You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Paul Stanton <pa...@mapshed.com.au> on 2012/03/19 08:33:23 UTC
tynamo security login issue
I've just set up the most basic implementation of tapestry-security I
could to do some testing and have found a bit of an issue which should
be very easy to fix:
I've created a page which requires a permission. If, after logging in, I
use the loginlink on that page to log out, I am taken to the login page.
I enter the correct username and password, and instead of being taken
back to my permission'ed page, I am presented with a 404. The problem is
that the redirect url is missing the context path:
http://host/page instead of http://host/context/page
I traced it down to
org.tynamo.security.services.impl.PageServiceImpl.redirectToSavedRequest(String)
the 'requestUri' being read from the cookies is just the page name
("/page") part, it doesn't include the context path. It then goes on to
call "WebUtils.issueRedirect" however, with the "contextRelative"
parameter false.
Either the cookie should be storing the requestUri along with the
context path, or the contextRelative parameter should be true.
If this is caused by my configuration in some way, please let me know...
cheers, paul.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: tynamo security login issue
Posted by Paul Stanton <pa...@mapshed.com.au>.
<tapestry-security-version>0.4.3</tapestry-security-version>
I've worked around it by overriding SecurityExceptionHandlerAssistant to
use WebUtils.getRequestUri instead of WebUtils.getPathWithinApplication.
Cheers, p.
On 19/03/2012 9:38 PM, trsvax wrote:
> Which version are you running? I had a context problem in 0.4.1 and upgrading
> to 0.4.3 fixed it. I tried your senario and it works OK for me under 0.4.3
>
> --
> View this message in context: http://tapestry.1045711.n5.nabble.com/tynamo-security-login-issue-tp5576297p5576672.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: tynamo security login issue
Posted by trsvax <tr...@gmail.com>.
Which version are you running? I had a context problem in 0.4.1 and upgrading
to 0.4.3 fixed it. I tried your senario and it works OK for me under 0.4.3
--
View this message in context: http://tapestry.1045711.n5.nabble.com/tynamo-security-login-issue-tp5576297p5576672.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: tynamo security login issue
Posted by Paul Stanton <pa...@mapshed.com.au>.
After doing some more digging, I've found the other end of the equation
- where the cookie is set:
org.tynamo.security.internal.SecurityExceptionHandlerAssistant.handleRequestException(Throwable,
List<Object>)
It creates the cookie's value via
org.apache.shiro.web.util.WebUtils.getPathWithinApplication(HttpServletRequest)
which strips the context-path from the URI.
Clearly there is an incompatibility between this and "contextRelative"
being false (in the receiving end - WebUtils.issueRedirect).
Hope this helps, paul.
On 19/03/2012 6:33 PM, Paul Stanton wrote:
> I've just set up the most basic implementation of tapestry-security I
> could to do some testing and have found a bit of an issue which should
> be very easy to fix:
>
> I've created a page which requires a permission. If, after logging in,
> I use the loginlink on that page to log out, I am taken to the login
> page.
>
> I enter the correct username and password, and instead of being taken
> back to my permission'ed page, I am presented with a 404. The problem
> is that the redirect url is missing the context path:
> http://host/page instead of http://host/context/page
>
> I traced it down to
> org.tynamo.security.services.impl.PageServiceImpl.redirectToSavedRequest(String)
>
> the 'requestUri' being read from the cookies is just the page name
> ("/page") part, it doesn't include the context path. It then goes on
> to call "WebUtils.issueRedirect" however, with the "contextRelative"
> parameter false.
>
> Either the cookie should be storing the requestUri along with the
> context path, or the contextRelative parameter should be true.
>
> If this is caused by my configuration in some way, please let me know...
>
> cheers, paul.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org