subject authentication lost after several page requests
Hi all,
I've an webapplication with a loginform. The user has to authenticate and
authorize agains the LDAP system.
...
Subject subj = SecurityUtils.getSubject();
subj.getSession(true);
UsernamePasswordToken token =
new UsernamePasswordToken(userName, password, true);
token.setRememberMe(true);
subj.login(token);
if (subj.isAuthenticated()) {
log.info(isAuthenticated(): + subj.isAuthenticated());
// hier wird gegen das mapping groups-roles gematched
if (subj.hasRole(consultant))
return true;
}
...
This works fine for me.
I check the following, if the current user ist still authenticated, on every
page:
...
public Object onActivate() {
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
request.getHTTPServletRequest().getSession().invalidate();
System.out.println(Current user is not longer authenticated);
return login;
}
return null;
}
...
But if the user is logged in, a few page requests later(sometimes earlier
sometimes later)
the check(method onActivate) returned
...
currentUser.isAuthenticated() == false
...
and the browser shows my login page.
I use shiro-1.2.1 for web security implementations.
I don't know if this could be a shiro or tapestry issue.
Has anyone an idea how to fix this problem?
Thanks
marcoa
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
subject authentication lost after several page requests
Hi all,
I've an webapplication with a loginform. The user has to authenticate and
authorize agains the LDAP system.
...
Subject subj = SecurityUtils.getSubject();
subj.getSession(true);
UsernamePasswordToken token =
new UsernamePasswordToken(userName, password, true);
token.setRememberMe(true);
subj.login(token);
if (subj.isAuthenticated()) {
log.info(isAuthenticated(): + subj.isAuthenticated());
// hier wird gegen das mapping groups-roles gematched
if (subj.hasRole(consultant))
return true;
}
...
This works fine for me.
I check the following, if the current user ist still authenticated, on every
page:
...
public Object onActivate() {
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
request.getHTTPServletRequest().getSession().invalidate();
System.out.println(Current user is not longer authenticated);
return login;
}
return null;
}
...
But if the user is logged in, a few page requests later(sometimes earlier
sometimes later)
the check(method onActivate) returned
...
currentUser.isAuthenticated() == false
...
and the browser shows my login page.
I use shiro-1.2.1 for web security implementations.
I don't know if this could be a shiro or tapestry issue.
Has anyone an idea how to fix this problem?
Thanks
marcoa
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
Re: subject authentication lost after several page requests
On Thu, 10 Apr 2014 09:40:56 -0300, Marco Wulf w...@dsb.net wrote: Hi all,Hi!I use shiro-1.2.1 for web security implementations.Are you using tapestry-security (Tapestry-Shiro integration)? If not, the problem is probably not in Tapestry, as your Tapestry code is just using Shiro and very probably wouldn't have effect on it. I'd check your code for places that invalidate the HTTP session. I'd also suggest you to use Request and Session, from Tapestry, instead of HttpServletRequest and HttpSession directly.Anyway, if you don't want to use tapestry-security, I seriously advise you to do it. You'll have way less code to do the same checks and very probably less bugs too.--Thiago H. de Paula FigueiredoTapestry, Java and Hibernate consultant and developerhttp://machina.com.br
Antw: Re: subject authentication lost after several page requests
Hi, thanks for your advise. I'll check if I can change to tapestry-security. Thiago H de Paula Figueiredo thiag...@gmail.com 10.04.2014 15:10 On Thu, 10 Apr 2014 09:40:56 -0300, Marco Wulf w...@dsb.net wrote: Hi all, Hi! I use shiro-1.2.1 for web security implementations. Are you using tapestry-security (Tapestry-Shiro integration)? If not, the problem is probably not in Tapestry, as your Tapestry code is just using Shiro and very probably wouldn't have effect on it. I'd check your code for places that invalidate the HTTP session. I'd also suggest you to use Request and Session, from Tapestry, instead of HttpServletRequest and HttpSession directly. Anyway, if you don't want to use tapestry-security, I seriously advise you to do it. You'll have way less code to do the same checks and very probably less bugs too. -- Thiago H. de Paula Figueiredo Tapestry, Java and Hibernate consultant and developer http://machina.com.br - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
[no subject]
Did something happen to dojo over the weekend?
The latest tapestry 4.1.2-snapshot has suddenly started giving me
dojo.i18n.number has no properties
errors. This is invoked when you have client-side validation on, and
you place a translator:number on a TextField. You get some js like
this (below), and dojo.i18n.number doesn't seem to exist.
tapestry.form.registerProfile('addBillableItemEventForm',{required:
[billableItem,project],billableItem:{required:[You must
enter a value for Billable Item.]},project:{required:[You must
enter a value for Project.]},constraints:{quantity:
[[dojo.i18n.number.isReal,null,{places:0,decimal:.}]],cost:
[[dojo.i18n.number.isReal,null,{places:1,decimal:.}]]},quantity:
{constraints:[Quantity must be a numeric value. ]},cost:
{constraints:[Cost must be a numeric value. ]}});
Thanks,
J
--
Julian Wood [EMAIL PROTECTED]
Software Engineer
Teaching Learning Centre
University of Calgary
http://tlc.ucalgary.ca
[no subject]
-- Chinese name:徐 依伟 English name: will
OT - [Tapestry-Users] - prefix in mail subject?
Is there any way to set up the mails that go out prefixed with [Tapestry-Users] or something such? Just helps categorization of mails an easier tasks, visually. Thanks, Karthik
RE: OT - [Tapestry-Users] - prefix in mail subject?
Can't you categorize based on the recipient? Gmail offers that as an option when filtering. -Original Message- From: Karthik N [mailto:[EMAIL PROTECTED] Sent: Thursday, September 21, 2006 10:01 AM To: Tapestry users Subject: OT - [Tapestry-Users] - prefix in mail subject? Is there any way to set up the mails that go out prefixed with [Tapestry-Users] or something such? Just helps categorization of mails an easier tasks, visually. Thanks, Karthik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: OT - [Tapestry-Users] - prefix in mail subject?
Sometimes visual scanning of the Email subject seems to help me a lot. But maybe it's just me ... On 9/21/06, James Carman [EMAIL PROTECTED] wrote: Can't you categorize based on the recipient? Gmail offers that as an option when filtering. -Original Message- From: Karthik N [mailto:[EMAIL PROTECTED] Sent: Thursday, September 21, 2006 10:01 AM To: Tapestry users Subject: OT - [Tapestry-Users] - prefix in mail subject? Is there any way to set up the mails that go out prefixed with [Tapestry-Users] or something such? Just helps categorization of mails an easier tasks, visually. Thanks, Karthik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks, Karthik
[no subject]
[no subject]
When Im run de example of the component upload, this example has a basic upload component for images (jpeg). This is the error message org.apache.hivemind.ApplicationRuntimeException: Unable to construct service tapestry.multipart.ServletMultipartDecoder: Could not load class org.apache.tapestry.multipart.MultipartDecoderImpl from WebappClassLoader delegate: false repositories: /WEB-INF/classes/ -- Parent Classloader: [EMAIL PROTECTED] : org/apache/commons/fileupload/servlet/ServletFileUpload org.apache.hivemind.impl.servicemodel.ThreadedServiceModel.constructServiceF orCurrentThread(ThreadedServiceModel.java:186) org.apache.hivemind.impl.servicemodel.ThreadedServiceModel.getServiceImpleme ntationForCurrentThread(ThreadedServiceModel.java:157) $ServletMultipartDecoder_10d0ea93c7e._service($ServletMultipartDecoder_10d0e a93c7e.java) $ServletMultipartDecoder_10d0ea93c7e.cleanup($ServletMultipartDecoder_10d0ea 93c7e.java) $ServletMultipartDecoder_10d0ea93c7f.cleanup($ServletMultipartDecoder_10d0ea 93c7f.java) org.apache.tapestry.multipart.MultipartDecoderFilter.service(MultipartDecode rFilter.java:57) $ServletRequestServicerFilter_10d0ea93cbe.service($ServletRequestServicerFil ter_10d0ea93cbe.java) $ServletRequestServicer_10d0ea93cc6.service($ServletRequestServicer_10d0ea93 cc6.java) org.apache.tapestry.services.impl.SetupRequestEncoding.service(SetupRequestE ncoding.java:53) $ServletRequestServicerFilter_10d0ea93cc2.service($ServletRequestServicerFil ter_10d0ea93cc2.java) $ServletRequestServicer_10d0ea93cc6.service($ServletRequestServicer_10d0ea93 cc6.java) $ServletRequestServicer_10d0ea93cb8.service($ServletRequestServicer_10d0ea93 cb8.java) org.apache.tapestry.ApplicationServlet.doService(ApplicationServlet.java:123 ) org.apache.tapestry.ApplicationServlet.doPost(ApplicationServlet.java:168) javax.servlet.http.HttpServlet.service(HttpServlet.java:709) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) Anybody know how to fix this error ? Cordialmente, ~_~_~_~_~_~_~_~_~_~_~_~_~_~_~_~_~ ANDRÉS NATES M. Director de implantación e infraestructura. Nuevos Medios Calle 25 No. 127-220 Autopista Cali-Jamundí Km. 7 Tel: (572) - 524 07 77 Ext. 2173 Email: mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] Cali mailto:[EMAIL PROTECTED] - Colombia POLÍTICA DE CALIDAD Proveer soluciones tecnológicas de software para la gestión del conocimiento cumpliendo lo pactado con los clientes mediante el mejoramiento continuo y la innovación, apoyado en la sinergia corporativa de Parquesoft.
