Re: Tapestry-csrf-protection with Tapestry-Spring-Security.
Thanks a lot Eugen ! Le 15/07/2014 22:12, Eugen a écrit : Yes, this is the "normal" way, another way is to make a tapestry form, f.e.: and in OnSuccess event something like: @inject AuthenticationManager authenticationManager; void onSuccess() { Authentication authentication = new UsernamePasswordAuthenticationToken(username, password); Authentication authResult = authenticationManager.authenticate(authentication); SecurityContextHolder.getContext().setAuthentication(authResult); } this code throws an AuthenticationException if authentication fails. Eugen 2014-07-15 19:09 GMT+02:00 TNO : Thanks, but This is a form with an action value This is not a tapestry form (t:form), I don't think I can use the onSuccess Thomas Le 15/07/2014 18:49, Eugen a écrit : Hi, You can login programatically in onSucces function of a tapestry form. Best regards Eugen Am 15.07.2014 16:16 schrieb "TNO" : Hello, Is there anybody who already use tapestry-csrf-protection with Tapestry-Spring-Security ? tapestry-csrf-protection works out of the box with t:form, but Tapestry-Spring-Security works with is a simple html form and uses the Spring HttpServletRequestFilter. I'm using in the login form but I can't check the token value in the filters... Thanks for any help Cheers, Thomas - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Tapestry-csrf-protection with Tapestry-Spring-Security.
Yes, this is the "normal" way, another way is to make a tapestry form, f.e.: and in OnSuccess event something like: @inject AuthenticationManager authenticationManager; void onSuccess() { Authentication authentication = new UsernamePasswordAuthenticationToken(username, password); Authentication authResult = authenticationManager.authenticate(authentication); SecurityContextHolder.getContext().setAuthentication(authResult); } this code throws an AuthenticationException if authentication fails. Eugen 2014-07-15 19:09 GMT+02:00 TNO : > Thanks, but > > This is a form with an action value > > class="line"> > > This is not a tapestry form (t:form), I don't think I can use the onSuccess > > Thomas > > Le 15/07/2014 18:49, Eugen a écrit : > > Hi, >> You can login programatically in onSucces function of a tapestry form. >> Best regards >> Eugen >> Am 15.07.2014 16:16 schrieb "TNO" : >> >> Hello, >>> >>> Is there anybody who already use tapestry-csrf-protection with >>> Tapestry-Spring-Security ? >>> >>> tapestry-csrf-protection works out of the box with t:form, but >>> Tapestry-Spring-Security works with is a simple html form and uses the >>> Spring HttpServletRequestFilter. >>> >>> I'm using in the login form but I can't >>> check the token value in the filters... >>> >>> Thanks for any help >>> >>> Cheers, Thomas >>> >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >>> For additional commands, e-mail: users-h...@tapestry.apache.org >>> >>> >>> > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > >
Re: Tapestry-csrf-protection with Tapestry-Spring-Security.
Thanks, but This is a form with an action value class="line"> This is not a tapestry form (t:form), I don't think I can use the onSuccess Thomas Le 15/07/2014 18:49, Eugen a écrit : Hi, You can login programatically in onSucces function of a tapestry form. Best regards Eugen Am 15.07.2014 16:16 schrieb "TNO" : Hello, Is there anybody who already use tapestry-csrf-protection with Tapestry-Spring-Security ? tapestry-csrf-protection works out of the box with t:form, but Tapestry-Spring-Security works with is a simple html form and uses the Spring HttpServletRequestFilter. I'm using in the login form but I can't check the token value in the filters... Thanks for any help Cheers, Thomas - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Tapestry-csrf-protection with Tapestry-Spring-Security.
Hi, You can login programatically in onSucces function of a tapestry form. Best regards Eugen Am 15.07.2014 16:16 schrieb "TNO" : > Hello, > > Is there anybody who already use tapestry-csrf-protection with > Tapestry-Spring-Security ? > > tapestry-csrf-protection works out of the box with t:form, but > Tapestry-Spring-Security works with is a simple html form and uses the > Spring HttpServletRequestFilter. > > I'm using in the login form but I can't > check the token value in the filters... > > Thanks for any help > > Cheers, Thomas > > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > >
Re: Tapestry-csrf-protection with Tapestry-Spring-Security.
The trace : |java.lang.NullPointerException: Unable to delegate method invocation to property 'request' of , because the property is null. at $Request_1ce08361bf2a.readProperty(Unknown Source) at $Request_1ce08361bf2a.getSession(Unknown Source) at $Request_1ce08361bee0.getSession(Unknown Source) at org.apache.tapestry5.internal.services.SessionApplicationStatePersistenceStrategy.exists(SessionApplicationStatePersistenceStrategy.java:80) at $ApplicationStatePersistenceStrategy_1ce08361c07b.exists(Unknown Source) at org.apache.tapestry5.internal.services.ApplicationStateManagerImpl$ApplicationStateAdapter.exists(ApplicationStateManagerImpl.java:60) at org.apache.tapestry5.internal.services.ApplicationStateManagerImpl.getIfExists(ApplicationStateManagerImpl.java:140) at $ApplicationStateManager_1ce08361bf33.getIfExists(Unknown Source) at org.apache.tapestry5.csrfprotection.internal.SessionCsrfTokenRepository.loadToken(SessionCsrfTokenRepository.java:39) at $CsrfTokenRepository_1ce08361c079.loadToken(Unknown Source) at $CsrfTokenRepository_1ce08361beff.loadToken(Unknown Source) at org.atlog.mjweb.services.user.GemwebCsrfAuthenticationProcessingFilter.checkToken(GemwebCsrfAuthenticationProcessingFilter.java:40) at org.atlog.mjweb.services.user.GemwebCsrfAuthenticationProcessingFilter.attemptAuthentication(GemwebCsrfAuthenticationProcessingFilter.java:35) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211) at nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52) ... | Le 15/07/2014 16:15, TNO a écrit : Hello, Is there anybody who already use tapestry-csrf-protection with Tapestry-Spring-Security ? tapestry-csrf-protection works out of the box with t:form, but Tapestry-Spring-Security works with is a simple html form and uses the Spring HttpServletRequestFilter. I'm using in the login form but I can't check the token value in the filters... Thanks for any help Cheers, Thomas - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Tapestry-csrf-protection with Tapestry-Spring-Security.
Hello, Is there anybody who already use tapestry-csrf-protection with Tapestry-Spring-Security ? tapestry-csrf-protection works out of the box with t:form, but Tapestry-Spring-Security works with is a simple html form and uses the Spring HttpServletRequestFilter. I'm using in the login form but I can't check the token value in the filters... Thanks for any help Cheers, Thomas - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org