well, the server just populates the exceptions from the jcr170 api.
most of the 'access denieds' result in a 'itemnotfound' or
'pathnotfound' exceptions, since a AccessDeniedException would reveal
to much information.
for example, if you have:
/a/doument
/a/secret_document
and you issue: A.getNode("secret_document") and you have no read
permission for this item, you would get a ItemNotFound, same as for
A.getNode("foo"). If it would throw a AccessDenied for the
secret_document and an ItemNotFound for the 'foo', that would be too
much of information revealed.
cheers, tobi
On Apr 1, 2005 12:55 AM, Brian Moseley <[EMAIL PROTECTED]> wrote:
> Angela Schreiber wrote:
>
> > thanks a lot.
> >
> > i will sent you a commented list back, as soon as i'm
> > through... i will spent some time on the locking, since
> > jackrabbit now has the locking part build in.
>
> excellent, thank you!
>
> one other behavior i noted today was that when a user doesn't have
> permission to view a repository item, the webdav response code is 404,
> not 403 as i'd expect. any thoughts on this?
>
--
------------------------------------------< [EMAIL PROTECTED] >---
Tobias Strasser, Day Management AG, Barfuesserplatz 6, CH - 4001 Basel
T +41 61 226 98 98, F +41 61 226 98 97
-----------------------------------------------< http://www.day.com >---
