CQ and 401/404
9. April 2009 von stejan
In the newest version of Day CQ WCM there is one big problem about the HTTP Response Status 401 and 404.
My problem: I wanted to make a CUG (Closed User Group).
So I set the permissions as I expected in CQ4:
On a call to this locked page I expected a 401 Not Authorized and a login page or login box. But what I got was a 404 Page Not Found. Hmmm strange!!
This implementation is (on my opinion) really wrong. With this implementation it’s never possible to create a CUG accessed page.
But there is a workaround:
- copy the file /libs/sling/servlet/errorhandler/404.jsp to /apps.
- get the admin session
- check (with the admin session) if the required page exists
- if so –> send 401
- else send 404
...
if(isClosedUserGroup(sling, resource)){
response.setStatus(401);
response.addHeader("WWW-Authenticate", "Basic realm=\"myrealm\"");
} else {
response.setStatus(404);
%><!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL <%=request.getRequestURI()%>
was not found on this server.</p>
<hr>
<address>
<%=this.getServletConfig().getServletContext().getServerInfo()%>
</address>
</body></html><%
}
...
That’s it.
Ähnliche Artikel