Re: Tynamo Security Login Page
Need to specify the library since it's not your own component - loginPage
is just a local attribute name. Use or
just replace the whole block with <:tsecurity.loginlink>.
Kalle
On Wed, Nov 9, 2016 at 9:03 AM, Adam X wrote:
> I have tapestry-security integrated and working in my project. Page
> classes annotated with shiro such as @RequiresAuthentication get
> intercepted with the login page.
>
> What is the best way to create a link on my page that redirects to tap
> security login page?
>
> In my Laout.java I tried this:
>
> @Property
> @Inject
> private SecurityService securityService;
>
> @Property
> @InjectPage
> private org.tynamo.security.pages.Login loginPage;
>
> then in my Layout.tml I have this:
>
>
> ${securityService.subject.principal}
>
> Guest (Sign In)
>
>
>
> But Tapestry is unable to find this Tynamo page, even though it is
> clearly there:
>
> Caused by: org.apache.tapestry5.ioc.util.UnknownValueException: Unable
> to resolve 'loginPage' to a known page name
>
> What is the accepted (or recommended) way to bring up the login page
> in such a setup?
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
Tynamo Security Login Page
I have tapestry-security integrated and working in my project. Page
classes annotated with shiro such as @RequiresAuthentication get
intercepted with the login page.
What is the best way to create a link on my page that redirects to tap
security login page?
In my Laout.java I tried this:
@Property
@Inject
private SecurityService securityService;
@Property
@InjectPage
private org.tynamo.security.pages.Login loginPage;
then in my Layout.tml I have this:
${securityService.subject.principal}
Guest (Sign In)
But Tapestry is unable to find this Tynamo page, even though it is
clearly there:
Caused by: org.apache.tapestry5.ioc.util.UnknownValueException: Unable
to resolve 'loginPage' to a known page name
What is the accepted (or recommended) way to bring up the login page
in such a setup?
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Tynamo Security w/ custom Realm
Hello All - just want to say everything in Shiro was configured ok.
The bug was in the implementation of my mock dao.
All works nicely
On Wed, Nov 9, 2016 at 2:49 PM, Adam X wrote:
> So I set org.apache.shiro to DEBUG level and discovered that Shiro is
> actually correctly authenticating but for some reason displays
> "Unauthorized" page:
>
> [DEBUG] com.foo.bar.core.engine.components.dao.UserManagementMockDao
> (getUser:444) - userId: donkey
> [DEBUG] com.foo.bar.core.engine.components.dao.UserManagementMockDao
> (getUserPassword:451) - userId: donkey
> [DEBUG] org.apache.shiro.realm.AuthenticatingRealm
> (getAuthenticationInfo:569) - Looked up AuthenticationInfo [donkey]
> from doGetAuthenticationInfo
> [DEBUG] org.apache.shiro.realm.AuthenticatingRealm
> (cacheAuthenticationInfoIfPossible:507) - AuthenticationInfo caching
> is disabled for info [donkey]. Submitted token:
> [org.apache.shiro.authc.UsernamePasswordToken - donkey,
> rememberMe=false].
> [DEBUG] org.apache.shiro.authc.credential.SimpleCredentialsMatcher
> (equals:95) - Performing credentials equality check for
> tokenCredentials of type [[C and accountCredentials of type
> [java.lang.String]
> [DEBUG] org.apache.shiro.authc.credential.SimpleCredentialsMatcher
> (equals:101) - Both credentials arguments can be easily converted to
> byte arrays. Performing array equals comparison
> [DEBUG] org.apache.shiro.authc.AbstractAuthenticator
> (authenticate:233) - Authentication successful for token
> [org.apache.shiro.authc.UsernamePasswordToken - donkey,
> rememberMe=false]. Returned account [donkey]
> [DEBUG] org.apache.shiro.subject.support.DefaultSubjectContext
> (resolveSecurityManager:102) - No SecurityManager available in subject
> context map. Falling back to SecurityUtils.getSecurityManager()
> lookup.
> [DEBUG] org.apache.shiro.subject.support.DefaultSubjectContext
> (resolveSecurityManager:102) - No SecurityManager available in subject
> context map. Falling back to SecurityUtils.getSecurityManager()
> lookup.
> [DEBUG] org.apache.shiro.web.servlet.SimpleCookie
> (addCookieHeader:226) - Added HttpServletResponse Cookie
> [rememberMe=deleteMe; Path=/bip; Max-Age=0; Expires=Tue, 08-Nov-2016
> 12:28:52 GMT]
> [DEBUG] org.apache.shiro.mgt.AbstractRememberMeManager
> (onSuccessfulLogin:290) - AuthenticationToken did not indicate
> RememberMe is requested. RememberMe functionality will not be
> executed for corresponding account.
> [DEBUG] org.apache.shiro.realm.AuthorizingRealm
> (getAuthorizationCacheLazy:234) - No authorizationCache instance set.
> Checking for a cacheManager...
> [DEBUG] org.apache.shiro.realm.AuthorizingRealm
> (getAuthorizationCacheLazy:242) - CacheManager
> [MemoryConstrainedCacheManager with 0 cache(s)): []] has been
> configured. Building authorization cache named
> [awsiamaccounts.authorizationCache]
>
> So I must have a misconfiguration somewhere but am stuck as I can't
> figure out where. I just thought that tapestry-security automagically
> handles redirect after login. My page is very simple:
>
> @RequiresRoles("administrator")
> public class Contact {
> }
>
>
> On Tue, Nov 8, 2016 at 8:30 PM, Adam X wrote:
>> Hi Kyle,
>>
>> Thanks for taking a look. Indeed, I made the assumption that
>> SimpleCredentialsMatcher is used by default, but as part of my
>> troubleshooting I explicitly set it. doGetAuthenticationInfo is
>> invoked for sure, because my logs show it (I also stepped thru with
>> the debugger):
>>
>> [WARN] org.tynamo.security.services.SecurityModule.RememberMeManager
>> (buildRememberMeManager:111) - Symbol 'security.remembermecipherkey'
>> is not set, using 'tapestry.hmac-passphrase' as the cipher. Beware
>> that changing the value will invalidate rememberMe cookies
>> [ERROR] org.apache.tapestry5.modules.AssetsModule.AssetSource
>> (invoke:237) - Packaging of classpath assets has changed in release
>> 5.4; Assets should no longer be on the main classpath, but should be
>> moved to 'META-INF/assets/' or a sub-folder. Future releases of
>> Tapestry may no longer support assets on the main classpath.
>> [WARN] org.apache.tapestry5.modules.AssetsModule.AssetSource
>> (invoke:245) - Classpath asset '/org/tynamo/security/img/login-bg.png'
>> should be moved to folder
>> '/META-INF/assets/security/org/tynamo/security/img/'.
>> [DEBUG] com.foo.bar.core.engine.components.dao.UserManagementMockDao
>> (getUser:444) - userId: donkey
>> [DEBUG] com.foo.bar.core.engine.components.dao.UserManagementMockDao
>> (getUserPassword:451) - userId: donkey
>>
>> As you can see my mock dao is correctly being called and it is
>> returning the correct password because I saw it in the debugger.
>>
>> Am I instantiating SimpleAuthenticationInfo correctly? This API is all
>> new to me (never worked with Shiro) so I'm learning as I go.
>>
>> Also, here is what my AppModule contribution looks like:
>>
>> @Contribute(WebSecurityManager.class)
>> public static void addRealms(Configuration configuration,
>> @Inject @Fr
Re: Tynamo Security w/ custom Realm
So I set org.apache.shiro to DEBUG level and discovered that Shiro is
actually correctly authenticating but for some reason displays
"Unauthorized" page:
[DEBUG] com.foo.bar.core.engine.components.dao.UserManagementMockDao
(getUser:444) - userId: donkey
[DEBUG] com.foo.bar.core.engine.components.dao.UserManagementMockDao
(getUserPassword:451) - userId: donkey
[DEBUG] org.apache.shiro.realm.AuthenticatingRealm
(getAuthenticationInfo:569) - Looked up AuthenticationInfo [donkey]
from doGetAuthenticationInfo
[DEBUG] org.apache.shiro.realm.AuthenticatingRealm
(cacheAuthenticationInfoIfPossible:507) - AuthenticationInfo caching
is disabled for info [donkey]. Submitted token:
[org.apache.shiro.authc.UsernamePasswordToken - donkey,
rememberMe=false].
[DEBUG] org.apache.shiro.authc.credential.SimpleCredentialsMatcher
(equals:95) - Performing credentials equality check for
tokenCredentials of type [[C and accountCredentials of type
[java.lang.String]
[DEBUG] org.apache.shiro.authc.credential.SimpleCredentialsMatcher
(equals:101) - Both credentials arguments can be easily converted to
byte arrays. Performing array equals comparison
[DEBUG] org.apache.shiro.authc.AbstractAuthenticator
(authenticate:233) - Authentication successful for token
[org.apache.shiro.authc.UsernamePasswordToken - donkey,
rememberMe=false]. Returned account [donkey]
[DEBUG] org.apache.shiro.subject.support.DefaultSubjectContext
(resolveSecurityManager:102) - No SecurityManager available in subject
context map. Falling back to SecurityUtils.getSecurityManager()
lookup.
[DEBUG] org.apache.shiro.subject.support.DefaultSubjectContext
(resolveSecurityManager:102) - No SecurityManager available in subject
context map. Falling back to SecurityUtils.getSecurityManager()
lookup.
[DEBUG] org.apache.shiro.web.servlet.SimpleCookie
(addCookieHeader:226) - Added HttpServletResponse Cookie
[rememberMe=deleteMe; Path=/bip; Max-Age=0; Expires=Tue, 08-Nov-2016
12:28:52 GMT]
[DEBUG] org.apache.shiro.mgt.AbstractRememberMeManager
(onSuccessfulLogin:290) - AuthenticationToken did not indicate
RememberMe is requested. RememberMe functionality will not be
executed for corresponding account.
[DEBUG] org.apache.shiro.realm.AuthorizingRealm
(getAuthorizationCacheLazy:234) - No authorizationCache instance set.
Checking for a cacheManager...
[DEBUG] org.apache.shiro.realm.AuthorizingRealm
(getAuthorizationCacheLazy:242) - CacheManager
[MemoryConstrainedCacheManager with 0 cache(s)): []] has been
configured. Building authorization cache named
[awsiamaccounts.authorizationCache]
So I must have a misconfiguration somewhere but am stuck as I can't
figure out where. I just thought that tapestry-security automagically
handles redirect after login. My page is very simple:
@RequiresRoles("administrator")
public class Contact {
}
On Tue, Nov 8, 2016 at 8:30 PM, Adam X wrote:
> Hi Kyle,
>
> Thanks for taking a look. Indeed, I made the assumption that
> SimpleCredentialsMatcher is used by default, but as part of my
> troubleshooting I explicitly set it. doGetAuthenticationInfo is
> invoked for sure, because my logs show it (I also stepped thru with
> the debugger):
>
> [WARN] org.tynamo.security.services.SecurityModule.RememberMeManager
> (buildRememberMeManager:111) - Symbol 'security.remembermecipherkey'
> is not set, using 'tapestry.hmac-passphrase' as the cipher. Beware
> that changing the value will invalidate rememberMe cookies
> [ERROR] org.apache.tapestry5.modules.AssetsModule.AssetSource
> (invoke:237) - Packaging of classpath assets has changed in release
> 5.4; Assets should no longer be on the main classpath, but should be
> moved to 'META-INF/assets/' or a sub-folder. Future releases of
> Tapestry may no longer support assets on the main classpath.
> [WARN] org.apache.tapestry5.modules.AssetsModule.AssetSource
> (invoke:245) - Classpath asset '/org/tynamo/security/img/login-bg.png'
> should be moved to folder
> '/META-INF/assets/security/org/tynamo/security/img/'.
> [DEBUG] com.foo.bar.core.engine.components.dao.UserManagementMockDao
> (getUser:444) - userId: donkey
> [DEBUG] com.foo.bar.core.engine.components.dao.UserManagementMockDao
> (getUserPassword:451) - userId: donkey
>
> As you can see my mock dao is correctly being called and it is
> returning the correct password because I saw it in the debugger.
>
> Am I instantiating SimpleAuthenticationInfo correctly? This API is all
> new to me (never worked with Shiro) so I'm learning as I go.
>
> Also, here is what my AppModule contribution looks like:
>
> @Contribute(WebSecurityManager.class)
> public static void addRealms(Configuration configuration,
> @Inject @FromFactory UserManagementDao dao) {
> Realm realm = new FooBarCoreRealm(dao);
> configuration.add(realm);
> }
>
> Obviously replaced company name with FooBar etc.
>
> Adam
>
> On Tue, Nov 8, 2016 at 7:55 PM, Kalle Korhonen
> wrote:
>> Looks fine at a quick glance. As I recall, an AuthenticatingRealm uses
>> SimpleCrede
