Hyland Connect

robain · ‎12-11-2008

is it possible to capture this error in case of basic http authentication while accessing a webscript and give custom message.

thanks

mikeh · ‎12-11-2008

Please see: http://wiki.alfresco.com/wiki/Web_Scripts#Response_Status

Thanks,
Mike

robain · ‎12-11-2008

Thanks Mike. But what we have there is a way to define our own flow to throw different http error exception. However 401 means you cannot even get to the point where the javascript code gets executed. Isnt that right? So how do I capture such exception.

Thanks

mikeh · ‎12-11-2008

Good point - I've never tried the 401 case.

You could tell Tomcat to redirect instead via web.xml

<web-app>
  <error-page>
    <error-code>401</error-code>
    <location>/error401.jsp</location>
  </error-page>
…
<web-app>‍‍‍‍‍‍‍

Mike

robain · ‎12-11-2008

Thanks Mike. That would solve the problem but this wont isolate the error messaging to the webscript alone but will be applied to any general 401 error. Was looking for something that could address this issue with webscripts only. Appreciate the post though. Thanks.

t_broyer · ‎12-12-2008

You can place a 401.ftl at the root of the webscript search path (classes/alfresco/templates/webscripts or classes/alfresco/extension/templates/webscripts for instance).
In case the /401.ftl isn't found (which is the case by default), it defaults to /status.ftl

This will be used even for non-DeclarativeWebScripts (Java-backed web scripts for instance)

robain · ‎12-12-2008

Thanks for the post boyer. But unfortunately it does not seem to work. The error I am getting right now is posted below. This is the tomcat message. Not sure if even the status.ftl is being used.

=============
HTTP Status 401 -

type Status report

message

description This request requires HTTP authentication ().
Apache Tomcat/5.5.23
==============

Mark,
Finally I also tried the web.xml configuration but seems like even that doesnt work for the alfresco webapp. It works for other web applications though. Any ideas?

Appreciate all the help guys.
Thanks

t_broyer · ‎12-12-2008

D'oh, right!

It actually totally depends on the authenticator being used, as it has to send back the authentication challenge (WWW-Authenticate for HTTP auth, redirect to the login page for Web-Client auth (see below)).

So if you really want to control the 401 content, you'd be better writing your own org.alfresco.web.scripts.Authenticator and setting it up in the web.xml (either replacing the BasicHttpAuthenticator for /alfresco/s and /alfresco/service, or defining your own URI space).

For instance, I quite easily put in place something similar to this proposal in a new, distinct URI space (this would IMO be The Right Way™ to do the Web-Client authentication BTW).

As a side note, the WebScriptRuntime is broken wrt HTTP (at least in 2.2, I didn't check in 3.0) as it sends back 401s (without WWW-Authenticate!) instead of 403s in the following cases:

the web script requires authentication (either user or admin) but is called with ?guest=true

the web script requires admin privileges be the authenticated user isn't an admin

robain · ‎12-12-2008

Thanks for clarifying. How about the tomcat custom error page solution. That shouldnt require rewiring the authenticator, right? But why is that not working for alfresco?

Thanks

t_broyer · ‎12-15-2008

That's because Alfresco uses response.setStatus(). Error pages are only used when response.sendError() is called or in case of an exception. (see section SRV.9.9.2 of the Servlet Specification 2.4)

Hyland Connect

401 unauthorized webscript