[seam-issues] [JBoss JIRA] Commented: (SEAMFACES-126) Throw some kind of unauthorized exception when auth fails, rather than returning a 401 response

Jason Porter (JIRA) jira-events at lists.jboss.org
Mon Mar 28 17:36:38 EDT 2011


    [ https://issues.jboss.org/browse/SEAMFACES-126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12592269#comment-12592269 ] 

Jason Porter commented on SEAMFACES-126:
----------------------------------------

I think throwing the exception to catch is a really good idea, the users can create their own handlers and do custom actions as they need. We'd create a handler in Faces with a low priority so it's one of the last things to handle the exception.

> Throw some kind of unauthorized exception when auth fails, rather than returning a 401 response
> -----------------------------------------------------------------------------------------------
>
>                 Key: SEAMFACES-126
>                 URL: https://issues.jboss.org/browse/SEAMFACES-126
>             Project: Seam Faces
>          Issue Type: Enhancement
>          Components: Exception Handling, Security, View Configuration
>            Reporter: Brian Leathem
>             Fix For: 3.0.1
>
>
> If authorization fails, and the user is not logged in, Faces looks for a @LoginViewId to redirect to, and returns a 401 response if none is found.  A similar story applies for the @AccessDeniedViewId
> It would be better to instead throw an exception, that Seam Catch can intercept.  If not intercepted, this exception would eventually lead to a 401 response.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira


More information about the seam-issues mailing list