Java Reference
In-Depth Information
Figure 14.2: The 401 (Unauthorized) HTTP error code
We can even decide to remove the LoginInterceptor and instead use @Per-
mitAll on the action beans for which the user must be logged in:
@PermitAll
public class MessageListActionBean ...
@PermitAll
public class MessageDetailsActionBean ...
@PermitAll
public class MessageComposeActionBean ...
@PermitAll
public class ContactBaseActionBean ...
Note that annotating ContactBaseActionBean takes care of both Con-
tactListActionBean and ContactFormActionBean because they inherit the
annotation from the parent class.
So, what happens if unauthenticated users try to access a protected
page or if nonadministrator users link to the User List page? They are
greeted with the 401 (Unauthorized) HTTP error code, as shown in Fig-
ure 14.2 .
That's not very nice, but that's what they get for trying to access a
forbidden page, right? Well, that's up to you to decide. You can leave it
as is and be blunt with unauthorized users, or you can show them a
custom page. If you choose the latter, create a JSP, and configure it as
being the page for the 401 error code in web.xml :
Download email_35/web/WEB-INF/jsp/unauthorized.jsp
<%@include file="/WEB-INF/jsp/common/taglibs.jsp"%>
<fmt:message var="title" key="unauthorized.title"/>
<s:layout-render name="/WEB-INF/jsp/common/layout_main.jsp"
title="${title}">
<s:layout-component name="body">
<p style="color: red">
<fmt:message key="unauthorized.message"/>
</p>
 
 
Search WWH ::




Custom Search