cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ugo Cei <u....@cbim.it>
Subject Re: Generating a 404 Not Found
Date Tue, 08 Oct 2002 07:47:29 GMT
Sylvain Wallez wrote:

> Do you think it's good for non authenticated users to even know that a 
> particular URI in a protected part of the URI space exists or not ? I 
> would say no (or tell us your use case), and then your sitemap is just 
> fine...

No, I think it's good for *authenticated* users to have a decent error 
message. If the user is not authenticated, the action fails and he is 
redirected to the login page. I think it should be expressed with 
something like the following:

  <map:match pattern="admin/**">

    <map:act type="auth-protect">
      <map:parameter name="handler" value="authhandler"/>

      <map:match pattern="admin/newuser">
        ...
      </map:match>

      <map:match pattern="admin/deluser">
        ...
      </map:match>

      <!-- more matchers here -->

      <map:match pattern="admin/**">
        <map:throw-error code="404" message="Not Found"/>
      </map:match>

    </map:act>

    <!--
       - if the user is not authenticated,
       - redirect him to the login page
      -->
    <map:redirect-to uri="login"/>

  </map:match>


Hope this clears it up,

	Ugo


-- 
Ugo Cei - http://www.beblogging.com/blog/


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message