scenes, for ex.
The Site’s public access settings or user profile doesn’t have access to a Page, Object, field etc used in the visualforce page / controller.
In case of Apex Exceptions like, LimitException.
Etc
“Unauthorized” page makes sense in case of missing access problem. But in case of Exceptions ideally the redirect should be the “Exception” page.
End user obviously can’t figure out anything by seeing the page. So how should developers debug this problem ?
Debugging the cause of Authorization required error.
Test Fixture
To reproduce this problem, easily for all. I just created a super simple VF page. This VF page fails for Authorization required error, because it tried to do “DML” inside the Controller’s constructor. Details of both page and controller are available in code snippets below.
VF Page
<apex:page controller="MyPageController">
<apex:outputLabel for="contactName" value="Created Contact :"></apex:outputLabel>
<apex:outputField id="contactName" value="{!contact.Name}"/>
</apex:page>Controller
public class MyPageController {
public Contact contact {get;set;}
public MyPageController () {
// We are not allowed to do DML in constructor.
// So this should reproduce the Autorization error on sites
// pretty easily
contact = new Contact(FirstName='Failing', LastName ='Contact');
insert contact;
}
} On executing this page with sites, you will get “Authorization Required” error, as shown:
Next we will see approaches to debug the cause of this issue.
Debug Approach 1
The first approach to debug this problem would be to
Enable debugging for “Sites User”, under Setup > Monitoring > Debug Logs.
Refresh the page failing for “Authorization” error.
Check what comes in debug logs.
The above approach will work most of the time and will let developers know, why “Authorization Required” page is shown. In our case, debug logs clearly say “DML currently not allowed”, as shown in screen shot below.
But sometimes on “Authorization” error no debug logs are generated, even if you have enabled debug logging for the user. In that case jump to Approach 2, described below.
Debug Approach 2
Login in your Salesforce org. Make sure you have turned on “Development Mode” under “Setup > Personal Information > Development Mode”. Try running the same Visualforce page, without the sites domain i.e. execute the page just like any other visualforce page for ex.
“https://<Node>.visual.force.com/apex/<Sites Page Name>”
As development mode is on, one should see the error cause on the page itself. As shown in screen shot below
Still, if you can’t see any error on the visualforce page, jump to Approach 3 described below:
Debug Approach 3
In this approach we will create another sites page, that calls the failing sites page via Apex API, i.e.
“Page.mypage.getContent().toString()”
Lets call that sites visualforce page “Error Finder”. Following is the visualforce + apex code for this new page.
Visualforce Page – ErrorFinder
<apex:page controller="ErrorFinderController" action="{!fetchFailingPage}" showHeader="false" sidebar="false" >
<apex:outputText id="failingPageResponse" escape="false" value="{!failingPageResponse}" />
</apex:page>Apex Controller – ErrorFinderController
public class ErrorFinderController {
public String failingPageResponse { get; set; }
public void fetchFailingPage() {
try {
// Make a call to failing sites page here
failingPageResponse = Page.mypage.getContent().toString();
} catch (Exception e) {
failingPageResponse = e.getTypeName() + ' : ' + e.getMessage() ;
}
}
} On executing this page after connecting with sites, you will see why sites page “mypage” was showing Authorization required error. Here is the screenshot of the errorfinder sites page:
More over you can also try “Debug Approach 2” described above, i.e. looking into debug logs at “Setup > Monitoring > Debug Logs” for the sites user. You will get better details of error, if debug logs are available for the failing “mypage”.
More ideas/ways you know ?
Please share any thoughts or better ideas to know the cause of such sites page errors.
Launched in 2015, used by 9000+ worldwide users. It's a suite of tools for Salesforce consultants, architects, admins & developers.
Comments (4)
Anonymoussays:
October 13, 2011 at 2:16 pmHi Abhinav,I have run into this same problem.Have you found an idea to present these exceptions nicely to the end-user on the web site ?Rup
Anonymoussays:
October 13, 2011 at 2:20 pmNo Rup, most of these errors are developer's fault, so caught in development time itself. You can change the authorization required page though, to be more generic here to show both authorization and random errors like this.
Anonymoussays:
April 26, 2012 at 7:56 amIs it possible to authenticate standard users to force.com sites apart from partner/customer portal users?
Anonymoussays:
December 11, 2012 at 6:14 pmThank you for this – I had literally spent weeks trying to understand the error I was getting before finding this solution…