Tynamo

Allow Unauthorized and Login page to be a single page

Details

  • Type: Improvement Improvement
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Won't Fix
  • Affects Version/s: security-0.4.0
  • Fix Version/s: security-0.4.1
  • Component/s: security
  • Labels:
    None
  • Environment:
    N/A
  • Number of attachments :
    0

Description

Right now, Tapestry-Security support a fantastic feature, which lets the user be redirected to a login page seamlessly, and then be returned to the original page, including the request parameters, no matter how many times they log in unsuccessfully.

You lose that functionality if you make the Unauthorized path the same as the Login page.
Here is the use case:

  • Valid user goes to a page which he is unauthorized for
  • Login dialog is presented
  • User logs in successfully, goes to the Unauthorized page, which is the same as the Login page
  • User logs in under another account, which is authorized for this page

By this time, the original page and request parameters are lost, and the user is redirected
to SUCCESS_URL (index) page, which is not what needs to happen.

Thanks.

Activity

Hide
Permalink
Kalle Korhonen added a comment -

Unsupported out of the box, but simple to in 0.4.1 with a custom login page. In 0.4.0 the request was saved to session which is why the value gets lost in-between the logins, but 0.4.1 uses a cookie to store the request. Check how the built-in loginform does it, and just don't clear the cookie.

Show
Kalle Korhonen added a comment - Unsupported out of the box, but simple to in 0.4.1 with a custom login page. In 0.4.0 the request was saved to session which is why the value gets lost in-between the logins, but 0.4.1 uses a cookie to store the request. Check how the built-in loginform does it, and just don't clear the cookie.

People

  • Assignee:
    Kalle Korhonen
    Reporter:
    Lenny Primak
Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved: