[seam-issues] [JBoss JIRA] Commented: (SEAMFACES-126) Throw some kind of unauthorized exception when auth fails, rather than returning a 401 response
[
https://issues.jboss.org/browse/SEAMFACES-126?page=com.atlassian.jira.plu...
]
Brian Leathem commented on SEAMFACES-126:
-----------------------------------------
No suitable java.*, javax.* exception seems to exist, so Faces should create one.
Possibly extending:
javax.security.auth.message.AuthException
http://download.oracle.com/javaee/6/api/javax/security/auth/message/AuthE...
Throw some kind of unauthorized exception when auth fails, rather
than returning a 401 response
-----------------------------------------------------------------------------------------------
Key: SEAMFACES-126
URL: https://issues.jboss.org/browse/SEAMFACES-126
Project: Seam Faces
Issue Type: Enhancement
Components: Exception Handling, Security, View Configuration
Reporter: Brian Leathem
Fix For: 3.0.1
If authorization fails, and the user is not logged in, Faces looks for a @LoginViewId to
redirect to, and returns a 401 response if none is found. A similar story applies for the
@AccessDeniedViewId
It would be better to instead throw an exception, that Seam Catch can intercept. If not
intercepted, this exception would eventually lead to a 401 response.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira