Re: Tapestry examples page

2016-11-08 Thread Dimitris Zenios 
Well done carlos.nice work

On 8 Nov 2016 22:38, "françois facon"  wrote:

> Congratulations Carlos, your examples are very interesting.
> Can't wait to discover your next use cases.
>
> Regards
>
> 2016-11-08 18:35 GMT+01:00 Carlos Montero Canabal <
> carlosmonterocana...@gmail.com>:
>
> > Hi tapestry users,
> >
> > I want to share with us my first version of
> http://tapestry5.dev-util.com
> >  webapp. I love jumpstart project (
> > http://jumpstart.doublenegative.com.au/jumpstart7/  > doublenegative.com.au/jumpstart7/>), so I decided some weeks ago to
> > develop something similar with my own use cases.
> >
> > At the moment there aren´t a lot of examples, but I will hope to develop
> > 2-3 more per month.
> >
> > All feedback are welcome.
> >
> > Regards
> >
> > Carlos Montero
>

Re: Tapestry examples page

2016-11-08 Thread françois facon 
Congratulations Carlos, your examples are very interesting.
Can't wait to discover your next use cases.

Regards

2016-11-08 18:35 GMT+01:00 Carlos Montero Canabal <
carlosmonterocana...@gmail.com>:

> Hi tapestry users,
>
> I want to share with us my first version of http://tapestry5.dev-util.com
>  webapp. I love jumpstart project (
> http://jumpstart.doublenegative.com.au/jumpstart7/  doublenegative.com.au/jumpstart7/>), so I decided some weeks ago to
> develop something similar with my own use cases.
>
> At the moment there aren´t a lot of examples, but I will hope to develop
> 2-3 more per month.
>
> All feedback are welcome.
>
> Regards
>
> Carlos Montero

Re: Tynamo Security w/ custom Realm

2016-11-08 Thread Adam X 
Hi Kyle,

Thanks for taking a look. Indeed, I made the assumption that
SimpleCredentialsMatcher is used by default, but as part of my
troubleshooting I explicitly set it. doGetAuthenticationInfo is
invoked for sure, because my logs show it (I also stepped thru with
the debugger):

[WARN] org.tynamo.security.services.SecurityModule.RememberMeManager
(buildRememberMeManager:111) - Symbol 'security.remembermecipherkey'
is not set, using 'tapestry.hmac-passphrase' as the cipher. Beware
that changing the value will invalidate rememberMe cookies
[ERROR] org.apache.tapestry5.modules.AssetsModule.AssetSource
(invoke:237) - Packaging of classpath assets has changed in release
5.4; Assets should no longer be on the main classpath, but should be
moved to 'META-INF/assets/' or a sub-folder. Future releases of
Tapestry may no longer support assets on the main classpath.
[WARN] org.apache.tapestry5.modules.AssetsModule.AssetSource
(invoke:245) - Classpath asset '/org/tynamo/security/img/login-bg.png'
should be moved to folder
'/META-INF/assets/security/org/tynamo/security/img/'.
[DEBUG] com.foo.bar.core.engine.components.dao.UserManagementMockDao
(getUser:444) - userId: donkey
[DEBUG] com.foo.bar.core.engine.components.dao.UserManagementMockDao
(getUserPassword:451) - userId: donkey

As you can see my mock dao is correctly being called and it is
returning the correct password because I saw it in the debugger.

Am I instantiating SimpleAuthenticationInfo correctly? This API is all
new to me (never worked with Shiro) so I'm learning as I go.

Also, here is what my AppModule contribution looks like:

@Contribute(WebSecurityManager.class)
public static void addRealms(Configuration configuration,
@Inject @FromFactory UserManagementDao dao) {
Realm realm = new FooBarCoreRealm(dao);
configuration.add(realm);
}

Obviously replaced company name with FooBar etc.

Adam

On Tue, Nov 8, 2016 at 7:55 PM, Kalle Korhonen
 wrote:
> Looks fine at a quick glance. As I recall, an AuthenticatingRealm uses
> SimpleCredentialsMatcher by so it should match plain text passwords. Are
> you sure it's not authenticating, or is doGetAuthenticationInfo invoked at
> all? Do you have any other realms configured? Get the simple, single realm
> use case working first and work from there.
>
> Kalle
>
> On Tue, Nov 8, 2016 at 10:16 AM, Adam X  wrote:
>
>> Howdy !
>>
>> I followed tynamo setup guide
>> (http://www.tynamo.org/tapestry-security+guide/) combined with
>> federated accounts example
>> (https://github.com/tynamo/tynamo-federatedaccounts). I believe I have
>> the setup hooked up correctly as my annotated page with
>> @RequiresRoles("administrator") is not intercepted by tynamo and a
>> login page appears. The problem I'm having is that when I enter valid
>> credentials tynamo is not authenticating. Below is my custom realm.
>> UserManagementDao is just an interface, but the implementation I'm
>> injecting is a simple in-memory hash map impl with a unit test
>> verifyinig it's correctness (in reality we're authenticating against
>> AWS IAM but I'm usinig mock to get things working initially). However,
>> I'm not sure if I'm constructing SimpleAuthenticationInfo correctly.
>> Another thing is that my passwords (for now) are clear text and I'm
>> not sure if by default Tynamo uses clear text comparison of if it
>> hashes the passwords.
>>
>> Any help would be highly appreciated!
>>
>> public class MyCustomRealm extends AuthorizingRealm {
>>
>> private UserManagementDao dao;
>>
>>
>> public XappmCoreRealm(UserManagementDao dao) {
>>
>> super(new MemoryConstrainedCacheManager());
>> setName("awsiamaccounts");
>> setAuthenticationTokenClass(UsernamePasswordToken.class);
>> //setCredentialsMatcher(new
>> HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME));
>>
>> this.dao = dao;
>> }
>>
>> @Override
>> protected AuthorizationInfo
>> doGetAuthorizationInfo(PrincipalCollection principals) {
>>
>> if(principals == null) throw new
>> AuthorizationException(String.format("null %s! (should not happen)",
>> PrincipalCollection.class.getSimpleName()));
>> if(principals.isEmpty()) return null;
>> if(principals.fromRealm(getName()).size() <= 0) return null;
>>
>> String username = (String)
>> principals.fromRealm(getName()).iterator().next();
>> if(username == null) return null;
>>
>> List groups = dao.getUserGroups(username);
>> Set roles = new HashSet<>();
>>
>> for(XapGroup group : groups) {
>> roles.add(group.getId());
>> }
>>
>> return new SimpleAuthorizationInfo(roles);
>> }
>>
>> @Override
>> protected AuthenticationInfo
>> doGetAuthenticationInfo(AuthenticationToken token) throws
>> AuthenticationException {
>>
>> UsernamePasswordToken upToken = (UsernamePasswordToken) token;
>> String userName = upToken.getUsername();
>>
>> if(userName == null)

Re: Tynamo Security w/ custom Realm

2016-11-08 Thread Kalle Korhonen 
Looks fine at a quick glance. As I recall, an AuthenticatingRealm uses
SimpleCredentialsMatcher by so it should match plain text passwords. Are
you sure it's not authenticating, or is doGetAuthenticationInfo invoked at
all? Do you have any other realms configured? Get the simple, single realm
use case working first and work from there.

Kalle

On Tue, Nov 8, 2016 at 10:16 AM, Adam X  wrote:

> Howdy !
>
> I followed tynamo setup guide
> (http://www.tynamo.org/tapestry-security+guide/) combined with
> federated accounts example
> (https://github.com/tynamo/tynamo-federatedaccounts). I believe I have
> the setup hooked up correctly as my annotated page with
> @RequiresRoles("administrator") is not intercepted by tynamo and a
> login page appears. The problem I'm having is that when I enter valid
> credentials tynamo is not authenticating. Below is my custom realm.
> UserManagementDao is just an interface, but the implementation I'm
> injecting is a simple in-memory hash map impl with a unit test
> verifyinig it's correctness (in reality we're authenticating against
> AWS IAM but I'm usinig mock to get things working initially). However,
> I'm not sure if I'm constructing SimpleAuthenticationInfo correctly.
> Another thing is that my passwords (for now) are clear text and I'm
> not sure if by default Tynamo uses clear text comparison of if it
> hashes the passwords.
>
> Any help would be highly appreciated!
>
> public class MyCustomRealm extends AuthorizingRealm {
>
> private UserManagementDao dao;
>
>
> public XappmCoreRealm(UserManagementDao dao) {
>
> super(new MemoryConstrainedCacheManager());
> setName("awsiamaccounts");
> setAuthenticationTokenClass(UsernamePasswordToken.class);
> //setCredentialsMatcher(new
> HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME));
>
> this.dao = dao;
> }
>
> @Override
> protected AuthorizationInfo
> doGetAuthorizationInfo(PrincipalCollection principals) {
>
> if(principals == null) throw new
> AuthorizationException(String.format("null %s! (should not happen)",
> PrincipalCollection.class.getSimpleName()));
> if(principals.isEmpty()) return null;
> if(principals.fromRealm(getName()).size() <= 0) return null;
>
> String username = (String)
> principals.fromRealm(getName()).iterator().next();
> if(username == null) return null;
>
> List groups = dao.getUserGroups(username);
> Set roles = new HashSet<>();
>
> for(XapGroup group : groups) {
> roles.add(group.getId());
> }
>
> return new SimpleAuthorizationInfo(roles);
> }
>
> @Override
> protected AuthenticationInfo
> doGetAuthenticationInfo(AuthenticationToken token) throws
> AuthenticationException {
>
> UsernamePasswordToken upToken = (UsernamePasswordToken) token;
> String userName = upToken.getUsername();
>
> if(userName == null) throw new AccountException("Null
> usernames are not allowed by this realm.");
>
> XapUser user = dao.getUser(userName);
> if(user == null) return null;
>
> //if (user.isAccountLocked()) { throw new
> LockedAccountException("Account [" + username + "] is locked."); }
> //if (user.isCredentialsExpired()) {
> //String msg = "The credentials for account [" + username
> + "] are expired";
> //throw new ExpiredCredentialsException(msg);
> //}
>
> String password = dao.getUserPassword(userName);
>
> return new SimpleAuthenticationInfo(userName, password,
> getName());
> }
> }
>
> Adam
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>

Tynamo Security w/ custom Realm

2016-11-08 Thread Adam X 
Howdy !

I followed tynamo setup guide
(http://www.tynamo.org/tapestry-security+guide/) combined with
federated accounts example
(https://github.com/tynamo/tynamo-federatedaccounts). I believe I have
the setup hooked up correctly as my annotated page with
@RequiresRoles("administrator") is not intercepted by tynamo and a
login page appears. The problem I'm having is that when I enter valid
credentials tynamo is not authenticating. Below is my custom realm.
UserManagementDao is just an interface, but the implementation I'm
injecting is a simple in-memory hash map impl with a unit test
verifyinig it's correctness (in reality we're authenticating against
AWS IAM but I'm usinig mock to get things working initially). However,
I'm not sure if I'm constructing SimpleAuthenticationInfo correctly.
Another thing is that my passwords (for now) are clear text and I'm
not sure if by default Tynamo uses clear text comparison of if it
hashes the passwords.

Any help would be highly appreciated!

public class MyCustomRealm extends AuthorizingRealm {

private UserManagementDao dao;


public XappmCoreRealm(UserManagementDao dao) {

super(new MemoryConstrainedCacheManager());
setName("awsiamaccounts");
setAuthenticationTokenClass(UsernamePasswordToken.class);
//setCredentialsMatcher(new
HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME));

this.dao = dao;
}

@Override
protected AuthorizationInfo
doGetAuthorizationInfo(PrincipalCollection principals) {

if(principals == null) throw new
AuthorizationException(String.format("null %s! (should not happen)",
PrincipalCollection.class.getSimpleName()));
if(principals.isEmpty()) return null;
if(principals.fromRealm(getName()).size() <= 0) return null;

String username = (String)
principals.fromRealm(getName()).iterator().next();
if(username == null) return null;

List groups = dao.getUserGroups(username);
Set roles = new HashSet<>();

for(XapGroup group : groups) {
roles.add(group.getId());
}

return new SimpleAuthorizationInfo(roles);
}

@Override
protected AuthenticationInfo
doGetAuthenticationInfo(AuthenticationToken token) throws
AuthenticationException {

UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String userName = upToken.getUsername();

if(userName == null) throw new AccountException("Null
usernames are not allowed by this realm.");

XapUser user = dao.getUser(userName);
if(user == null) return null;

//if (user.isAccountLocked()) { throw new
LockedAccountException("Account [" + username + "] is locked."); }
//if (user.isCredentialsExpired()) {
//String msg = "The credentials for account [" + username
+ "] are expired";
//throw new ExpiredCredentialsException(msg);
//}

String password = dao.getUserPassword(userName);

return new SimpleAuthenticationInfo(userName, password, getName());
}
}

Adam

-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Tapestry examples page

2016-11-08 Thread Carlos Montero Canabal 
Hi tapestry users,

I want to share with us my first version of http://tapestry5.dev-util.com 
 webapp. I love jumpstart project 
(http://jumpstart.doublenegative.com.au/jumpstart7/ 
), so I decided some weeks 
ago to develop something similar with my own use cases.

At the moment there aren´t a lot of examples, but I will hope to develop 2-3 
more per month.

All feedback are welcome.

Regards

Carlos Montero