RE: T5: Problem with login form with Acegi
Ok. Got ya. Thankx -Original Message- From: Jonathan Barker [mailto:[EMAIL PROTECTED] Sent: 01 April 2008 16:04 To: 'Tapestry users' Subject: RE: T5: Problem with login form with Acegi It won't matter. That's why you use the @Secured("ROLE_ADMIN") annotation. At best, an unauthenticated user will have ROLE_ANONYMOUS if the AnonymousAuthenticationProvider is used. They will get an AccessDenied exception. I'm playing with a little older code that coughs up a hairball when it hits one of those exceptions, but I think the newer tapestry5-acegi does the appropriate redirection to whatever access-denied page you want. That could be the login page. Jonathan > -Original Message- > From: Mahen Perera [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 01, 2008 10:11 AM > To: Tapestry users > Subject: RE: T5: Problem with login form with Acegi > > Quick Question: > How can we avoid the situation where a user tries to directly access the > URL corresponding to the page named "Secure" in this case. I mean > without going thru the login form. > > Thanks > > > > -Original Message- > From: Jacob Bergoo [mailto:[EMAIL PROTECTED] > Sent: 28 March 2008 23:28 > To: users@tapestry.apache.org > Subject: T5: Problem with login form with Acegi > > > Hi All, > In my project I use the Tapestry5-Acegi project and made that work > following > the example and with some help from the forum, thanks... > Now I'm trying to make a more realistic version of a login where I can > control the validation on the login form and also based on user roles > redirect the user to the right page. > I have created a page like this: > public class LoginPage { > > /* PRIVATE MEMBERS */ > @Persist > private String userName; > private String password; > @Component > private Form form; > > /* INJECTED COMPONENTS, SERVICES ETC. */ > @Component(id = "password") > private PasswordField passwordField; > > @Inject > private AuthenticationManager authenticationManager; > > /* GETTERS AND SETTERS */ > public String getPassword() { > return password; > } > > public void setPassword(String password) { > this.password = password; > } > > public String getUserName() { > return userName; > } > > public void setUserName(String userName) { > this.userName = userName; > } > > /* ACTION METHODS */ > protected String onSuccess() { > UsernamePasswordAuthenticationToken authRequest = new > UsernamePasswordAuthenticationToken(userName, password); > Authentication authResult; > > try { > authResult = > authenticationManager.authenticate(authRequest); > if (!authResult.isAuthenticated()) { > form.recordError(passwordField, > "Invalid user name or > password."); > return null; > } > GrantedAuthority[] gratedAuthorityArray = > authResult.getAuthorities(); > Set grantedAuthoritySet = new > HashSet(); > for (int i = 0; i < gratedAuthorityArray.length; > i++) { > > grantedAuthoritySet.add(gratedAuthorityArray[i]); > System.out.println("Adding " + > gratedAuthorityArray[i] + " to set"); > } > > // DEBUGGING > System.out.println("successful login for: " + > userName); > System.out.println("authResult.getCredentials() > = " + > authResult.getCredentials()); > System.out.println("authResult.getPrincipal() = > " + > authResult.getPrincipal()); > System.out.println("authResult.getAuthorities(): > "); > for (int i = 0; i < gratedAuthorityArray.length; > i++) { > System.out.println("Auth no " + (i + 1) > + " = '" + > gratedAuthorityArray[i] + "'"); > } > // END DEBUGGING... > > if (grantedAuthoritySet.contains("ROLE_ADMIN")) > { > System.out.println("Redirecting to > Secure page..."); >
RE: T5: Problem with login form with Acegi
It won't matter. That's why you use the @Secured("ROLE_ADMIN") annotation. At best, an unauthenticated user will have ROLE_ANONYMOUS if the AnonymousAuthenticationProvider is used. They will get an AccessDenied exception. I'm playing with a little older code that coughs up a hairball when it hits one of those exceptions, but I think the newer tapestry5-acegi does the appropriate redirection to whatever access-denied page you want. That could be the login page. Jonathan > -Original Message- > From: Mahen Perera [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 01, 2008 10:11 AM > To: Tapestry users > Subject: RE: T5: Problem with login form with Acegi > > Quick Question: > How can we avoid the situation where a user tries to directly access the > URL corresponding to the page named "Secure" in this case. I mean > without going thru the login form. > > Thanks > > > > -Original Message- > From: Jacob Bergoo [mailto:[EMAIL PROTECTED] > Sent: 28 March 2008 23:28 > To: users@tapestry.apache.org > Subject: T5: Problem with login form with Acegi > > > Hi All, > In my project I use the Tapestry5-Acegi project and made that work > following > the example and with some help from the forum, thanks... > Now I'm trying to make a more realistic version of a login where I can > control the validation on the login form and also based on user roles > redirect the user to the right page. > I have created a page like this: > public class LoginPage { > > /* PRIVATE MEMBERS */ > @Persist > private String userName; > private String password; > @Component > private Form form; > > /* INJECTED COMPONENTS, SERVICES ETC. */ > @Component(id = "password") > private PasswordField passwordField; > > @Inject > private AuthenticationManager authenticationManager; > > /* GETTERS AND SETTERS */ > public String getPassword() { > return password; > } > > public void setPassword(String password) { > this.password = password; > } > > public String getUserName() { > return userName; > } > > public void setUserName(String userName) { > this.userName = userName; > } > > /* ACTION METHODS */ > protected String onSuccess() { > UsernamePasswordAuthenticationToken authRequest = new > UsernamePasswordAuthenticationToken(userName, password); > Authentication authResult; > > try { > authResult = > authenticationManager.authenticate(authRequest); > if (!authResult.isAuthenticated()) { > form.recordError(passwordField, > "Invalid user name or > password."); > return null; > } > GrantedAuthority[] gratedAuthorityArray = > authResult.getAuthorities(); > Set grantedAuthoritySet = new > HashSet(); > for (int i = 0; i < gratedAuthorityArray.length; > i++) { > > grantedAuthoritySet.add(gratedAuthorityArray[i]); > System.out.println("Adding " + > gratedAuthorityArray[i] + " to set"); > } > > // DEBUGGING > System.out.println("successful login for: " + > userName); > System.out.println("authResult.getCredentials() > = " + > authResult.getCredentials()); > System.out.println("authResult.getPrincipal() = > " + > authResult.getPrincipal()); > System.out.println("authResult.getAuthorities(): > "); > for (int i = 0; i < gratedAuthorityArray.length; > i++) { > System.out.println("Auth no " + (i + 1) > + " = '" + > gratedAuthorityArray[i] + "'"); > } > // END DEBUGGING... > > if (grantedAuthoritySet.contains("ROLE_ADMIN")) > { > System.out.println("Redirecting to > Secure page..."); > return "Secure"; > } else if > (grantedAuthoritySet.contains("ROLE_SOME_OTHER_ROLE")) { > System.out.println("redirecting to some > other pa
RE: T5: Problem with login form with Acegi
Quick Question: How can we avoid the situation where a user tries to directly access the URL corresponding to the page named "Secure" in this case. I mean without going thru the login form. Thanks -Original Message- From: Jacob Bergoo [mailto:[EMAIL PROTECTED] Sent: 28 March 2008 23:28 To: users@tapestry.apache.org Subject: T5: Problem with login form with Acegi Hi All, In my project I use the Tapestry5-Acegi project and made that work following the example and with some help from the forum, thanks... Now I'm trying to make a more realistic version of a login where I can control the validation on the login form and also based on user roles redirect the user to the right page. I have created a page like this: public class LoginPage { /* PRIVATE MEMBERS */ @Persist private String userName; private String password; @Component private Form form; /* INJECTED COMPONENTS, SERVICES ETC. */ @Component(id = "password") private PasswordField passwordField; @Inject private AuthenticationManager authenticationManager; /* GETTERS AND SETTERS */ public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public String getUserName() { return userName; } public void setUserName(String userName) { this.userName = userName; } /* ACTION METHODS */ protected String onSuccess() { UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(userName, password); Authentication authResult; try { authResult = authenticationManager.authenticate(authRequest); if (!authResult.isAuthenticated()) { form.recordError(passwordField, "Invalid user name or password."); return null; } GrantedAuthority[] gratedAuthorityArray = authResult.getAuthorities(); Set grantedAuthoritySet = new HashSet(); for (int i = 0; i < gratedAuthorityArray.length; i++) { grantedAuthoritySet.add(gratedAuthorityArray[i]); System.out.println("Adding " + gratedAuthorityArray[i] + " to set"); } // DEBUGGING System.out.println("successful login for: " + userName); System.out.println("authResult.getCredentials() = " + authResult.getCredentials()); System.out.println("authResult.getPrincipal() = " + authResult.getPrincipal()); System.out.println("authResult.getAuthorities(): "); for (int i = 0; i < gratedAuthorityArray.length; i++) { System.out.println("Auth no " + (i + 1) + " = '" + gratedAuthorityArray[i] + "'"); } // END DEBUGGING... if (grantedAuthoritySet.contains("ROLE_ADMIN")) { System.out.println("Redirecting to Secure page..."); return "Secure"; } else if (grantedAuthoritySet.contains("ROLE_SOME_OTHER_ROLE")) { System.out.println("redirecting to some other page"); return "SOME_OTHER_PAGE"; } } catch (AuthenticationException authenticationException) { System.out.println("user with username = " + userName + "couldn't be authenticated with Acegi"); } return null; } } In my Jetty Console I can see that I get the Authetication: Adding ROLE_ADMIN to set Adding ROLE_MANAGER to set Adding ROLE_USER to set successful login for: jacob authResult.getCredentials() = jacob authResult.getPrincipal() = UserDetailsBean { username = jacob password = jacob accountNonExpired = true passwordaccountNonLocked = true credentialsNonExpired = true enabled = true grantedAuthorities { 'ROLE_ADMIN' 'ROLE_MANAGER' 'ROLE_USER' } } authResult.getAuthorities(): Auth no 1 = 'ROLE_ADMIN' Auth no 2 = 'ROLE_MANAGER' Auth no 3 = 'ROLE_USER' [INFO] TimingFilter Request time: 26 ms [INFO] TimingFilter Request time: 18 ms [INFO] TimingFilter Request time: 2 ms but the redirection to the pages doesn't work... and if I change the last return null; to ret
RE: T5: Problem with login form with Acegi
@Secured({"ROLE1","ROLE2","ROLE3"}) > -Original Message- > From: Mahen Perera [mailto:[EMAIL PROTECTED] > Sent: Saturday, March 29, 2008 9:29 PM > To: Tapestry users > Subject: RE: T5: Problem with login form with Acegi > > Thanks Guys, this thread benefitted me as well :) > > One more Q: > How can I give multiple roles access to a page > > @Secured("RLE-DEFAULT-ROLE using commas,, or else, how can I do it?>") > Public class Blah{ > > Thanks > > > -Original Message- > From: Jacob Bergoo [mailto:[EMAIL PROTECTED] > Sent: 29 March 2008 16:32 > To: users@tapestry.apache.org > Subject: RE: T5: Problem with login form with Acegi > > > Thanks Jonathan, that did the trick! > Cheers, > Jacob > > > Jonathan Barker wrote: > > > > > > I should have pasted a little more code before. You need the > following > > line > > in your onSuccess method: > > > > > > SecurityContextHolder.getContext().setAuthentication(authResult); > > > > > > Acegi expects to do everything through the SecurityContext. > > > > > > > > > >> -Original Message- > >> From: Jacob Bergoo [mailto:[EMAIL PROTECTED] > >> Sent: Friday, March 28, 2008 9:57 PM > >> To: users@tapestry.apache.org > >> Subject: Re: T5: Problem with login form with Acegi > >> > >> > >> Hi again, > >> I had an error in my code when I compared the Set > with > >> a > >> String value... I changed that so the Set takes a String as input > >> instead. > >> Now it goes into the first if statement and try to call page Secure > and I > >> get the same error as I posted in my previous posting... > >> > >> in the end the error states: > >> Caused by: org.acegisecurity.AccessDeniedException: Access is denied > >> at > >> > org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:68) > >> at > >> > $AccessDecisionManager_118f7af2115.decide($AccessDecisionManager_118f7af > 21 > >> 15.java) > >> at > >> > org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation > (A > >> bstractSecurityInterceptor.java:323) > >> at > >> > nu.localhost.tapestry.acegi.services.internal.StaticSecurityChecker.chec > kB > >> efore(StaticSecurityChecker.java:43) > >> at > >> > $SecurityChecker_118f7af20ce.checkBefore($SecurityChecker_118f7af20ce.ja > va > >> ) > >> at com.bergoo.webshop.pages.Secure.beginRender(Secure.java) > >> at > >> > org.apache.tapestry.internal.structure.ComponentPageElementImpl$11$1.run > (C > >> omponentPageElementImpl.java:338) > >> at > >> > org.apache.tapestry.internal.structure.ComponentPageElementImpl.invoke(C > om > >> ponentPageElementImpl.java:874) > >> ... 98 more > >> > >> I don't see the reason why I get the Access denied. > >> Thanks for any help... > >> Jacob > >> -- > >> View this message in context: > http://www.nabble.com/T5%3A-Problem-with- > >> login-form-with-Acegi-tp16364295p16365723.html > >> Sent from the Tapestry - User mailing list archive at Nabble.com. > >> > >> > >> - > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > -- > View this message in context: > http://www.nabble.com/T5%3A-Problem-with-login-form-with-Acegi-tp1636429 > 5p16371816.html > Sent from the Tapestry - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > The information contained in this email is strictly confidential and for > the use of the addressee only, unless otherwise indicated. If you are not > the intended recipient, please do not read, copy, use or disclose to > others this message or any attachment. Please also notify the sender by > replying to this email or by telephone (+44 (0)20 7896 0011) and then > delete the email and any copies of it. Opinions, conclusions (etc.) that > do not relate to the official business of this company shall be understood > as neither given nor endorsed by it. IG Index plc is a company registered > in England and Wales under number 01190902. VAT registration number 761 > 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London > SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA > Register number 114059. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: T5: Problem with login form with Acegi
