Right now, Tapestry-Security support a fantastic feature, which lets the user be redirected to a login page seamlessly, and then be returned to the original page, including the request parameters, no matter how many times they log in unsuccessfully.
You lose that functionality if you make the Unauthorized path the same as the Login page.
Here is the use case:
- Valid user goes to a page which he is unauthorized for
- Login dialog is presented
- User logs in successfully, goes to the Unauthorized page, which is the same as the Login page
- User logs in under another account, which is authorized for this page
By this time, the original page and request parameters are lost, and the user is redirected
to SUCCESS_URL (index) page, which is not what needs to happen.