'Re: SecuritySymbols.UNAUTHORIZED_URL isn't working in 0.6.1'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tapestry-user
Subject:    Re: SecuritySymbols.UNAUTHORIZED_URL isn't working in 0.6.1
From:       Kalle Korhonen <kalle.o.korhonen () gmail ! com>
Date:       2014-10-20 5:17:28
Message-ID: CA+=EWnAjWRC3gtqjLs1zeTEPxksfkQdR2WE44GEw1QJidAkA9w () mail ! gmail ! com
[Download RAW message or body]


Yeah, omitting that certainly leaves it up to the container as well.
Perhaps technically not a tapestry-security issue, but I added a note of it
to the guide regardless.

Kalle

On Sun, Oct 19, 2014 at 9:24 PM, George Christman <gchristman@cardaddy.com>
wrote:

> Awesome, I got it. I had
>
> <filter-mapping>
>         <filter-name>app</filter-name>
>         <url-pattern>/*</url-pattern>
>         <dispatcher>REQUEST</
> dispatcher>
>         <dispatcher>ERROR</dispatcher>
> </filter-mapping>
>
> but was missing
>
> <error-page>
>         <error-code>401</error-code>
>         <location>/error/unauthorized</location>
> </error-page>
>
>
> On Sun, Oct 19, 2014 at 10:59 PM, Kalle Korhonen <
> kalle.o.korhonen@gmail.com
> > wrote:
>
> > By the spec, application filters don't handle error requests by default
> > (Jetty, at least the old versions, didn't conform). You need to have:
> >
> >     <filter-mapping>
> >         <filter-name>app</filter-name>
> >         <url-pattern>/*</url-pattern>
> >         <dispatcher>REQUEST</dispatcher>
> >         <dispatcher>ERROR</dispatcher>
> >     </filter-mapping>
> >
> > as noted in http://tapestry.apache.org/error-page-recipe.html. I suspect
> > you don't.
> >
> > Kalle
> >
> >
> > On Sun, Oct 19, 2014 at 7:30 PM, George Christman <
> gchristman@cardaddy.com
> > >
> > wrote:
> >
> > > Hi,
> > >
> > > I have the following configuration
> > >
> > > configuration.add(SecuritySymbols.LOGIN_URL, "/signin");
> > >         configuration.add(SecuritySymbols.UNAUTHORIZED_URL,
> > > "/error/unauthorized");
> > >         configuration.add(SecuritySymbols.SUCCESS_URL, "/account");
> > >         configuration.add(SecuritySymbols.REDIRECT_TO_SAVED_URL,
> "true");
> > >
> > >     public static void
> > > contributeSecurityConfiguration(Configuration<SecurityFilterChain>
> > > configuration,
> > >             SecurityFilterChainFactory factory) {
> > >         // /authc/** rule covers /authc , /authc?q=name /authc#anchor
> > urls
> > > as well
> > >
> > >
> > >
> >
> configuration.add(factory.createChain("/account").add(factory.authc()).build());
> > >
> > >
> > >
> >
> configuration.add(factory.createChain("/account/user/**").add(factory.user()).build());
> > >
> > >
> > >
> >
> configuration.add(factory.createChain("/account/dealer/**").add(factory.roles(),
> > > "dealer").build());
> > >
> > >
> > >
> >
> configuration.add(factory.createChain("/account/admin/**").add(factory.roles(),
> > > "admin").build());
> > >
> > >
> > >
> >
> configuration.add(factory.createChain("/sell/uploadphotos/**").add(factory.authc()).build());
> > >     }
> > >
> > > Unauthorized Page
> > >
> > > pages.error
> > >
> > > public class Unauthorized.class {
> > > }
> > >
> > > /error/unauthorized.tml
> > >
> > > When ever a user attempts to access a page with an without the correct
> > > role, rather than redirect them to the Unauthorized page, they get the
> > > following error.
> > >
> > > HTTP Status 401 -
> > > ------------------------------
> > >
> > > *type* Status report
> > >
> > > *message*
> > >
> > > *description* *This request requires HTTP authentication.*
> > > ------------------------------
> > > Apache Tomcat/7.0.47
> > >
> > >
> > > Anybody know why this isn't working?
> > >
> >
>
>
>
> --
> George Christman
> www.CarDaddy.com
> P.O. Box 735
> Johnstown, New York
>


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic