Default page in Tapestry

In the current release of Tapestry version 5.0, there is an odd behavior about default index page. Here is the problem. I have used Tynamo for enforcing security. The desired behavior is that all pages should be authenticated. If you access them, before logging you should be redirected to /login.tml page. Our main page is set as default /index.tml page.

you can configure tynamo on which pages to protect in AppModule.contributeSecurityConfiguration
[code lang=”java”]
configuration.add(factory.createChain(“/login”).add(factory.anon()).build());
configuration.add(factory.createChain(“/”).add(factory.authc()).build());
[/code]

this works fine, as you long as access the main page by directly accessing root at http://server.port/app/

But what happens if you try to access a non existent page, some thing like http://server.port/app/blahblah ? strange unchangeable behavior of tapestry, directs this url to default index page, after that it is checked by tynamo. So your protected page is revealed easily. Tynamo has also no way to protect wild pages with exception. Something like
[code lang=”java”]
configuration.add(factory.createChain(“/**”).add(factory.authc()).build());
[/code]

will also protect /login.tml and prohibits logging in.

The best I came to, was to move the index page to some other page, say /processlist and protect by tynamo. I changed the Index.java to:

[code lang=”java”]
public class Index {
Object onActivate() throws MalformedURLException {
return ProcessList.class;
}
}
[/code]

Now if you access your arbitary page, it is redirected to the main page, but this time before security checking and every thing works fine.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.