You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cocoon.apache.org by Ugo Cei <u....@cbim.it> on 2002/10/08 09:11:20 UTC

Generating a 404 Not Found

[I posted this message on cocoon-users two days ago, but got no reply. I 
hope you don't mind if I "escalate" this ;-)]

Hi people,

let's say you have a website with an administrative section that is 
protected using the Authentication Framework:

<map:match pattern="admin/**">

   <map:act type="auth-protect">
     <map:parameter name="handler" value="authhandler"/>

     <map:match pattern="admin/newuser">
       ...
     </map:match>

     <map:match pattern="admin/deluser">
       ...
     </map:match>

     <!-- more matchers here -->

   </map:act>

   <!--
      - if the user is not authenticated,
      - redirect him to the login page
     -->
   <map:redirect-to uri="login"/>

</map:match>

The problem here is that when someone requests an URI like 
"admin/this-uri-does-not-match-anything", they are redirected to the 
login page. I'd like to generate a "404 Not Found" result code instead, 
and possibly have it trapped by the map:handle-errors block.

I'm using C2.1-dev and I see there's a NotifyingGenerator, but I cannot 
figure out whether it would be useful in this case and how to use it.

Any hints?

     TIA,

         Ugo

-- 
Ugo Cei - http://www.beblogging.com/blog/



---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org

Re: Generating a 404 Not Found

Posted by Ugo Cei <u....@cbim.it>.

Sylvain Wallez wrote:

> What about using a dummy action that just throws a 
> ResourceNotFoundException ? Note also that you don't need to re-match 
> "admin/**" since it was already matched above.

That's a possibility. Before I start coding it (and making it generic 
enough to be incorporated in Cocoon), may I ask if nobody ever did 
something like that?

	Ugo


-- 
Ugo Cei - http://www.beblogging.com/blog/


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org

Re: Generating a 404 Not Found

Posted by Sylvain Wallez <sy...@anyware-tech.com>.

Ugo Cei wrote:

> Sylvain Wallez wrote:
>
>> Do you think it's good for non authenticated users to even know that 
>> a particular URI in a protected part of the URI space exists or not ? 
>> I would say no (or tell us your use case), and then your sitemap is 
>> just fine...
>
>
> No, I think it's good for *authenticated* users to have a decent error 
> message. If the user is not authenticated, the action fails and he is 
> redirected to the login page. I think it should be expressed with 
> something like the following:


Sorry, I didn't catch the case :-/

>  <map:match pattern="admin/**">
>
>    <map:act type="auth-protect">
>      <map:parameter name="handler" value="authhandler"/>
>
>      <map:match pattern="admin/newuser">
>        ...
>      </map:match>
>
>      <map:match pattern="admin/deluser">
>        ...
>      </map:match>
>
>      <!-- more matchers here -->
>
>      <map:match pattern="admin/**">
>        <map:throw-error code="404" message="Not Found"/>


What about using a dummy action that just throws a 
ResourceNotFoundException ? Note also that you don't need to re-match 
"admin/**" since it was already matched above.

So this can be :

<map:match src="admin/**">
  <map:act type="auth-protect">
    ...
    <!-- fallback if nothing matched inside admin/ -->
    <map:act type="not-found"/>
  </map:act>
  <map:redirect-to uri="login"/>
</map:match>

How does it sound ?

Sylvain

-- 
Sylvain Wallez
  Anyware Technologies                  Apache Cocoon
  http://www.anyware-tech.com           mailto:sylvain@apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org

Re: Generating a 404 Not Found

Posted by Ugo Cei <u....@cbim.it>.

Sylvain Wallez wrote:

> Do you think it's good for non authenticated users to even know that a 
> particular URI in a protected part of the URI space exists or not ? I 
> would say no (or tell us your use case), and then your sitemap is just 
> fine...

No, I think it's good for *authenticated* users to have a decent error 
message. If the user is not authenticated, the action fails and he is 
redirected to the login page. I think it should be expressed with 
something like the following:

  <map:match pattern="admin/**">

    <map:act type="auth-protect">
      <map:parameter name="handler" value="authhandler"/>

      <map:match pattern="admin/newuser">
        ...
      </map:match>

      <map:match pattern="admin/deluser">
        ...
      </map:match>

      <!-- more matchers here -->

      <map:match pattern="admin/**">
        <map:throw-error code="404" message="Not Found"/>
      </map:match>

    </map:act>

    <!--
       - if the user is not authenticated,
       - redirect him to the login page
      -->
    <map:redirect-to uri="login"/>

  </map:match>


Hope this clears it up,

	Ugo


-- 
Ugo Cei - http://www.beblogging.com/blog/


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org

Re: Generating a 404 Not Found

Posted by Sylvain Wallez <sy...@anyware-tech.com>.

Ugo Cei wrote:

> [I posted this message on cocoon-users two days ago, but got no reply. 
> I hope you don't mind if I "escalate" this ;-)]
>
> Hi people,
>
> let's say you have a website with an administrative section that is 
> protected using the Authentication Framework:
>
> <map:match pattern="admin/**">
>
>   <map:act type="auth-protect">
>     <map:parameter name="handler" value="authhandler"/>
>
>     <map:match pattern="admin/newuser">
>       ...
>     </map:match>
>
>     <map:match pattern="admin/deluser">
>       ...
>     </map:match>
>
>     <!-- more matchers here -->
>
>   </map:act>
>
>   <!--
>      - if the user is not authenticated,
>      - redirect him to the login page
>     -->
>   <map:redirect-to uri="login"/>
>
> </map:match>
>
> The problem here is that when someone requests an URI like 
> "admin/this-uri-does-not-match-anything", they are redirected to the 
> login page. I'd like to generate a "404 Not Found" result code 
> instead, and possibly have it trapped by the map:handle-errors block.


Do you think it's good for non authenticated users to even know that a 
particular URI in a protected part of the URI space exists or not ? I 
would say no (or tell us your use case), and then your sitemap is just 
fine...

> I'm using C2.1-dev and I see there's a NotifyingGenerator, but I 
> cannot figure out whether it would be useful in this case and how to 
> use it.


This generator is hard-coded as the start of the handle-errors pipeline, 
so you can't do anything with it.

Sylvain

-- 
Sylvain Wallez
  Anyware Technologies                  Apache Cocoon
  http://www.anyware-tech.com           mailto:sylvain@apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org