Applications should support both secured or unsecured access based on initial
access method
-------------------------------------------------------------------------------------------
Key: TAPESTRY-2590
URL: https://issues.apache.org/jira/browse/TAPESTRY-2590
Project: Tapestry
Issue Type: Improvement
Affects Versions: 5.0.14
Reporter: Jonathan Barker
Priority: Minor
The ability to mix secured and unsecured pages with the @Secured annotation
means that anything not marked as @Secured will have unsecured URLs' generated.
As a result, it is not possible to make an application all secured using
firewall rules for external access, but unsecured for internal access.
It would be useful to support, at least for applications using the session, the
ability to have the default protocol remembered based on the method of first
access. This would support multiple security modes.
A possible configuration flag would be MetaDataContants.SECURE_PAGE_DEFAULT
where the available values are "true", "false", "any"
This also helps troubleshoot when you have Apache HTTP -> mod_jk -> Tomcat,
where only internal systems can directly hit Tomcat.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
