Among other reasons, sending SC_UNAUTHORIZED would trigger the popup dialog for basic authentication -- that's not what we really want to have happen, since we know who the user is; she's just not allowed to access this particular action.
Craig On Wed, 17 Nov 2004 16:58:33 +0000, Joćo Vieira da Luz <[EMAIL PROTECTED]> wrote: > For the first time, in struts application development I'm using roles > attribute from action-mapping. > > I found something weird in method processRoles on the class RequestProcessor: > response.sendError(HttpServletResponse.SC_BAD_REQUEST, > getInternal().getMessage("notAuthorized", > mapping.getPath())); > > IMHO it will be more correct to send a HttpServletResponse.SC_UNAUTHORIZED. > > BTW, I'm using struts 1.1 > > What do you think? > What was the reason to send BAD_REQUEST (error code 400) instead of > UNAUTHORIZED (error code 401)? > > Thanks in advance, > Joćo > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]