Hi Matt, All,
Firstly let me apologise for my absence for the last few weeks ( I seem to
end up doing this at the top of every posting I make ;) but I had a nasty and
artistic bout of Food Poisoning and then a holiday to contend with. Since I
have been trying to catch up on the several thousand mails that seem to have
been sent whilst I was away!
On to the real message though. In my original posting (referenced in your
mail) I outlined this as the current functionality, and asked for suggestions
as to what it _should_ do instead. Yours is the first comment I have had back
on this, as I think you are one of the first to look at it in any depth. Many
thanks.
I think you are probably right that we should return a 403 (Forbidden) as the
default. I would like this to be configurable though so people can choose. I
can't remember exactly how the code was written now (well, it was a month or
so ago) and if this is possible, and sadly our network went down for routine
maintenance today and died in the process so I can't even look at the code at
the moment, let alone test some changes! I will do asap though. Do you still
want a demo webapp or are you happy with how it works now? It sounds like you
have it working ok.
Incidently, things have been quiet on the workflow front recently, can anyone
update me with what the latest is? Ta.
In the next few weeks I have (another) holiday and am quite busy as I have
some bits to clear up before I get sent out to the US for a couple of months
(I'll be down in Tampa, FL if anyone is interested, or if anyone is heading
down there for OOPSLA...? Although I'll not be at OOPSLA myself
unfortunately...so near yet so far...). But when I get out there I hope to
have a little more free time to get more involved. I think I keep saying that
too...
Regards,
Nic
On Friday 07 September 2001 2:23 pm, you wrote:
> Nic,
>
> I think the best thing to handle the situation below would be to direct the
> user to a return a 403 error (forbidden). Then in the web.xml, it might be
> possible to direct your server to route 403 errors to a specific page. Is
> there anywhere that you specify returning a 404 error?
>
> This is a comment to the following message at:
> http://husted.com/about/struts/struts-security.htm
>
> But what happens when the user is found to not be in the correct role? At
> the moment the user just gets a page not found at the browser level which
> is good in one way in that if a user went to the URL directly they wouldn't
> know if the URL is correct or not but we may want it to go to a specific
> (configurable) 'illegal access' page or something similar. Comments?
>
> Thanks,
>
> Matt
>
>
> __________________________________________________
> Do You Yahoo!?
> Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
> http://im.yahoo.com
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
