subject:"Authentication Tapestry 5"

Re: Authentication Tapestry 5

2007-11-21 Thread Gabriel Landais


Peter Stavrinides a écrit :

Hi all

My question is more of a best practice related question, I want to use 
a filter to extract my authentication code from the rest of the 
application logic, [...]


Thanks in advance,
Peter


Hi,
First, I'm a real Tapestry newbie, and I believe that Tapestry has a
quite steep learning curve (at last for T5 with current documentation).
 I wish to use JAAS inside my webapp, and I didn't achieve to use a
Tapestry login form. So I'm using a basic html page with Tomcat out of
box security login config. Magically, I'm able to retrieve my principal
in the JBoss EJB3 context. I use those EJBs for authorizations, Tapestry
just not knows if users have rights on data, as I delegate only the V
of MVC to Tapestry. If a user doesn't have right on something, a
security exception is thrown by the model and displayed back to him.
 A better solution would be having one namespace dedicated to login
users, not protected by servlet container. A Tapestry component would be
able to login user, and redirect him to a component in another
namespace, this one protected by a security-constraint. I'm just more
confident in servlet container security filtering than in a home made
filter.

So, how can I login my user inside my component and be able to retrieve
my principal with RequestGlobals.getHTTPServletRequest().getUserPrincipal()?

Thanks,
Gabriel


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Authentication Tapestry 5

2007-11-21 Thread Peter Stavrinides


Hi Gabriel

I have a similar setup using a JDBC realm as well as multiple 
applications running on the domain so the best solution for me was to 
look for the authorization header in the browser and use this info to 
authenticate


Chris posted a great wiki article on how to implement a Dispatcher or 
RequestFilter to handle the authentication, I don't know if anyone has a 
better solution than this but I get to the servlet context by adding 
constructor arguments to the wiki example:


public AccessController(
   ApplicationStateManager asm,
   RequestGlobals requestGlobals){
   this.request_ = requestGlobals.getHTTPServletRequest();
   this.response_ = requestGlobals.getHTTPServletResponse();
   this.asm_ = asm;
   }

seems to work,

Peter

Gabriel Landais wrote:

Peter Stavrinides a écrit :

Hi all

My question is more of a best practice related question, I want to 
use a filter to extract my authentication code from the rest of the 
application logic, [...]


Thanks in advance,
Peter


Hi,
First, I'm a real Tapestry newbie, and I believe that Tapestry has a
quite steep learning curve (at last for T5 with current documentation).
 I wish to use JAAS inside my webapp, and I didn't achieve to use a
Tapestry login form. So I'm using a basic html page with Tomcat out of
box security login config. Magically, I'm able to retrieve my principal
in the JBoss EJB3 context. I use those EJBs for authorizations, Tapestry
just not knows if users have rights on data, as I delegate only the V
of MVC to Tapestry. If a user doesn't have right on something, a
security exception is thrown by the model and displayed back to him.
 A better solution would be having one namespace dedicated to login
users, not protected by servlet container. A Tapestry component would be
able to login user, and redirect him to a component in another
namespace, this one protected by a security-constraint. I'm just more
confident in servlet container security filtering than in a home made
filter.

So, how can I login my user inside my component and be able to retrieve
my principal with 
RequestGlobals.getHTTPServletRequest().getUserPrincipal()?


Thanks,
Gabriel


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Authentication Tapestry 5

2007-11-20 Thread Peter Stavrinides

Hi Chris,

Thanks for the great wiki article, I have managed to implement what I
needed using 'Tapestry5HowToCreateADispatcher2'. My implementation is
very similar to the example... it seems to work great!

One question though regarding my ASO (which is similar to your
permissions ASO), you mention the object referenced by 'perms' is an
instance specific to the current request does this mean that I will
*not* get the very same instance if I try inject it in a page class
using the @ApplicationState annotation?

Thanks
Peter

Chris Lewis wrote:

Hello Peter,

It sounds like by 'filter' you mean a servlet filter and not a
Tapestry filter. Your requirements sound a tad exotic to me, but these
wikis should get you on the right track:

http://wiki.apache.org/tapestry/Tapestry5HowToCreateADispatcher
http://wiki.apache.org/tapestry/Tapestry5HowToCreateADispatcher2

They focus on implementing authentication/restriction code completely
outside of the 'page' level of the application. The focus on these is
the required infrastructure, so there are some holes left to be
filled. At any rate they should be useful for you. Note that the same
thing can be achieved using a Tapestry filter:
http://tapestry.apache.org/tapestry5/apidocs/org/apache/tapestry/services/RequestFilter.html

Sincerely,
Chris

Peter Stavrinides wrote:

Hi all

My question is more of a best practice related question, I want to
use a filter to extract my authentication code from the rest of the
application logic, so I can avoid adding this logic to pages. In
addition, one of my authentication requirements involves some
integration with third party applications so I need to check for
authentication headers... to accommodate this I use a session state
object in my app (i.e. a T5 service), which is available for the
duration of a users session.

Implementing an ordinary servlet filter would do the trick for the
authentication part... but then I wouldn't be able to use it with the
IoC service. So:

1. Is there a way to register my filter with Tapestry IoC instead of
registering it in web.xml? (would I create a contribution to the
framework?)
2. Can I inject this service (i.e. my state object )into the filter?
and what does this involve i.e. eager loading etc?

I am not sure I am going about this the right way, if someone has
done something similar could I get some pointers.

Thanks in advance,
Peter

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Authentication Tapestry 5

2007-11-20 Thread Chris Lewis

Hi Peter,

I'll ask Howard to verify what I say here as its a pretty important
issue. Short answer: Yes, you will get the same instance using the state
manager as you would from injection via @ApplicationState... for
simultaneous requests made by the same user (and therefore the same
request/session).

That is a very simplified answer. Its important to understand why you
can use @ApplicationState in a page but not in a singleton service. If
you read both wikis and/or docs on the state manager, you should already
have a basic understanding. Under the hood, T5 IoC uses the state
manager to retrieve page members marked as state objects with the
@ApplicationState annotation. Why? Because an instance of a page class
may be accessed simultaneously by many different requests at the same
time. In reality the annotation is just an indicator that a page member
is specific to the current request, NOT the page. Its up to the IoC
container to resolve exactly what request (session) is associated with
the requesting user, and ultimately which instance of your ASO class.
I'm quite sure this work is done by the state manager.

hope that helps

sincerely,
chris

Peter Stavrinides wrote:

Hi Chris,

Thanks for the great wiki article, I have managed to implement what I
needed using 'Tapestry5HowToCreateADispatcher2'. My implementation is
very similar to the example... it seems to work great!

Thanks
Peter

Chris Lewis wrote:

Hello Peter,

It sounds like by 'filter' you mean a servlet filter and not a
Tapestry filter. Your requirements sound a tad exotic to me, but
these wikis should get you on the right track:

http://wiki.apache.org/tapestry/Tapestry5HowToCreateADispatcher
http://wiki.apache.org/tapestry/Tapestry5HowToCreateADispatcher2

Sincerely,
Chris

Peter Stavrinides wrote:

Hi all

Implementing an ordinary servlet filter would do the trick for the
authentication part... but then I wouldn't be able to use it with
the IoC service. So:

1. Is there a way to register my filter with Tapestry IoC instead of
registering it in web.xml? (would I create a contribution to the
framework?)
2. Can I inject this service (i.e. my state object )into the
filter? and what does this involve i.e. eager loading etc?

I am not sure I am going about this the right way, if someone has
done something similar could I get some pointers.

Thanks in advance,
Peter

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Authentication Tapestry 5

2007-11-20 Thread Chris Lewis

Actually by indirection it is also my problem ;-), and I'd like to know
if you find this not to be true. I have done some digging and chatting
(on this list) about this topic, and for all I've found this appears to
be how it is designed. As such I shape my ideas and plans around this
understanding, so if it's wrong then I'm in trouble ;-). Share some code
if you have some that suggests otherwise, and hopefully Howard will
chime in if I'm off.

sincerely,
chris

Peter Stavrinides wrote:

Hi Chris,

Thanks for the clarification, this is what I had initially thought...
however some quick and dirty tests made me doubt this, I am not sure
why it didn't turn up for me that way, I will have to check my code
again ... not your problem anyway.

