JANUS WEB exception rules

From m204wiki
Revision as of 22:12, 22 April 2014 by JAL (talk | contribs)
Jump to navigation Jump to search

JANUS WEB ON, TYPE, and REDIRECT rules can also be used to assign special URLs to handle exception conditions. Exception conditions are conditions that are outside the normal course of Janus Web Server application processing. To specify an exception handling rule, simply issue the appropriate JANUS WEB rule with the name of the exception condition specified for the URL, as in the following:

JANUS WEB WEBPORT ON REQCANCEL OPEN FILE EXCPROC CMD 'I REQCANCEL'

Exception rules must be specified with the complete exception condition name (with no wildcards) in the URL. A rule that contains a wildcard in the URL is not applied to an exception condition, even if the wildcard string matches the exception condition.

For example, the following rule will not be applied to a REQCANCEL condition, even though technically .REQCANCEL matches the * (asterisk) wildcard string.

JANUS WEB WEBPORT ON * CMD WEBSYS

Valid exception handlers are:

EOD Invoked when EOD is ON.
FORBIDDEN Invoked when a browser requests a URL that it is forbidden to view. This is different from UNAUTHORIZED (described below): a URL is "forbidden" if no matter what userid the user logs on to, they are not permitted to view the URL. Such a URL is likely one that is restricted to browsers or proxies with certain IP addresses.
LOGONERR
Invoked when a login for a user fails for whatever reason. This exception handler could presumably determine the cause of the error by:
  1. Invoking $Web_Num_LogMsg and $Web_LogMsg
  2. Taking appropriate action, depending on whether the problem is an expired or invalid password or something else.
NEWPASSWORD
Invoked when a user successfully changes his or her password. This can be used to send an explanatory page explaining the somewhat odd behavior of browsers after a password change.
NODONE
Invoked when a web request requires terminal input at command level, and it has not issued a $Web_Done (or done a $WEB_PROC_SEND without MORE). This will only happen if the NOAUTODONE parameter was issued on the appropriate JANUS DEFINE or JANUS WEB ON command. This exception handler can be useful in catching conditions that would result in raw Model 204 error messages being sent back to the browser, such as M204.1169: CAN'T INCLUDE procname or M204.1126: SUBSYSTEM subsys MUST BE STARTED.
NOLOGCOOKIE Invoked when a port has the WEBLOGCOOKIE parameter set but a browser does not provide the login cookie for a public URL.
NOTFOUND Invoked when a URL without an associated JANUS WEB ON RULE is requested. This handler can be useful to redirect requests for invalid URLs back to a common home page, or to return a "prettier" error page than the standard Janus Web Server "Not found" page.
NOUSERID Invoked when a login is required for the requested URL but the browser has not sent a userid and password. The default action in this situation, the sending of a "401 Unauthorized" to the browser, is probably the correct action in almost all cases. However, you can use a NOUSERID exception handler to customize the "Unauthorized" message to something like "Userid and password required."
OPENERR Invoked when there is an error opening a file or group in the JANUS DEFINE command for the port or the JANUS WEB ON rule for the requested URL.
REQCANCEL Invoked when a User Language procedure that is processing a JANUS WEB ON rule is cancelled. This handler can be useful to return a "prettier" error page than the standard Janus Web Server "Internal server error" page. It can also be used to log error diagnostics or send an error notification to appropriate people.
RESTART Invoked when a Janus Web Server thread is restarted, RESTART is not allowed on any rules except REDIRECT. This handler can be useful to return a "prettier" error page than the standard Janus Web Server "Internal server error" page. It can also be used to send an error notification to appropriate people. The time and last error message at the time of the restart are added to the redirect URL as isindex data.
SSLCIPHERERR Invoked when there are no common ciphers between the Janus Web Server SSL port and the browser. The most common cause of this is a browser that does not have high-grade (128-bit RC4) encryption, but the Janus Web Server port has been configured to accept only high-grade encryption connections. An SSLCIPHERERR rule can return a page to the browser that explains the problem, and it can even contain links to download a browser with high-grade security.
SSLNOCERTERR Invoked when a user tries to connect to an SSL port defined with the SSLCLCERTR parameter but does not present a client certificate. This can be useful in presenting a user with the information that a client certificate is required and how such a certificate might be obtained.
SSLPROTOCOLERR
Invoked when a user tries to connect using an SSL protocol version that is not being allowed. Generally this would be used to respond to attempts to connect to Janus Web Server using SSL V2 when only SSL V3 is being allowed.
UNAUTHORIZED
Invoked when a login is required for the requested URL and the browser has sent a valid userid and password, but the userid is not authorized to retrieve the requested URL, that is, the URL is restricted to certain userids. The default action in this situation, the sending of a "401 Unauthorized" to the browser, results in a logon pop-up window being presented to the end-user by the browser, making it possible for the end-user to logon to a different userid.

Unfortunately, there is no way for a user to distinguish the logon pop-up window presented as a result of "valid userid and password but userid not authorized" from that presented because of an invalid userid or password. In addition, allowing the user to change userids does not make sense in the case where an end-user only has a single userid.

To deal with these problems, A JANUS WEB ON UNAUTHORIZED rule makes it possible to customize the response to this situation. A JANUS WEB ON UNAUTHORIZED rule runs only if the browser sends a valid userid and password, and in fact, such a rule will run after logging on the unauthorized userid.

See also