如果禁止访问,服务器端方法是否会抛出异常?
[英]Should server-side methods throw exceptions if access is forbidden?
问题描述
I have an (jQuery) AJAX call in my Javascript that calls a Python method serverside that verifies if a person has credentials, then the Python sends back the information required. 
我在我的Javascript中有一个(jQuery)AJAX调用,调用Python方法服务器端验证一个人是否有凭据,然后Python发回所需的信息。
If either the person is not logged in or does not have credentials, it throws an error and I catch the error with the error block in my jQuery AJAX function, telling the user that an error happened. 如果此人未登录或没有凭据,则会抛出错误并在我的jQuery AJAX函数中捕获错误块中的错误,告诉用户发生了错误。
My problem is that I'm not able to display what kind of error, just that an error occurred and a 500 code was returned by the server. 我的问题是我无法显示出现了什么样的错误,只是发生了错误并且服务器返回了500个代码。 Should I have the method complete successfully even when the user does not have credentials, instead returning a message that says 'forbidden' or 'not logged in' instead of the data required? 即使用户没有凭据,我是否应该成功完成该方法,而是返回“禁止”或“未登录”而不是所需数据的消息?
Basically my question is, should I force the method to throw an exception when a user does not have authorization to access some information? 基本上我的问题是,当用户没有授权访问某些信息时,我是否应强制该方法抛出异常?
2 个解决方案
解决方案1
1 2014-02-11 02:19:05
Yes, you should throw an exception. 是的,你应该抛出异常。 You should not return a successful response on a server error as consumer of the service might not be aware you are actually storing specific information whether or not it was an error, and if so, of what type. 你不应该在返回服务器错误成功的响应作为服务的消费者可能不知道你实际上是存储特定信息是否是一个错误,如果是这样,什么类型的。
Furthermore, you could modify the response message to sent back HTTP 403 , which actually conveys an authorization failure. 此外,您可以修改响应消息以发回HTTP 403 ,这实际上传达了授权失败。
解决方案2
1 2014-02-11 04:54:40
A 401 error is used for authentication, and 403 is for authorization. 401错误用于身份验证, 403用于授权。 The flasky way to do this is with custom error handlers: 这样做的方法是使用自定义错误处理程序:
from flask import Flask, abort, Response, jsonify
app = Flask(__name__)
@app.errorhandler(403)
def not_authorized(e):
response = jsonify({'code': 403,'message': 'Not damn authorized'})
response.status_code = 403
return response
@app.errorhandler(401)
def not_authenticated(e):
response = jsonify({'code': 401,'message': 'Not damn authenticated'})
response.status_code = 401
return response
@app.route("/unauthorized")
def unauthorized():
abort(403)
@app.route("/unauthenticated")
def unauthenticated():
abort(401)
@app.route("/")
def index():
return jsonify({"message":"hello world!"})
#Another way to do it perhaps, without using global error handler functions.
@app.route("/test/<var>")
def test(var):
if var == 1:
response = jsonify({'code': 403,'message': 'Not damn authorized'})
response.status_code = 403
return response
else:
response = jsonify({'code': 403,'message': 'Some other message'})
response.status_code = 403
return response
if __name__ == "__main__":
app.run(port=8080, debug=True)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.