Thanks again,
Peter

Chris Lewis wrote:

Hi Peter,

I'll ask Howard to verify what I say here as its a pretty important
issue. Short answer: Yes, you will get the same instance using the
state manager as you would from injection via @ApplicationState...
for simultaneous requests made by the same user (and therefore the
same request/session).

That is a very simplified answer. Its important to understand why you
can use @ApplicationState in a page but not in a singleton service.
If you read both wikis and/or docs on the state manager, you should
already have a basic understanding. Under the hood, T5 IoC uses the
state manager to retrieve page members marked as state objects with
the @ApplicationState annotation. Why? Because an instance of a page
class may be accessed simultaneously by many different requests at
the same time. In reality the annotation is just an indicator that a
page member is specific to the current request, NOT the page. Its up
to the IoC container to resolve exactly what request (session) is
associated with the requesting user, and ultimately which instance of
your ASO class. I'm quite sure this work is done by the state manager.

hope that helps

sincerely,
chris

Peter Stavrinides wrote:

Hi Chris,

Thanks for the great wiki article, I have managed to implement what
I needed using 'Tapestry5HowToCreateADispatcher2'. My implementation
is very similar to the example... it seems to work great!

One question though regarding my ASO (which is similar to your
permissions ASO), you mention the object referenced by 'perms' is
an instance specific to the current request does this mean that I
will *not* get the very same instance if I try inject it in a page
class using the @ApplicationState annotation?

Thanks
Peter

Chris Lewis wrote:

Hello Peter,

It sounds like by 'filter' you mean a servlet filter and not a
Tapestry filter. Your requirements sound a tad exotic to me, but
these wikis should get you on the right track:

http://wiki.apache.org/tapestry/Tapestry5HowToCreateADispatcher
http://wiki.apache.org/tapestry/Tapestry5HowToCreateADispatcher2

They focus on implementing authentication/restriction code
completely outside of the 'page' level of the application. The
focus on these is the required infrastructure, so there are some
holes left to be filled. At any rate they should be useful for you.
Note that the same thing can be achieved using a Tapestry filter:
http://tapestry.apache.org/tapestry5/apidocs/org/apache/tapestry/services/RequestFilter.html

Sincerely,
Chris

Peter Stavrinides wrote:

Hi all

My question is more of a best practice related question, I want to
use a filter to extract my authentication code from the rest of
the application logic, so I can avoid adding this logic to pages.
In addition, one of my authentication requirements involves some
integration with third party applications so I need to check for
authentication headers... to accommodate this I use a session
state object in my app (i.e. a T5 service), which is available for
the duration of a users session.

Implementing an ordinary servlet filter would do the trick for the
authentication part... but then I wouldn't be able to use it with
the IoC service. So:

1. Is there a way to register my filter with Tapestry IoC instead
of registering it in web.xml? (would I create a contribution to
the framework?)
2. Can I inject this service (i.e. my state object )into the
filter? and what does this involve i.e. eager loading etc?

I am not sure I am going about this the right way, if someone has
done something similar could I get some pointers.

Thanks in advance,
Peter

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Authentication Tapestry 5

2007-11-20 Thread Peter Stavrinides

will do!

Peter

Chris Lewis wrote:
Actually by indirection it is also my problem ;-), and I'd like to
know if you find this not to be true. I have done some digging and
chatting (on this list) about this topic, and for all I've found this
appears to be how it is designed. As such I shape my ideas and plans
around this understanding, so if it's wrong then I'm in trouble ;-).
Share some code if you have some that suggests otherwise, and
hopefully Howard will chime in if I'm off.

sincerely,
chris

Peter Stavrinides wrote:

Hi Chris,

Thanks for the clarification, this is what I had initially
thought... however some quick and dirty tests made me doubt this, I
am not sure why it didn't turn up for me that way, I will have to
check my code again ... not your problem anyway.

Thanks again,
Peter

Chris Lewis wrote:

Hi Peter,

I'll ask Howard to verify what I say here as its a pretty important
issue. Short answer: Yes, you will get the same instance using the
state manager as you would from injection via @ApplicationState...
for simultaneous requests made by the same user (and therefore the
same request/session).

That is a very simplified answer. Its important to understand why
you can use @ApplicationState in a page but not in a singleton
service. If you read both wikis and/or docs on the state manager,
you should already have a basic understanding. Under the hood, T5
IoC uses the state manager to retrieve page members marked as state
objects with the @ApplicationState annotation. Why? Because an
instance of a page class may be accessed simultaneously by many
different requests at the same time. In reality the annotation is
just an indicator that a page member is specific to the current
request, NOT the page. Its up to the IoC container to resolve
exactly what request (session) is associated with the requesting
user, and ultimately which instance of your ASO class. I'm quite
sure this work is done by the state manager.

hope that helps

sincerely,
chris

Peter Stavrinides wrote:

Hi Chris,

Thanks for the great wiki article, I have managed to implement what
I needed using 'Tapestry5HowToCreateADispatcher2'. My
implementation is very similar to the example... it seems to work
great!

One question though regarding my ASO (which is similar to your
permissions ASO), you mention the object referenced by 'perms' is
an instance specific to the current request does this mean that I
will *not* get the very same instance if I try inject it in a page
class using the @ApplicationState annotation?

Thanks
Peter

Chris Lewis wrote:

Hello Peter,

It sounds like by 'filter' you mean a servlet filter and not a
Tapestry filter. Your requirements sound a tad exotic to me, but
these wikis should get you on the right track:

http://wiki.apache.org/tapestry/Tapestry5HowToCreateADispatcher
http://wiki.apache.org/tapestry/Tapestry5HowToCreateADispatcher2

They focus on implementing authentication/restriction code
completely outside of the 'page' level of the application. The
focus on these is the required infrastructure, so there are some
holes left to be filled. At any rate they should be useful for
you. Note that the same thing can be achieved using a Tapestry
filter:
http://tapestry.apache.org/tapestry5/apidocs/org/apache/tapestry/services/RequestFilter.html

Sincerely,
Chris

Peter Stavrinides wrote:

Hi all

My question is more of a best practice related question, I want
to use a filter to extract my authentication code from the rest
of the application logic, so I can avoid adding this logic to
pages. In addition, one of my authentication requirements
involves some integration with third party applications so I need
to check for authentication headers... to accommodate this I use
a session state object in my app (i.e. a T5 service), which is
available for the duration of a users session.

Implementing an ordinary servlet filter would do the trick for
the authentication part... but then I wouldn't be able to use it
with the IoC service. So:

1. Is there a way to register my filter with Tapestry IoC instead
of registering it in web.xml? (would I create a contribution to
the framework?)
2. Can I inject this service (i.e. my state object )into the
filter? and what does this involve i.e. eager loading etc?

I am not sure I am going about this the right way, if someone has
done something similar could I get some pointers.

Thanks in advance,
Peter

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Authentication Tapestry 5

2007-11-20 Thread Richard Kirby


Hi Chris,

You wrote:

manager to retrieve page members marked as state objects with the 
@ApplicationState annotation. Why? Because an instance of a page class 
may be accessed simultaneously by many different requests at the same 
time. In reality the annotation is just an indicator that a page


I don't think this is actually correct. Definitely in Tap4 and a quick 
reading of the lifecycle page for Tap5 suggests that an instance of a 
page is locked to a request for the duration of that request. This also 
means it is on a single thread (ie the thread handling the request) for 
the duration of the request.


This is why pages are pooled - because you may need more than one 
instance of a page to handle simultaneous requests.


That is my understanding anyway

Richard


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Authentication Tapestry 5

2007-11-20 Thread Chris Lewis



From 

http://tapestry.apache.org/tapestry5/tapestry-core/guide/lifecycle.html:

This is how Tapestry keeps you from worrying about multi-threading 
issues ... the objects involved in any request are reserved to just that 
request (and just that thread).


So I think you are right. Let me amend my statement by saying that an 
instance of a page class will be reused. Naturally this would suggest 
that stale values from other requests (and therefore other clients) 
would show up on the pages of other users (and indeed they do, without 
proper care). So @ApplicationState must remind the IoC container that 
whenever a page is attached to a request, it must populate the state 
objects according to the attached session.


Thanks :-)

Richard Kirby wrote:

Hi Chris,

You wrote:

manager to retrieve page members marked as state objects with the 
@ApplicationState annotation. Why? Because an instance of a page 
class may be accessed simultaneously by many different requests at 
the same time. In reality the annotation is just an indicator that a 
page


I don't think this is actually correct. Definitely in Tap4 and a quick 
reading of the lifecycle page for Tap5 suggests that an instance of a 
page is locked to a request for the duration of that request. This 
also means it is on a single thread (ie the thread handling the 
request) for the duration of the request.


This is why pages are pooled - because you may need more than one 
instance of a page to handle simultaneous requests.


That is my understanding anyway

Richard


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Authentication Tapestry 5

2007-11-19 Thread Peter Stavrinides


Hi all

My question is more of a best practice related question, I want to use a 
filter to extract my authentication code from the rest of the 
application logic, so I can avoid adding this logic to pages. In 
addition, one of my authentication requirements involves some 
integration with third party applications so I need to check for 
authentication headers... to accommodate this I use a session state 
object in my app (i.e. a T5 service), which is available for the 
duration of a users session.


Implementing an ordinary servlet filter would do the trick for the 
authentication part... but then I wouldn't be able to use it with the 
IoC service. So:


1. Is there a way to register my filter with Tapestry IoC instead of 
registering it in web.xml? (would I create a contribution to the framework?)
2. Can I inject this service (i.e. my state object  )into the filter? 
and what does this involve i.e. eager loading etc?


I am not sure I am going about this the right way, if someone has done 
something similar could I get some pointers.


Thanks in advance,
Peter





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Authentication Tapestry 5

2007-11-19 Thread Chris Lewis

Hello Peter,

It sounds like by 'filter' you mean a servlet filter and not a Tapestry
filter. Your requirements sound a tad exotic to me, but these wikis
should get you on the right track:

http://wiki.apache.org/tapestry/Tapestry5HowToCreateADispatcher
http://wiki.apache.org/tapestry/Tapestry5HowToCreateADispatcher2

They focus on implementing authentication/restriction code completely
outside of the 'page' level of the application. The focus on these is
the required infrastructure, so there are some holes left to be filled.
At any rate they should be useful for you. Note that the same thing can
be achieved using a Tapestry filter:

http://tapestry.apache.org/tapestry5/apidocs/org/apache/tapestry/services/RequestFilter.html

Sincerely,
Chris

Peter Stavrinides wrote:

Hi all

My question is more of a best practice related question, I want to use
a filter to extract my authentication code from the rest of the
application logic, so I can avoid adding this logic to pages. In
addition, one of my authentication requirements involves some
integration with third party applications so I need to check for
authentication headers... to accommodate this I use a session state
object in my app (i.e. a T5 service), which is available for the
duration of a users session.

Implementing an ordinary servlet filter would do the trick for the
authentication part... but then I wouldn't be able to use it with the
IoC service. So:

I am not sure I am going about this the right way, if someone has done
something similar could I get some pointers.

Thanks in advance,
Peter

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Authentication Tapestry 5

2007-11-19 Thread Peter Stavrinides

Hi Chris

Yes, this is kind of what I am looking for, I will give it a go...

Thanks
Peter

Chris Lewis wrote:

Hello Peter,

It sounds like by 'filter' you mean a servlet filter and not a
Tapestry filter. Your requirements sound a tad exotic to me, but these
wikis should get you on the right track:

http://wiki.apache.org/tapestry/Tapestry5HowToCreateADispatcher
http://wiki.apache.org/tapestry/Tapestry5HowToCreateADispatcher2

Sincerely,
Chris

Peter Stavrinides wrote:

Hi all

Implementing an ordinary servlet filter would do the trick for the
authentication part... but then I wouldn't be able to use it with the
IoC service. So:

I am not sure I am going about this the right way, if someone has
done something similar could I get some pointers.

Thanks in advance,
Peter

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Authentication Tapestry 5

Re: Authentication Tapestry 5

Re: Authentication Tapestry 5

Re: Authentication Tapestry 5

Re: Authentication Tapestry 5

Re: Authentication Tapestry 5

Re: Authentication Tapestry 5

Re: Authentication Tapestry 5

Authentication Tapestry 5

Re: Authentication Tapestry 5

Re: Authentication Tapestry 5

11 matches

Site Navigation

Mail list logo

Footer information