Among other reasons, sending SC_UNAUTHORIZED would trigger the popup
dialog for basic authentication -- that's not what we really want to
have happen, since we know who the user is; she's just not allowed to
access this particular action.
Craig
On Wed, 17 Nov 2004 16:58:33 +0000, Jo�o Vieira da Luz
<[EMAIL PROTECTED]> wrote:
> For the first time, in struts application development I'm using roles
> attribute from action-mapping.
>
> I found something weird in method processRoles on the class RequestProcessor:
> response.sendError(HttpServletResponse.SC_BAD_REQUEST,
> getInternal().getMessage("notAuthorized",
> mapping.getPath()));
>
> IMHO it will be more correct to send a HttpServletResponse.SC_UNAUTHORIZED.
>
> BTW, I'm using struts 1.1
>
> What do you think?
> What was the reason to send BAD_REQUEST (error code 400) instead of
> UNAUTHORIZED (error code 401)?
>
> Thanks in advance,
> Jo�o
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
