T5.1: Custom Acegi 403 error page breaks page/actionlinks

Mon, 15 Jun 2009 11:46:36 -0700 

Guys, I'm facing another strange issue with Tapestry 5.1.0.5. I'm using
Tapestry-Acegi, but I guess I would get the same behavior with
Spring-Security. I have configured a custom error page for the 403 forbidden
error in my AppModule, i.e.:
        configuration.add("acegi.accessDenied.url", "/AccessDenied");

So far so good. When I manually open a secured page while logged in as a
user without the required privilege, instead of getting the plain white 403
page, I'll get a nice Access Denied page with explanation, etc. But while a
page with address /AccessDenied is displayed (i.e.
http://127.0.0.1/AccessDenied), the browser displays the URL of the original
forbidden page (e.g. http://127.0.0.1/User/Create). 

This would actually be quite nice, but I think it is causing that both
pagelinks and actionlinks will break, as if Tapestry failed to generate
proper target URLs for them. Imagine I have a "logout" action link within my
Border component - the Border component is also used on the custom
AccessDenied page to get the consistent look with the rest of the webapp.
Normally, the URL that is generated for this action link will depend on the
page I'm viewing, so for example:
http://127.0.0.1/index.border.logout (on the /Index page)
http://127.0.0.1/user/create.border.logout (on the /User/Create page)

But if I try to access the Create User page without the privileges and get
the access denied page, the actionlink's target URL will look like this:
http://127.0.0.1/user/accessdenied.border.logout (on the /User/Create page)

Obviously, this won't work, because there's no AccessDenied page under /user
- it is only in the root of the webapp. Similarly, a pagelink targeting
language configuration page, declared as:
<t:pagelink page="language"/>

doesn't work, because it generates this target URL:
http://127.0.0.1/user/language

instead of the correct form:
http://127.0.0.1/language

Is this a bug within Tapestry related to server side request forwarding or
am I missing something? I'm getting the same behavior in Jetty and in Tomcat
6.0.18.

Thanks,
Rado
-- 
View this message in context: 
http://www.nabble.com/T5.1%3A-Custom-Acegi-403-error-page-breaks-page-actionlinks-tp24040558p24040558.html
Sent from the Tapestry - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Reply via email to