Re: T5.1: Request forwarding breaks page/actionlinks

[immutability <de...@bielik.org>]

The problem I have described in my original message is not related to
Acegi/Spring, but it appears to be a problem in the way Tapestry generates
URLs for ActionLinks and PageLinks after an server-side request forward is
performed. Unlike a client-side redirect, in this case the URL that the
browser sees doesn't change to the URL of the new page. This is exactly what
Acegi does if it has the acegi.accessDenied.url property specified, but you
can also do a forward manually using RequestDispatcher.

Now, is this a bug in Tapestry? I couldn't find anything in JIRA.

Imagine the following scenario: a page with a logical address /user/create
which does nothing else but a forward (in onActivate) to /test. The result
is that the /test page will be displayed, but the /user/create page's URL
will be shown in the browser's address bar. As a consequence, Tapestry will
generate relative URLs for all PageLinks and ActionLinks as if it was on the
/test page, but these links will be relative to the /user/create page - and
thus invalid. I can provide a sample code to reproduce.

Thanks,
Rado




immutability wrote:
> 
> Guys, I'm facing another strange issue with Tapestry 5.1.0.5. I'm using
> Tapestry-Acegi, but I guess I would get the same behavior with
> Spring-Security. I have configured a custom error page for the 403
> forbidden error in my AppModule, i.e.:
>         configuration.add("acegi.accessDenied.url", "/AccessDenied");
> 
> So far so good. When I manually open a secured page while logged in as a
> user without the required privilege, instead of getting the plain white
> 403 page, I'll get a nice Access Denied page with explanation, etc. But
> while a page with address /AccessDenied is displayed (i.e.
> http://127.0.0.1/AccessDenied), the browser displays the URL of the
> original forbidden page (e.g. http://127.0.0.1/User/Create). 
> 
> This would actually be quite nice, but I think it is causing that both
> pagelinks and actionlinks will break, as if Tapestry failed to generate
> proper target URLs for them. Imagine I have a "logout" action link within
> my Border component - the Border component is also used on the custom
> AccessDenied page to get the consistent look with the rest of the webapp.
> Normally, the URL that is generated for this action link will depend on
> the page I'm viewing, so for example:
> http://127.0.0.1/index.border.logout (on the /Index page)
> http://127.0.0.1/user/create.border.logout (on the /User/Create page)
> 
> But if I try to access the Create User page without the privileges and get
> the access denied page, the actionlink's target URL will look like this:
> http://127.0.0.1/user/accessdenied.border.logout (on the /User/Create
> page)
> 
> Obviously, this won't work, because there's no AccessDenied page under
> /user - it is only in the root of the webapp. Similarly, a pagelink
> targeting language configuration page, declared as:
> <t:pagelink page="language"/>
> 
> doesn't work, because it generates this target URL:
> http://127.0.0.1/user/language
> 
> instead of the correct form:
> http://127.0.0.1/language
> 
> Is this a bug within Tapestry related to server side request forwarding or
> am I missing something? I'm getting the same behavior in Jetty and in
> Tomcat 6.0.18.
> 
> Thanks,
> Rado
> 

-- 
View this message in context: http://www.nabble.com/T5.1%3A-Request-forwarding-breaks-page-actionlinks-tp24040558p24054631.html
Sent from the Tapestry - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org