Hi Kalle - thanks for reply, I've created an issue for #1
http://jira.codehaus.org/browse/TYNAMO-87 <http://jira.codehaus.org/browse/TYNAMO-87>--magnus On Fri, Mar 4, 2011 at 6:23 PM, Kalle Korhonen <kalle.o.korho...@gmail.com>wrote: > On Fri, Mar 4, 2011 at 1:49 AM, Magnus Kvalheim <mag...@kvalheim.dk> > wrote: > > This post is mostly related to tapestry-security, but I hope it's ok to > post > > here in tapestry mailing list (now that Kalle is a committer and all.. :) > ) > > So I finally decided to implement tapestry-security. Had a few bumps in > the > > road, as I will come back to, but all in all I must say it's been a > > pleasure. > > Thanks for the extensive usage report Magnus! I've used > tapestry-security in so many projects now that I now it works well but > that said, I do want it to cover *all* security use cases. > > > 1. Make tapestry-security localization aware > > When specifying urls for AccessControlFilters, either in shiro.ini or > while > > setting applicationDefaults tapestry-security does not seem to honor > > localization. > > So if I'm in accessing though /en paths - then I'm redirected to a / and > > loose the localization info. > > I have not been able to solve this yet. > > Please open a (Tynamo) issue for it and I get to it. > > > 2. shiro.ini or module configuration - I'm confused > > The tapestry-security documentation say you can configure shiro in either > > shiro.ini or in module. > > I might be wrong here, but it seems that from module you can only > configure > > redirect urls, and FilterChainDefinitions > > through contributeSecurityRequestFilter. > > You are right, currently shiro.ini is needed for configuring that. I > had made a separate jsecurity integration myself and the functionality > is available in tapestry-security 0.1.0, but that part is yet to > merged into current tapestry-security codebase (which is the result of > work from multiple contributors). I think I had even an issue opened > for it.. yes this is related: > http://jira.codehaus.org/browse/TYNAMO-76 (there's more, but I spare > you from the details). > > > 3. Problems doing logout from tapestry > > (I've just found a different post regarding this with subject: "Error > after > > logout") > > I found that when shiro is doing logout it invalidates the session in the > > end. > > You can log out alright, but you just get the ugly stack traces if > Tapestry doesn't know about it before hand. Howard by the way fixed > that already in T5.3. What you ended up doing is exactly how I've done > it in numerous samples we have for tapestry-security. As always, the > documentation could be improved... > > Kalle > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > >
