Actions on privilege check failures in UI Framework


Apologies for not having been synchronously available to chat much. I’m a bit confused about what exactly the problem is that you’re trying to solve, and the behavior you’re trying to achieve, with a MissingPrivilegesHandler. I can’t find a recently-updated UI Framework ticket about it, and the notes from Monday’s design call don’t say much.

So, as far as I understand it, the problem is that if you do

<% context.requirePrivilege("xyz") %>

in a gsp page, it throws a stack trace. However this seems to me to be just a straightforward bug, because in most cases (e.g. in production in mirebalais) if a ContextAuthenticationException is thrown (maybe from a Controller) the system already does the right thing, e.g. send you to the login screen. So I would expect that all we need is a small bugfix in PageFactory or FragmentFactory to make sure this is working consistently.

@mogoodrich, can you comment on whether you’ve ever seen anything problematic about this in any of the PIH projects?

So, in addition, the behavior that PIH intentionally chose for Mirebalais was that every time you log in (regardless of whether you were redirected to the login screen due to missing privilege or session timeout, or if you just went there from a bookmark) you see the home screen. We intentionally did not preserve the behavior from the 1.x application which tried to redirect you to the page you were on before.

I know that someone added the “redirect-to-where-you-used-to-be” behavior in the reference application, though I think it was implemented wrong, because I sometimes get strange behavior from it while doing development. Is there some reason that we can’t just fix the logic there? What problem we are trying to solve by adding the ability for modules to provide custom handlers?