Filter
Top Products
Chapter 4: Property Reference
175
deny.unauthorized( )
The deny.unauthorized property instructs the ProxySG to issue a challenge (401 Unauthorized or 407
Proxy authorization required). This indicates to the client that the resource cannot be accessed with
their current identity, but might be accessible using a different identity. The browsers typically
respond by bringing up a dialog box so the user can change their identity. (The
details string appears
in the challenge page so that if the user cancels, there is some additional help information provided).
Typically, use
deny( ) if the policy rule forbids everyone access, but use deny.unauthorized if the
policy rule forbids only certain people.
Syntax
deny.unauthorized
deny.unauthorized(details)
where details is a string defining a message to be displayed to the user. The details string may
contain CPL substitution variables.
Discussion
If current policy contains rules that use the
authenticate() or authenticate.force( ) properties,
the
deny.unauthorized( ) property is equivalent to exception(authorization_failed). If policy
does not contain any rules that require authentication,
deny.unauthorized( ) is equivalent to
exception(policy_denied)
.
The identity of the exception being returned can be tested in an
<Exception> layer using
exception.id=.
Layer and Transaction Notes
•Use in
<Proxy> layers.
• Applies to HTTP transactions. For other protocols, the property is the equivalent to
deny( ).
See Also
Conditions:
exception.id=
Properties: deny( ), exception( ), force_deny( ), force_exception( )