Yeah, omitting that certainly leaves it up to the container as well. Perhaps technically not a tapestry-security issue, but I added a note of it to the guide regardless.
Kalle On Sun, Oct 19, 2014 at 9:24 PM, George Christman <gchrist...@cardaddy.com> wrote: > Awesome, I got it. I had > > <filter-mapping> > <filter-name>app</filter-name> > <url-pattern>/*</url-pattern> > <dispatcher>REQUEST</ > dispatcher> > <dispatcher>ERROR</dispatcher> > </filter-mapping> > > but was missing > > <error-page> > <error-code>401</error-code> > <location>/error/unauthorized</location> > </error-page> > > > On Sun, Oct 19, 2014 at 10:59 PM, Kalle Korhonen < > kalle.o.korho...@gmail.com > > wrote: > > > By the spec, application filters don't handle error requests by default > > (Jetty, at least the old versions, didn't conform). You need to have: > > > > <filter-mapping> > > <filter-name>app</filter-name> > > <url-pattern>/*</url-pattern> > > <dispatcher>REQUEST</dispatcher> > > <dispatcher>ERROR</dispatcher> > > </filter-mapping> > > > > as noted in http://tapestry.apache.org/error-page-recipe.html. I suspect > > you don't. > > > > Kalle > > > > > > On Sun, Oct 19, 2014 at 7:30 PM, George Christman < > gchrist...@cardaddy.com > > > > > wrote: > > > > > Hi, > > > > > > I have the following configuration > > > > > > configuration.add(SecuritySymbols.LOGIN_URL, "/signin"); > > > configuration.add(SecuritySymbols.UNAUTHORIZED_URL, > > > "/error/unauthorized"); > > > configuration.add(SecuritySymbols.SUCCESS_URL, "/account"); > > > configuration.add(SecuritySymbols.REDIRECT_TO_SAVED_URL, > "true"); > > > > > > public static void > > > contributeSecurityConfiguration(Configuration<SecurityFilterChain> > > > configuration, > > > SecurityFilterChainFactory factory) { > > > // /authc/** rule covers /authc , /authc?q=name /authc#anchor > > urls > > > as well > > > > > > > > > > > > configuration.add(factory.createChain("/account").add(factory.authc()).build()); > > > > > > > > > > > > configuration.add(factory.createChain("/account/user/**").add(factory.user()).build()); > > > > > > > > > > > > configuration.add(factory.createChain("/account/dealer/**").add(factory.roles(), > > > "dealer").build()); > > > > > > > > > > > > configuration.add(factory.createChain("/account/admin/**").add(factory.roles(), > > > "admin").build()); > > > > > > > > > > > > configuration.add(factory.createChain("/sell/uploadphotos/**").add(factory.authc()).build()); > > > } > > > > > > Unauthorized Page > > > > > > pages.error > > > > > > public class Unauthorized.class { > > > } > > > > > > /error/unauthorized.tml > > > > > > When ever a user attempts to access a page with an without the correct > > > role, rather than redirect them to the Unauthorized page, they get the > > > following error. > > > > > > HTTP Status 401 - > > > ------------------------------ > > > > > > *type* Status report > > > > > > *message* > > > > > > *description* *This request requires HTTP authentication.* > > > ------------------------------ > > > Apache Tomcat/7.0.47 > > > > > > > > > Anybody know why this isn't working? > > > > > > > > > -- > George Christman > www.CarDaddy.com > P.O. Box 735 > Johnstown, New York >
