You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by Ugo Cei <u....@cbim.it> on 2002/10/08 09:11:20 UTC
Generating a 404 Not Found
[I posted this message on cocoon-users two days ago, but got no reply. I
hope you don't mind if I "escalate" this ;-)]
Hi people,
let's say you have a website with an administrative section that is
protected using the Authentication Framework:
<map:match pattern="admin/**">
<map:act type="auth-protect">
<map:parameter name="handler" value="authhandler"/>
<map:match pattern="admin/newuser">
...
</map:match>
<map:match pattern="admin/deluser">
...
</map:match>
<!-- more matchers here -->
</map:act>
<!--
- if the user is not authenticated,
- redirect him to the login page
-->
<map:redirect-to uri="login"/>
</map:match>
The problem here is that when someone requests an URI like
"admin/this-uri-does-not-match-anything", they are redirected to the
login page. I'd like to generate a "404 Not Found" result code instead,
and possibly have it trapped by the map:handle-errors block.
I'm using C2.1-dev and I see there's a NotifyingGenerator, but I cannot
figure out whether it would be useful in this case and how to use it.
Any hints?
TIA,
Ugo
--
Ugo Cei - http://www.beblogging.com/blog/
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org
Re: Generating a 404 Not Found
Posted by Ugo Cei <u....@cbim.it>.
Sylvain Wallez wrote:
> What about using a dummy action that just throws a
> ResourceNotFoundException ? Note also that you don't need to re-match
> "admin/**" since it was already matched above.
That's a possibility. Before I start coding it (and making it generic
enough to be incorporated in Cocoon), may I ask if nobody ever did
something like that?
Ugo
--
Ugo Cei - http://www.beblogging.com/blog/
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org
Re: Generating a 404 Not Found
Posted by Sylvain Wallez <sy...@anyware-tech.com>.
Ugo Cei wrote:
> Sylvain Wallez wrote:
>
>> Do you think it's good for non authenticated users to even know that
>> a particular URI in a protected part of the URI space exists or not ?
>> I would say no (or tell us your use case), and then your sitemap is
>> just fine...
>
>
> No, I think it's good for *authenticated* users to have a decent error
> message. If the user is not authenticated, the action fails and he is
> redirected to the login page. I think it should be expressed with
> something like the following:
Sorry, I didn't catch the case :-/
> <map:match pattern="admin/**">
>
> <map:act type="auth-protect">
> <map:parameter name="handler" value="authhandler"/>
>
> <map:match pattern="admin/newuser">
> ...
> </map:match>
>
> <map:match pattern="admin/deluser">
> ...
> </map:match>
>
> <!-- more matchers here -->
>
> <map:match pattern="admin/**">
> <map:throw-error code="404" message="Not Found"/>
What about using a dummy action that just throws a
ResourceNotFoundException ? Note also that you don't need to re-match
"admin/**" since it was already matched above.
So this can be :
<map:match src="admin/**">
<map:act type="auth-protect">
...
<!-- fallback if nothing matched inside admin/ -->
<map:act type="not-found"/>
</map:act>
<map:redirect-to uri="login"/>
</map:match>
How does it sound ?
Sylvain
--
Sylvain Wallez
Anyware Technologies Apache Cocoon
http://www.anyware-tech.com mailto:sylvain@apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org
Re: Generating a 404 Not Found
Posted by Ugo Cei <u....@cbim.it>.
Sylvain Wallez wrote:
> Do you think it's good for non authenticated users to even know that a
> particular URI in a protected part of the URI space exists or not ? I
> would say no (or tell us your use case), and then your sitemap is just
> fine...
No, I think it's good for *authenticated* users to have a decent error
message. If the user is not authenticated, the action fails and he is
redirected to the login page. I think it should be expressed with
something like the following:
<map:match pattern="admin/**">
<map:act type="auth-protect">
<map:parameter name="handler" value="authhandler"/>
<map:match pattern="admin/newuser">
...
</map:match>
<map:match pattern="admin/deluser">
...
</map:match>
<!-- more matchers here -->
<map:match pattern="admin/**">
<map:throw-error code="404" message="Not Found"/>
</map:match>
</map:act>
<!--
- if the user is not authenticated,
- redirect him to the login page
-->
<map:redirect-to uri="login"/>
</map:match>
Hope this clears it up,
Ugo
--
Ugo Cei - http://www.beblogging.com/blog/
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org
Re: Generating a 404 Not Found
Posted by Sylvain Wallez <sy...@anyware-tech.com>.
Ugo Cei wrote:
> [I posted this message on cocoon-users two days ago, but got no reply.
> I hope you don't mind if I "escalate" this ;-)]
>
> Hi people,
>
> let's say you have a website with an administrative section that is
> protected using the Authentication Framework:
>
> <map:match pattern="admin/**">
>
> <map:act type="auth-protect">
> <map:parameter name="handler" value="authhandler"/>
>
> <map:match pattern="admin/newuser">
> ...
> </map:match>
>
> <map:match pattern="admin/deluser">
> ...
> </map:match>
>
> <!-- more matchers here -->
>
> </map:act>
>
> <!--
> - if the user is not authenticated,
> - redirect him to the login page
> -->
> <map:redirect-to uri="login"/>
>
> </map:match>
>
> The problem here is that when someone requests an URI like
> "admin/this-uri-does-not-match-anything", they are redirected to the
> login page. I'd like to generate a "404 Not Found" result code
> instead, and possibly have it trapped by the map:handle-errors block.
Do you think it's good for non authenticated users to even know that a
particular URI in a protected part of the URI space exists or not ? I
would say no (or tell us your use case), and then your sitemap is just
fine...
> I'm using C2.1-dev and I see there's a NotifyingGenerator, but I
> cannot figure out whether it would be useful in this case and how to
> use it.
This generator is hard-coded as the start of the handle-errors pipeline,
so you can't do anything with it.
Sylvain
--
Sylvain Wallez
Anyware Technologies Apache Cocoon
http://www.anyware-tech.com mailto:sylvain@apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org