Thanks Guys, this thread benefitted me as well :) One more Q: How can I give multiple roles access to a page @Secured("RLE-DEFAULT-ROLE ") Public class Blah{ Thanks -Original Message- From: Jacob Bergoo [mailto:[EMAIL PROTECTED] Sent: 29 March 2008 16:32 To: users@tapestry.apache.org Subject: RE: T5: Problem with login form with Acegi Thanks Jonathan, that did the trick! Cheers, Jacob Jonathan Barker wrote: > > > I should have pasted a little more code before. You need the following > line > in your onSuccess method: > > > SecurityContextHolder.getContext().setAuthentication(authResult); > > > Acegi expects to do everything through the SecurityContext. > > > > >> -Original Message- >> From: Jacob Bergoo [mailto:[EMAIL PROTECTED] >> Sent: Friday, March 28, 2008 9:57 PM >> To: users@tapestry.apache.org >> Subject: Re: T5: Problem with login form with Acegi >> >> >> Hi again, >> I had an error in my code when I compared the Set with >> a >> String value... I changed that so the Set takes a String as input >> instead. >> Now it goes into the first if statement and try to call page Secure and I >> get the same error as I posted in my previous posting... >> >> in the end the error states: >> Caused by: org.acegisecurity.AccessDeniedException: Access is denied >> at >> org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:68) >> at >> $AccessDecisionManager_118f7af2115.decide($AccessDecisionManager_118f7af 21 >> 15.java) >> at >> org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation (A >> bstractSecurityInterceptor.java:323) >> at >> nu.localhost.tapestry.acegi.services.internal.StaticSecurityChecker.chec kB >> efore(StaticSecurityChecker.java:43) >> at >> $SecurityChecker_118f7af20ce.checkBefore($SecurityChecker_118f7af20ce.ja va >> ) >> at com.bergoo.webshop.pages.Secure.beginRender(Secure.java) >> at >> org.apache.tapestry.internal.structure.ComponentPageElementImpl$11$1.run (C >> omponentPageElementImpl.java:338) >> at >> org.apache.tapestry.internal.structure.ComponentPageElementImpl.invoke(C om >> ponentPageElementImpl.java:874) >> ... 98 more >> >> I don't see the reason why I get the Access denied. >> Thanks for any help... >> Jacob >> -- >> View this message in context: http://www.nabble.com/T5%3A-Problem-with- >> login-form-with-Acegi-tp16364295p16365723.html >> Sent from the Tapestry - User mailing list archive at Nabble.com. >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/T5%3A-Problem-with-login-form-with-Acegi-tp1636429 5p16371816.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] The information contained in this email is strictly confidential and for the use of the addressee only, unless otherwise indicated. If you are not the intended recipient, please do not read, copy, use or disclose to others this message or any attachment. Please also notify the sender by replying to this email or by telephone (+44 (0)20 7896 0011) and then delete the email and any copies of it. Opinions, conclusions (etc.) that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. IG Index plc is a company registered in England and Wales under number 01190902. VAT registration number 761 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA Register number 114059. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: T5: Problem with login form with Acegi
Thanks Jonathan, that did the trick! Cheers, Jacob Jonathan Barker wrote: > > > I should have pasted a little more code before. You need the following > line > in your onSuccess method: > > > SecurityContextHolder.getContext().setAuthentication(authResult); > > > Acegi expects to do everything through the SecurityContext. > > > > >> -Original Message- >> From: Jacob Bergoo [mailto:[EMAIL PROTECTED] >> Sent: Friday, March 28, 2008 9:57 PM >> To: users@tapestry.apache.org >> Subject: Re: T5: Problem with login form with Acegi >> >> >> Hi again, >> I had an error in my code when I compared the Set with >> a >> String value... I changed that so the Set takes a String as input >> instead. >> Now it goes into the first if statement and try to call page Secure and I >> get the same error as I posted in my previous posting... >> >> in the end the error states: >> Caused by: org.acegisecurity.AccessDeniedException: Access is denied >> at >> org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:68) >> at >> $AccessDecisionManager_118f7af2115.decide($AccessDecisionManager_118f7af21 >> 15.java) >> at >> org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(A >> bstractSecurityInterceptor.java:323) >> at >> nu.localhost.tapestry.acegi.services.internal.StaticSecurityChecker.checkB >> efore(StaticSecurityChecker.java:43) >> at >> $SecurityChecker_118f7af20ce.checkBefore($SecurityChecker_118f7af20ce.java >> ) >> at com.bergoo.webshop.pages.Secure.beginRender(Secure.java) >> at >> org.apache.tapestry.internal.structure.ComponentPageElementImpl$11$1.run(C >> omponentPageElementImpl.java:338) >> at >> org.apache.tapestry.internal.structure.ComponentPageElementImpl.invoke(Com >> ponentPageElementImpl.java:874) >> ... 98 more >> >> I don't see the reason why I get the Access denied. >> Thanks for any help... >> Jacob >> -- >> View this message in context: http://www.nabble.com/T5%3A-Problem-with- >> login-form-with-Acegi-tp16364295p16365723.html >> Sent from the Tapestry - User mailing list archive at Nabble.com. >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/T5%3A-Problem-with-login-form-with-Acegi-tp16364295p16371816.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: T5: Problem with login form with Acegi
I should have pasted a little more code before. You need the following line in your onSuccess method: SecurityContextHolder.getContext().setAuthentication(authResult); Acegi expects to do everything through the SecurityContext. > -Original Message- > From: Jacob Bergoo [mailto:[EMAIL PROTECTED] > Sent: Friday, March 28, 2008 9:57 PM > To: users@tapestry.apache.org > Subject: Re: T5: Problem with login form with Acegi > > > Hi again, > I had an error in my code when I compared the Set with a > String value... I changed that so the Set takes a String as input instead. > Now it goes into the first if statement and try to call page Secure and I > get the same error as I posted in my previous posting... > > in the end the error states: > Caused by: org.acegisecurity.AccessDeniedException: Access is denied > at > org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:68) > at > $AccessDecisionManager_118f7af2115.decide($AccessDecisionManager_118f7af21 > 15.java) > at > org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(A > bstractSecurityInterceptor.java:323) > at > nu.localhost.tapestry.acegi.services.internal.StaticSecurityChecker.checkB > efore(StaticSecurityChecker.java:43) > at > $SecurityChecker_118f7af20ce.checkBefore($SecurityChecker_118f7af20ce.java > ) > at com.bergoo.webshop.pages.Secure.beginRender(Secure.java) > at > org.apache.tapestry.internal.structure.ComponentPageElementImpl$11$1.run(C > omponentPageElementImpl.java:338) > at > org.apache.tapestry.internal.structure.ComponentPageElementImpl.invoke(Com > ponentPageElementImpl.java:874) > ... 98 more > > I don't see the reason why I get the Access denied. > Thanks for any help... > Jacob > -- > View this message in context: http://www.nabble.com/T5%3A-Problem-with- > login-form-with-Acegi-tp16364295p16365723.html > Sent from the Tapestry - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: T5: Problem with login form with Acegi
Hi again, I had an error in my code when I compared the Set with a String value... I changed that so the Set takes a String as input instead. Now it goes into the first if statement and try to call page Secure and I get the same error as I posted in my previous posting... in the end the error states: Caused by: org.acegisecurity.AccessDeniedException: Access is denied at org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:68) at $AccessDecisionManager_118f7af2115.decide($AccessDecisionManager_118f7af2115.java) at org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:323) at nu.localhost.tapestry.acegi.services.internal.StaticSecurityChecker.checkBefore(StaticSecurityChecker.java:43) at $SecurityChecker_118f7af20ce.checkBefore($SecurityChecker_118f7af20ce.java) at com.bergoo.webshop.pages.Secure.beginRender(Secure.java) at org.apache.tapestry.internal.structure.ComponentPageElementImpl$11$1.run(ComponentPageElementImpl.java:338) at org.apache.tapestry.internal.structure.ComponentPageElementImpl.invoke(ComponentPageElementImpl.java:874) ... 98 more I don't see the reason why I get the Access denied. Thanks for any help... Jacob -- View this message in context: http://www.nabble.com/T5%3A-Problem-with-login-form-with-Acegi-tp16364295p16365723.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]