Changes between Version 31 and Version 32 of S3/S3AAA
- Timestamp:
- 01/18/11 00:38:17 (14 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
S3/S3AAA
v31 v32 151 151 In case of failure, a well-defined response action must take place: 152 152 153 - in interactiveformats:154 - the user should be informed that he has insufficient permissions (if already logged-in)155 - the user should be requested to login (+forwarded to the login page)156 - in non-interactive formats157 - the client must receive a HTTP 401 (Authorization Required) error if not logged-in in order to trigger an authentication attempt158 - the client must receive a HTTP 403 (Forbidden) error code to cancel its attempt properly153 - in '''interactive''' formats: 154 - already authenticated users should be informed about the insufficient permissions, and redirected to a (unrestricted) landing page 155 - unauthenticated users should be requested to login, and thus forwarded to a login page 156 - in '''non-interactive''' formats: 157 - authenticated clients must receive a HTTP 403 (Forbidden) error code to cancel the request properly 158 - unauthenticated clients must receive a HTTP 401 (Authorization Required) error in order to trigger an authentication attempt 159 159 160 160 All this is covered by the {{{auth.permission.fail()}}} method: … … 166 166 }}} 167 167 168 For interactive modes, you can set the destinations for redirection before calling {{{auth.permission.fail()}}}:168 For interactive modes, you can alter the destinations for redirection by setting: 169 169 170 - {{{auth.permission.homepage = URL(...)}}} for the case wherethe user is logged-in, but has insufficient privileges (defaults to {{{default/index}}}).171 - {{{auth.permission.loginpage = URL(...)}}} for the case wherethe user is not logged-in (defaults to {{{default/user/login}}}).170 - {{{auth.permission.homepage}}} for redirection when the user is logged-in, but has insufficient privileges (defaults to {{{default/index}}}). 171 - {{{auth.permission.loginpage}}} for redirection when the user is not logged-in (defaults to {{{default/user/login}}}). 172 172 173 173 Example: redirect to {{{my/index}}} rather than to {{{default/index}}} in case of insufficient privileges of an authenticated user: