Re: [Announce] Acegi Security library for Tapestry 5
Do you have any examples of how to implement the login form/page? I'd certainly much prefer to implement this as a Tapestry page rather than other approaches that use JSP. How will login errors be reported on the login page? I think (hope) I can figure out how to adapt the example from the approaches I've seen in T4, but I suspect this is going to take a lot of digging. Thanks, Mark Robin Helgelin wrote: Hi, Thanks to Ivan Dubrov I've been able to put together an Acegi Security library for T5. My idea was a library similar to James Carman's tapestry-acegi for T4. Basic usage is that it works with the @Secured annotation. Currently only class level, but page listeners is planned. There are also a few components planned to make things easier, but this is merely get it out of the door release. :-). More information and example usage and application can be found here: http://www.localhost.nu/java/tapestry5-acegi/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Announce] Acegi Security library for Tapestry 5
Robin Helgelin wrote: On 8/18/07, Mark Helmstetter [EMAIL PROTECTED] wrote: Do you have any examples of how to implement the login form/page? I'd certainly much prefer to implement this as a Tapestry page rather than other approaches that use JSP. How will login errors be reported on the login page? There is a small example application available here: http://www.localhost.nu/svn/public/tapestry5-acegi-example/ Currently I'm using the acegi.failure.url application option to give information that the login didn't work out. If you have other idea, just shoot them over here :) Thanks Robin, I just found the example app, and I've got it working now. I think that is really all that is needed for the login failure case. There's still a lot that's going on here that I don't quite understand, but most of that is due to my lack of understanding of how all of the T5 IoC magic works. I'd really prefer to have a bit more control over how the Acegi classes are configured, and to do so using a more traditional Spring-based approach. I managed to do this for the injection of the UserDetailsService by omitting the binder.bind() call in the AppModule. I was unable to do this with the daoAuthenticationProvider, resulting in the error Service id 'daoAuthenticationProvider' has already been defined.. It looks like I'd need to modify the SecurityModule to do this. Overall though, I'm really happy with it, and thanks to you and Ivan for your contribution. Mark
Re: [Announce] Acegi Security library for Tapestry 5
One more question, have you been able to get logout to work? I tried creating a simple link to /j_acegi_logout and to /app/j_acegi_logout which didn't seem to work. I get a 404 not found. It seems that the logout filter has not been created/initialized? Thanks, Mark Robin Helgelin wrote: On 8/18/07, Mark Helmstetter [EMAIL PROTECTED] wrote: Do you have any examples of how to implement the login form/page? I'd certainly much prefer to implement this as a Tapestry page rather than other approaches that use JSP. How will login errors be reported on the login page? There is a small example application available here: http://www.localhost.nu/svn/public/tapestry5-acegi-example/ Currently I'm using the acegi.failure.url application option to give information that the login didn't work out. If you have other idea, just shoot them over here :)
Re: [Announce] Acegi Security library for Tapestry 5
On 8/18/07, Mark Helmstetter [EMAIL PROTECTED] wrote: There's still a lot that's going on here that I don't quite understand, but most of that is due to my lack of understanding of how all of the T5 IoC magic works. I'd really prefer to have a bit more control over how the Acegi classes are configured, and to do so using a more traditional Spring-based approach. I managed to do this for the injection of the UserDetailsService by omitting the binder.bind() call in the AppModule. I was unable to do this with the daoAuthenticationProvider, resulting in the error Service id 'daoAuthenticationProvider' has already been defined.. It looks like I'd need to modify the SecurityModule to do this. The binder.bind() is only for simple services that doesn't need any special parameters such as constructor or properties set before use. You can always create a build method for your object where you provide the information you need, such as the buildUserInitializer. Also, when I look at the code now, I think it's a double declaration of UserDetailsService as I use it with both binder.bind() and a buildUserDetailsService. :-) Overall though, I'm really happy with it, and thanks to you and Ivan for your contribution. Thanks! -- regards, Robin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Announce] Acegi Security library for Tapestry 5
On 8/18/07, Mark Helmstetter [EMAIL PROTECTED] wrote: One more question, have you been able to get logout to work? I tried creating a simple link to /j_acegi_logout and to /app/j_acegi_logout which didn't seem to work. I get a 404 not found. It seems that the logout filter has not been created/initialized? That's correct, the acegi.logout.url is being removed in the next release, the idea is to use the LogoutService as described in an earilier mail to this thread. The next update of the example application will have an example of how to logout. -- regards, Robin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Announce] Acegi Security library for Tapestry 5
On 8/17/07, Kheldar666 [EMAIL PROTECTED] wrote: For the SecurityContextHolder I went a little too fast... You don't need to use WebContextApplication : Ok, good, I'll add it to the next release. For the loggout service, if the purpose is to use only the LogoutService... What's the use of acegi.logout.url ? It's no use, it should be removed :). By the way, it's a great work you did. You solve many of my problems in one jar :) Thanks, also thank Ivan, who wrote most of the code :). -- regards, Robin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[Announce] Acegi Security library for Tapestry 5
Hi, Thanks to Ivan Dubrov I've been able to put together an Acegi Security library for T5. My idea was a library similar to James Carman's tapestry-acegi for T4. Basic usage is that it works with the @Secured annotation. Currently only class level, but page listeners is planned. There are also a few components planned to make things easier, but this is merely get it out of the door release. :-). More information and example usage and application can be found here: http://www.localhost.nu/java/tapestry5-acegi/ -- regards, Robin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Announce] Acegi Security library for Tapestry 5
Alleluia -- View this message in context: http://www.nabble.com/-Announce--Acegi-Security-library-for-Tapestry-5-tf4279236.html#a12180260 Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Announce] Acegi Security library for Tapestry 5
I may have two questions : - First is it normal that you choose not to use the SecurityContextHolderAwareRequestFilter ? I used this : public static void contributeHttpServletRequestHandler( OrderedConfigurationHttpServletRequestFilter configuration, WebApplicationContext webApplicationContext) { Filter securityContextHolderAwareRequestFilter = (Filter)webApplicationContext.getBean(securityContextHolderAwareRequestFilter); configuration.add(acegiSecurityContextHolderAwareRequestFilter, new HttpServletRequestFilterWrapper(securityContextHolderAwareRequestFilter), after:acegiRememberMeProcessingFilter); } - I tryied to use the loggout feature, but it seams not working : Error 404 when calling /j_acegi_logout. Should I add something somewhere ? Best regards, Martin -- View this message in context: http://www.nabble.com/-Announce--Acegi-Security-library-for-Tapestry-5-tf4279236.html#a12184379 Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Announce] Acegi Security library for Tapestry 5
Well... I made this, and now I can Login / Logout and use isUserInRole() and getUserPrincipal() methods public static void contributeHttpServletRequestHandler( OrderedConfigurationHttpServletRequestFilter configuration, WebApplicationContext webApplicationContext, @InjectService(rememberMeLogoutHandler) LogoutHandler rememberMeLogoutHandler, @Inject @Value(${acegi.logout.url}) String logoutUrl, @Inject @Value(${acegi.afterlogout.url}) String afterLogoutUrl ) { Filter securityContextHolderAwareRequestFilter = (Filter)webApplicationContext.getBean(securityContextHolderAwareRequestFilter); configuration.add(acegiSecurityContextHolderAwareRequestFilter, new HttpServletRequestFilterWrapper(securityContextHolderAwareRequestFilter), after:acegiRememberMeProcessingFilter); LogoutHandler[] logoutHandler = { new SecurityContextLogoutHandler(), rememberMeLogoutHandler } ; LogoutFilter acegiLogoutFilter = new LogoutFilter(afterLogoutUrl,logoutHandler); acegiLogoutFilter.setFilterProcessesUrl(logoutUrl); configuration.add(acegiLogoutFilter, new HttpServletRequestFilterWrapper(acegiLogoutFilter), after:acegiHttpSessionContextIntegrationFilter); } -- View this message in context: http://www.nabble.com/-Announce--Acegi-Security-library-for-Tapestry-5-tf4279236.html#a12185631 Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Announce] Acegi Security library for Tapestry 5
On 8/16/07, Kheldar666 [EMAIL PROTECTED] wrote: I may have two questions : - First is it normal that you choose not to use the SecurityContextHolderAwareRequestFilter ? I used this : Is it needed? Can the filter be found without using spring beans? I want the library to be completly free of spring dependencies (I know I can't avoid Acegi using spring, but the library doesn't need to. - I tryied to use the loggout feature, but it seams not working : Error 404 when calling /j_acegi_logout. Should I add something somewhere ? The idea is to use the LogoutService. @Inject LogoutService logoutService; logoutService.logout(); If that doesn't work, something is wrong :) -- regards, Robin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Announce] Acegi Security library for Tapestry 5
For the SecurityContextHolder I went a little too fast... You don't need to use WebContextApplication : configuration.add(acegiSecurityContextHolderAwareRequestFilter, new HttpServletRequestFilterWrapper(new SecurityContextHolderAwareRequestFilter()), after:acegiRememberMeProcessingFilter); For the loggout service, if the purpose is to use only the LogoutService... What's the use of acegi.logout.url ? By the way, it's a great work you did. You solve many of my problems in one jar :) Cheers, Martin Robin Ericsson-3 wrote: On 8/16/07, Kheldar666 [EMAIL PROTECTED] wrote: I may have two questions : - First is it normal that you choose not to use the SecurityContextHolderAwareRequestFilter ? I used this : Is it needed? Can the filter be found without using spring beans? I want the library to be completly free of spring dependencies (I know I can't avoid Acegi using spring, but the library doesn't need to. - I tryied to use the loggout feature, but it seams not working : Error 404 when calling /j_acegi_logout. Should I add something somewhere ? The idea is to use the LogoutService. @Inject LogoutService logoutService; logoutService.logout(); If that doesn't work, something is wrong :) -- regards, Robin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/-Announce--Acegi-Security-library-for-Tapestry-5-tf4279236.html#a12190506 Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]