Tynamo
  1. Tynamo
  2. TYNAMO-110

redirect to login page for pages secured with @RequiresXXX annotations

    Details

    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: security-0.3.1, security-0.4.0
    • Fix Version/s: security-0.4.1
    • Component/s: security
    • Labels:
      None
    • Number of attachments :
      0

      Description

      There is a slightly difference between the way the AuthorizationFilter and AuthenticationFilter redirect to the login page, and the way the ShiroExceptionHandler redirects to the login page.

      This means that these two options do not behave exactly in the same way.

      1) @RequiresRole("admin") public class Index {
      2) configuration.add(factory.createChain("/").add(factory.roles(),"admin").build());

      The option number 2 uses WebUtils.issueRedirect and returns a 301 redirect_ pointing to the login page to the client.

      The @RequiresRole("admin") annotation uses the ShiroExceptionHandler and does an "internal" tapestry redirect to the login page. That is it will not return a 301 redirect to the login page and it won't change the original "window.location". This creates some difficulties when working with SSL and it's the root cause of the issue explained in TYNAMO-103.

        Issue Links

          Activity

          Hide
          Alejandro Scandroli added a comment -

          Changed the ShiroExceptionHandler to use WebUtils.issueRedirect

          Show
          Alejandro Scandroli added a comment - Changed the ShiroExceptionHandler to use WebUtils.issueRedirect
          Hide
          Kalle Korhonen added a comment -

          This resulted in major refactoring. We also needed to handle localization and the exception causes, so figured the best way to fully fix this is to enhance exceptionpage module and use it as security's dependency. This is implemented barring proper documentation.

          Show
          Kalle Korhonen added a comment - This resulted in major refactoring. We also needed to handle localization and the exception causes, so figured the best way to fully fix this is to enhance exceptionpage module and use it as security's dependency. This is implemented barring proper documentation.
          Hide
          Alejandro Scandroli added a comment -

          Great! Kalle, thanks!

          Show
          Alejandro Scandroli added a comment - Great! Kalle, thanks!
          Hide
          Alejandro Scandroli added a comment -

          bulk closing issues that have been resolved for more than a year.

          Show
          Alejandro Scandroli added a comment - bulk closing issues that have been resolved for more than a year.

            People

            • Assignee:
              Kalle Korhonen
              Reporter:
              Alejandro Scandroli
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: