This module is automatically included to configure the integration modules. It exports Tapestry @Symbols to customize this configuration.

The security module has the following features:

• Configures Login Screen extensions with Tapestry-Security
• Detects whether JavaScript has been turned on in the browser
• Configures Login redirection on session expiry and an appropriate message
• Configures authentication propagation of between Tapestry/Shiro and Servlet/JEE security models
• When user login is unsuccessful, delays further attempts at login, thus preventing brute force attacks
• Disallow Asset directory listing in certain cases: Issue TAP5-1779

SecurityModule exports the following Tapestry @Symbols:

• Utilizes Tynamo Tapestry-Security LOGIN_URL, UNAUTHORIZED_URL and SUCCESS_URL symbols

• Symbols.REMEMBER_ME_DURATION / flowlogix.security.remembermeduration

Length of the "Remember Me" authentication period, in days. Default is 2 weeks

• Symbols.INVALID_AUTH_DELAY / flowlogix.security.invalid-auth-delay

Length of the delay after an unsuccessful login, in seconds. Prevents brute force attacks. Default is 3

• Symbols.SESSION_EXPIRED_MESSAGE / flowlogix.security.session-expired-message

Message to show when redirected to a login screen upon session expiry. Default is "Your Session Has Expired"