Java Reference
In-Depth Information
Figure 14.2: The 401 (Unauthorized) HTTP error code
We can even decide to remove the
LoginInterceptor
and instead use
@Per-
mitAll
on the action beans for which the user must be logged in:
@PermitAll
public class
MessageListActionBean ...
@PermitAll
public class
MessageDetailsActionBean ...
@PermitAll
public class
MessageComposeActionBean ...
@PermitAll
public class
ContactBaseActionBean ...
Note that annotating
ContactBaseActionBean
takes care of both
Con-
tactListActionBean
and
ContactFormActionBean
because they inherit the
annotation from the parent class.
So, what happens if unauthenticated users try to access a protected
page or if nonadministrator users link to the User List page? They are
greeted with the 401 (Unauthorized) HTTP error code, as shown in Fig-
That's not very nice, but that's what they get for trying to access a
forbidden page, right? Well, that's up to you to decide. You can leave it
as is and be blunt with unauthorized users, or you can show them a
custom page. If you choose the latter, create a JSP, and configure it as
being the page for the 401 error code in
web.xml
:
<%@include file="/WEB-INF/jsp/common/taglibs.jsp"%>
<fmt:message var="title" key="unauthorized.title"/>
<s:layout-render name="/WEB-INF/jsp/common/layout_main.jsp"
title="${title}">
<s:layout-component name="body">
<p style="color: red">
<fmt:message key="unauthorized.message"/>
</p>
Search WWH ::
Custom Search