Re: Tapestry-csrf-protection with Tapestry-Spring-Security.
Thanks a lot Eugen !
Le 15/07/2014 22:12, Eugen a écrit :
Yes, this is the "normal" way, another way is to make a tapestry form, f.e.:
and in OnSuccess event something like:
@inject
AuthenticationManager authenticationManager;
void onSuccess() {
Authentication authentication = new
UsernamePasswordAuthenticationToken(username, password);
Authentication authResult =
authenticationManager.authenticate(authentication);
SecurityContextHolder.getContext().setAuthentication(authResult);
}
this code throws an AuthenticationException if authentication fails.
Eugen
2014-07-15 19:09 GMT+02:00 TNO :
Thanks, but
This is a form with an action value
This is not a tapestry form (t:form), I don't think I can use the onSuccess
Thomas
Le 15/07/2014 18:49, Eugen a écrit :
Hi,
You can login programatically in onSucces function of a tapestry form.
Best regards
Eugen
Am 15.07.2014 16:16 schrieb "TNO" :
Hello,
Is there anybody who already use tapestry-csrf-protection with
Tapestry-Spring-Security ?
tapestry-csrf-protection works out of the box with t:form, but
Tapestry-Spring-Security works with is a simple html form and uses the
Spring HttpServletRequestFilter.
I'm using in the login form but I can't
check the token value in the filters...
Thanks for any help
Cheers, Thomas
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Tapestry-csrf-protection with Tapestry-Spring-Security.
Yes, this is the "normal" way, another way is to make a tapestry form, f.e.:
and in OnSuccess event something like:
@inject
AuthenticationManager authenticationManager;
void onSuccess() {
Authentication authentication = new
UsernamePasswordAuthenticationToken(username, password);
Authentication authResult =
authenticationManager.authenticate(authentication);
SecurityContextHolder.getContext().setAuthentication(authResult);
}
this code throws an AuthenticationException if authentication fails.
Eugen
2014-07-15 19:09 GMT+02:00 TNO :
> Thanks, but
>
> This is a form with an action value
>
> class="line">
>
> This is not a tapestry form (t:form), I don't think I can use the onSuccess
>
> Thomas
>
> Le 15/07/2014 18:49, Eugen a écrit :
>
> Hi,
>> You can login programatically in onSucces function of a tapestry form.
>> Best regards
>> Eugen
>> Am 15.07.2014 16:16 schrieb "TNO" :
>>
>> Hello,
>>>
>>> Is there anybody who already use tapestry-csrf-protection with
>>> Tapestry-Spring-Security ?
>>>
>>> tapestry-csrf-protection works out of the box with t:form, but
>>> Tapestry-Spring-Security works with is a simple html form and uses the
>>> Spring HttpServletRequestFilter.
>>>
>>> I'm using in the login form but I can't
>>> check the token value in the filters...
>>>
>>> Thanks for any help
>>>
>>> Cheers, Thomas
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
>>> For additional commands, e-mail: users-h...@tapestry.apache.org
>>>
>>>
>>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
Re: Tapestry-csrf-protection with Tapestry-Spring-Security.
Thanks, but This is a form with an action value class="line"> This is not a tapestry form (t:form), I don't think I can use the onSuccess Thomas Le 15/07/2014 18:49, Eugen a écrit : Hi, You can login programatically in onSucces function of a tapestry form. Best regards Eugen Am 15.07.2014 16:16 schrieb "TNO" : Hello, Is there anybody who already use tapestry-csrf-protection with Tapestry-Spring-Security ? tapestry-csrf-protection works out of the box with t:form, but Tapestry-Spring-Security works with is a simple html form and uses the Spring HttpServletRequestFilter. I'm using in the login form but I can't check the token value in the filters... Thanks for any help Cheers, Thomas - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Tapestry-csrf-protection with Tapestry-Spring-Security.
Hi, You can login programatically in onSucces function of a tapestry form. Best regards Eugen Am 15.07.2014 16:16 schrieb "TNO" : > Hello, > > Is there anybody who already use tapestry-csrf-protection with > Tapestry-Spring-Security ? > > tapestry-csrf-protection works out of the box with t:form, but > Tapestry-Spring-Security works with is a simple html form and uses the > Spring HttpServletRequestFilter. > > I'm using in the login form but I can't > check the token value in the filters... > > Thanks for any help > > Cheers, Thomas > > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > >
Re: Tapestry-csrf-protection with Tapestry-Spring-Security.
The trace : |java.lang.NullPointerException: Unable to delegate method invocation to property 'request' of , because the property is null. at $Request_1ce08361bf2a.readProperty(Unknown Source) at $Request_1ce08361bf2a.getSession(Unknown Source) at $Request_1ce08361bee0.getSession(Unknown Source) at org.apache.tapestry5.internal.services.SessionApplicationStatePersistenceStrategy.exists(SessionApplicationStatePersistenceStrategy.java:80) at $ApplicationStatePersistenceStrategy_1ce08361c07b.exists(Unknown Source) at org.apache.tapestry5.internal.services.ApplicationStateManagerImpl$ApplicationStateAdapter.exists(ApplicationStateManagerImpl.java:60) at org.apache.tapestry5.internal.services.ApplicationStateManagerImpl.getIfExists(ApplicationStateManagerImpl.java:140) at $ApplicationStateManager_1ce08361bf33.getIfExists(Unknown Source) at org.apache.tapestry5.csrfprotection.internal.SessionCsrfTokenRepository.loadToken(SessionCsrfTokenRepository.java:39) at $CsrfTokenRepository_1ce08361c079.loadToken(Unknown Source) at $CsrfTokenRepository_1ce08361beff.loadToken(Unknown Source) at org.atlog.mjweb.services.user.GemwebCsrfAuthenticationProcessingFilter.checkToken(GemwebCsrfAuthenticationProcessingFilter.java:40) at org.atlog.mjweb.services.user.GemwebCsrfAuthenticationProcessingFilter.attemptAuthentication(GemwebCsrfAuthenticationProcessingFilter.java:35) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211) at nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52) ... | Le 15/07/2014 16:15, TNO a écrit : Hello, Is there anybody who already use tapestry-csrf-protection with Tapestry-Spring-Security ? tapestry-csrf-protection works out of the box with t:form, but Tapestry-Spring-Security works with is a simple html form and uses the Spring HttpServletRequestFilter. I'm using in the login form but I can't check the token value in the filters... Thanks for any help Cheers, Thomas - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Tapestry-csrf-protection with Tapestry-Spring-Security.
Hello, Is there anybody who already use tapestry-csrf-protection with Tapestry-Spring-Security ? tapestry-csrf-protection works out of the box with t:form, but Tapestry-Spring-Security works with is a simple html form and uses the Spring HttpServletRequestFilter. I'm using in the login form but I can't check the token value in the filters... Thanks for any help Cheers, Thomas - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
