Hi, thank you both for the answers!

I know the problem of passing user&pass via url, but for the time being I
can't change it.  All pages ( except Login ) are protected by
@RequiresAuthentication annotation of tapestry-security framework thus they
are locked if you are not logged. Login page appear because I have defined
the following security symbols in the Module:

*        configuration.add(SecuritySymbols.LOGIN_URL, "/login");
        configuration.add(SecuritySymbols.DEFAULTSIGNINPAGE, "/login");
        configuration.add(SecuritySymbols.SUCCESS_URL, "/Index");
        configuration.add(SecuritySymbols.UNAUTHORIZED_URL,
"/Unauthorized");*

My doubt was the onActivate() method behavior. Why was the page loaded and
wasn't onActivate launched? Do you think the way that the page was invoked (
implicitly) causes the behavior?. I will try nillehammer's suggestion, and
I'll have a look at jumpstart as well.

Thank you again!

David



------------------------------------------------------------------
David Germán Canteros


2011/7/29 Thiago H. de Paula Figueiredo <thiag...@gmail.com>

> On Fri, 29 Jul 2011 19:58:40 -0300, David Canteros <
> davidcanteros....@gmail.com> wrote:
>
>  I have to implement an automatic login on my tap application. I use tap
>> 5.2.6 and tapestry-security 0.3.1.
>> Initially I had a Login page with a login form,  but now I have to pass
>> the username and password to the login page via url, like this:
>> *http://localhost:8080/**MyAppName/login?usr=userName&**
>> pass=encryptedPass*<http://localhost:8080/MyAppName/login?usr=userName&pass=encryptedPass*>
>>
>
> I'd never, ever, ever do that. It can open your application to replay
> attacks.
>
>
>  The problem is: If I write 
> "http://localhost:8080/**MyAppName/<http://localhost:8080/MyAppName/>"
>> in my browser and hit enter, then the login page appear, but it doesn't
>> execute
>> onActivate() method! So I can't redirect to the external page. But if I
>> write "
>> http://localhost:8080/**MyAppName/login<http://localhost:8080/MyAppName/login>"
>> the method is executed. Anybody know why??
>>
>
> MyAppName is the context, so 
> http://localhost:8080/**MyAppName/<http://localhost:8080/MyAppName/>is 
> requesting the Index page of your application. Your login page has URL
> /login, so what you're seeing is absolutely correct, expected behavior.
>
>
>  I thought that onActivate is always executed when a page is called.
>>
>
> It's only executed in the page that was requested. If you want to implement
> something that is executed in every page, search for ComponentRequestFilter
> in the mailing list or look here: http://jumpstart.**
> doublenegative.com.au/**jumpstart/examples/**
> infrastructure/protectingpages<http://jumpstart.doublenegative.com.au/jumpstart/examples/infrastructure/protectingpages>
>
> --
> Thiago H. de Paula Figueiredo
> Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,
> and instructor
> Owner, Ars Machina Tecnologia da Informação Ltda.
> http://www.arsmachina.com.br
>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: 
> users-unsubscribe@tapestry.**apache.org<users-unsubscr...@tapestry.apache.org>
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>

Reply via email to