I don't think Tapestry-Security works for Ajax requests.
I think it's geared more of blocking access to pages for initial load.
How can you have AJAX requests for a page that's not authorized?
Also, in Tapestry 5.4, this should be handled properly by way T5.4 handles
JavaScript.
onActivate isn't getting called because Tapestry-Security / Shiro intercepts it
(and denies it's permission)
before onActivate ever gets called.
On Oct 27, 2013, at 8:55 AM, Jens Breitenstein wrote:
> Hi all!
>
> I have a strange problem and maybe one of you can give me a hint...
>
> Basically I have a table and each individual <tr> forms it's own zone and can
> be replaced independently from each other by an eventlink (works perfectly).
> Next I added @RequiresPermissions("MyPermission:modify") on the
> event-callback method to limit access. In case an user does not have the
> required permissions Shiro correctly identfies it and throws an
> OperationException("Subject does not have permission"), perfect too.
> Unfortunately there is no redirect to the "Unauthorized" page but instead the
> page is rendered in the "ajax dialog box" (which tapestry shows in case of
> problems/errors).
>
> From the stacktrace I see
> "SecurityExceptionHandlerAssistant.handleRequestException" is called to
> retrieve the page name to show ("Unauthorized"). Unfortunately there is no
> redirect to the page but instead "renderer.renderPageResponse(page)" is
> called and surprisingly "onActivate" of my "Unauthorized" page is not called
> at all.
>
> Any idea what happens and how to solve it?
>
>
> Jens
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
