Ugo Cei wrote:
> Sylvain Wallez wrote:
>
>> Do you think it's good for non authenticated users to even know that
>> a particular URI in a protected part of the URI space exists or not ?
>> I would say no (or tell us your use case), and then your sitemap is
>> just fine...
>
>
> No, I think it's good for *authenticated* users to have a decent error
> message. If the user is not authenticated, the action fails and he is
> redirected to the login page. I think it should be expressed with
> something like the following:
Sorry, I didn't catch the case :-/
> <map:match pattern="admin/**">
>
> <map:act type="auth-protect">
> <map:parameter name="handler" value="authhandler"/>
>
> <map:match pattern="admin/newuser">
> ...
> </map:match>
>
> <map:match pattern="admin/deluser">
> ...
> </map:match>
>
> <!-- more matchers here -->
>
> <map:match pattern="admin/**">
> <map:throw-error code="404" message="Not Found"/>
What about using a dummy action that just throws a
ResourceNotFoundException ? Note also that you don't need to re-match
"admin/**" since it was already matched above.
So this can be :
<map:match src="admin/**">
<map:act type="auth-protect">
...
<!-- fallback if nothing matched inside admin/ -->
<map:act type="not-found"/>
</map:act>
<map:redirect-to uri="login"/>
</map:match>
How does it sound ?
Sylvain
--
Sylvain Wallez
Anyware Technologies Apache Cocoon
http://www.anyware-tech.com mailto:[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
