Karel,
One way to handle this is to have your Tapestry app accessible under two prefixes (just register it twice in web.xml), for example both
/app
and
/auth
Your login page would be accesed under /app and would not trigger the /auth interceptor. Tapestry is quite fine with this. Now you do have to ensure that pages which need to be secured are not accessed via /app, which you can do with some interceptor setup, or alternately programmatically by deriving protected pages from a common base class and have the pages check themselves for a logged in status...
Hope this helps, Colin
Karel Miarka wrote:
Hello,
I'm developing an application based on Spring and Tapestry and I have started to play with ASS4S . I wanted to make all my pages secure (user login is required to access any page). So I have added this pattern into FilterSecurityInterceptor configuration:
\A/app.*\Z=ROLE_USER
But the problem is that my login page is located also inside this pattern, the URL is: /app?service=page/Login . And I understand that because simple redirect is used. So I have tried to create my own FreeAccessVoter to allow access to this page, but as I have discovered later the redirect is send before the voter is called.
So how to handle such cases? Is it possible without having to move the Login page?
TIA,
Karel
------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
