Tynamo

@Security, tapestry.secure-enabled, MetaDataConstants.SECURE_PAGE not honored by Tapestry security

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: security-0.4.0
  • Fix Version/s: security-0.4.1
  • Component/s: security
  • Labels:
    None
  • Environment:
    Tapestry 5.3, Glassfish 3.1.1, tapestry.secure-enabled = true
  • Number of attachments :
    0

Description

I have a pretty simple authenticated page...

@RequiresRoles(logical = Logical.OR, value =

{ Role.LogisticsRole, Role.AccountingRole, Role.PalletsRole }

)
@Secure
public class TapPage

{ ....... }

When the page is redirected to the login screen (no authentication yet) and is called from plain old http:// URL,
the login screen is shown, but it's still the http:// protocol that is used.

According to the Tapestry documentation @Scecure redirects to https:// URL if the page is already not called through https.
This works, until tynamo security gets involved and points to the login screen
This should work not only with @Secure, but also with MetaDataConstraints.SECURE_PAGE in the configuration
so a lot of pages can be secured at once.

Thanks!

Issue Links

is related to

Improvement - An improvement or enhancement to an existing feature or task. TYNAMO-110 redirect to login page for pages secured with @RequiresXXX annotations

  • Major - Major loss of function.
  • Resolved - A resolution has been taken, and it is awaiting verification by reporter. From here issues are either reopened, or are closed.

Activity

People

  • Assignee:
    Alejandro Scandroli
    Reporter:
    Lenny Primak
Vote (0)
Watch (2)

Dates

  • Created:
    Updated:
    Resolved: