Sylvain Wallez wrote:
> Do you think it's good for non authenticated users to even know that a
> particular URI in a protected part of the URI space exists or not ? I
> would say no (or tell us your use case), and then your sitemap is just
> fine...
No, I think it's good for *authenticated* users to have a decent error
message. If the user is not authenticated, the action fails and he is
redirected to the login page. I think it should be expressed with
something like the following:
<map:match pattern="admin/**">
<map:act type="auth-protect">
<map:parameter name="handler" value="authhandler"/>
<map:match pattern="admin/newuser">
...
</map:match>
<map:match pattern="admin/deluser">
...
</map:match>
<!-- more matchers here -->
<map:match pattern="admin/**">
<map:throw-error code="404" message="Not Found"/>
</map:match>
</map:act>
<!--
- if the user is not authenticated,
- redirect him to the login page
-->
<map:redirect-to uri="login"/>
</map:match>
Hope this clears it up,
Ugo
--
Ugo Cei - http://www.beblogging.com/blog/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
