RE: Tapestry Acegi
"Tapestry users" cc Please respond to "'Tapestry users'" "Tapestry users" Subject
RE: Tapestry Acegi
Hi James. Thanks for taking the time to help me with this. I think my problem was caused by not having the hivemind-acegi module. I've now got that plus the hivemind-acegi-dao, as I want to use a simple InMemoryDaoImpl. I think I'm now back into Hivemind related issues, as this is where my Hivemind knowledge breaks down. I can see in the hivemodule you've got this: I need to provide my own implementation, something like this, though I'm not quite sure how to specify the userMap. Fun with that later I suspect. [EMAIL PROTECTED],ROLE_SUPERUSER [EMAIL PROTECTED],ROLE_DATA_ADMINISTRATOR fred,ROLE_SUPPORT I've tried using a : But since I'm not contributing to a named service I get an error. Hopefully I just need to sort out these last two things and I'm up and running. If you like once I get there I could write a how-to for you to use on the tapestry-acegi site detailing what I did along with some concrete examples? Rob Cole CSA Web +44 (0)20 754 51117 "James Carman" <[EMAIL PROTECTED]>
RE: Tapestry Acegi
Tapestry-Acegi doesn't use Spring at all. Can you send me the error messages? You need hivemind-acegi.jar in your classpath. -Original Message- From: Robert Cole [mailto:[EMAIL PROTECTED] Sent: Friday, September 01, 2006 9:53 AM To: Tapestry users Cc: 'Tapestry users' Subject: RE: Tapestry Acegi Hi James, I've managed to get Acegi up and running with our own custom filter but when I put the Tapestry Acegi jar into my build I get errors about various beans not being present. Is there any documentation on what Spring beans TA depends on? Also, looking at the hivemodule, most of the configuration is in Hivemind with some dependencies on other Acegi objects being created somewhere else, i.e. in Spring. While we make extensive use of both, we have Hivemind sitting on top of Spring. In otherwords, while Hivemind can retrieve Spring beans, Spring cannot gain access to Hivemind services. This is to stop any circular depencecies being created. Could this cause a problem for TA? I guess I'm kind of working in the cark at the moment, but the concept of TA looks very, very promising! Rob Cole "James Carman" <[EMAIL PROTECTED]> 31/08/2006 18:11 To "'Tapestry users'" cc Please respond to "Tapestry users" Subject RE: Tapestry Acegi Oh, as for the @Secured annotation not being present, you have to add the acegi-security-tiger.jar file (tiger = JDK5) to your classpath. Tapestry-Acegi uses the built-in @Secured annotation available from Acegi to secure page classes and listener methods. For the build to work, you will have to install some of the "sun jars" (it's a pain in the rear, I know) and you can refer to the maven documentation here: http://maven.apache.org/guides/mini/guide-coping-with-sun-jars.html There is a bit (a very bit, sorry :-) of documentation available at: http://www.carmanconsulting.com/tapestry-acegi Again, I am going to have some time off next week and the next and I plan on updating all of this stuff. -Original Message- From: Robert Cole [mailto:[EMAIL PROTECTED] Sent: Thursday, August 31, 2006 12:53 PM To: users@tapestry.apache.org Subject: Tapestry Acegi Has anyone used the Tapestry-Acegi project? I'm about to implement some role based security on our project and we're looking at this as its linked on the Tapestry home page. Unfortunately there's no doc and the builds don't appear to work as when I tried one (the latest one from June some time) it looks like there's some hivemind configuration missing. Plus the annotation file that's supposed to do all of the work for me is missing from the build! Its not going to be that hard to implement our own Acegi based security but it would be nice if the Tapestry one could do 90% of the work for us. Thanks, Rob Cole --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry Acegi
Hi James, I've managed to get Acegi up and running with our own custom filter but when I put the Tapestry Acegi jar into my build I get errors about various beans not being present. Is there any documentation on what Spring beans TA depends on? Also, looking at the hivemodule, most of the configuration is in Hivemind with some dependencies on other Acegi objects being created somewhere else, i.e. in Spring. While we make extensive use of both, we have Hivemind sitting on top of Spring. In otherwords, while Hivemind can retrieve Spring beans, Spring cannot gain access to Hivemind services. This is to stop any circular depencecies being created. Could this cause a problem for TA? I guess I'm kind of working in the cark at the moment, but the concept of TA looks very, very promising! Rob Cole "James Carman" <[EMAIL PROTECTED]> 31/08/2006 18:11
RE: Tapestry Acegi
"Tapestry users" cc Please respond to "Tapestry users" Subject
RE: Tapestry Acegi
Thanks James. I'd seen the Tapestry Acegi site and it looks a little thin on the ground ;-) I'll have another go with the docs you've sent and I'll see how I go. Rob Cole CSA Web +44 (0)20 754 51117 "James Carman" <[EMAIL PROTECTED]> 31/08/2006 18:11 To
RE: Tapestry Acegi
I've used Acegi too and it's great! Maybe you should try trails, because this can generate a lot of stuff for Acegi. I used that too and after adding some small annotations to my DAO objects, the total security, inclusive admin tool, was ready. -Original Message- From: Robert Cole [mailto:[EMAIL PROTECTED] Sent: Thu 8/31/2006 6:53 PM To: users@tapestry.apache.org Cc: Subject: Tapestry Acegi Has anyone used the Tapestry-Acegi project? I'm about to implement some role based security on our project and we're looking at this as its linked on the Tapestry home page. Unfortunately there's no doc and the builds don't appear to work as when I tried one (the latest one from June some time) it looks like there's some hivemind configuration missing. Plus the annotation file that's supposed to do all of the work for me is missing from the build! Its not going to be that hard to implement our own Acegi based security but it would be nice if the Tapestry one could do 90% of the work for us. Thanks, Rob Cole --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry Acegi
Oh, as for the @Secured annotation not being present, you have to add the acegi-security-tiger.jar file (tiger = JDK5) to your classpath. Tapestry-Acegi uses the built-in @Secured annotation available from Acegi to secure page classes and listener methods. For the build to work, you will have to install some of the "sun jars" (it's a pain in the rear, I know) and you can refer to the maven documentation here: http://maven.apache.org/guides/mini/guide-coping-with-sun-jars.html There is a bit (a very bit, sorry :-) of documentation available at: http://www.carmanconsulting.com/tapestry-acegi Again, I am going to have some time off next week and the next and I plan on updating all of this stuff. -Original Message- From: Robert Cole [mailto:[EMAIL PROTECTED] Sent: Thursday, August 31, 2006 12:53 PM To: users@tapestry.apache.org Subject: Tapestry Acegi Has anyone used the Tapestry-Acegi project? I'm about to implement some role based security on our project and we're looking at this as its linked on the Tapestry home page. Unfortunately there's no doc and the builds don't appear to work as when I tried one (the latest one from June some time) it looks like there's some hivemind configuration missing. Plus the annotation file that's supposed to do all of the work for me is missing from the build! Its not going to be that hard to implement our own Acegi based security but it would be nice if the Tapestry one could do 90% of the work for us. Thanks, Rob Cole --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry Acegi
Yes, we use Tapestry-Acegi at work and it works just fine for us. You have to make sure you get all of the dependencies. A lot of the work is done by the hivemind-acegi module (also available at JavaForge) and the hivemind-acegi-dao module (if you want to use it). -Original Message- From: Robert Cole [mailto:[EMAIL PROTECTED] Sent: Thursday, August 31, 2006 12:53 PM To: users@tapestry.apache.org Subject: Tapestry Acegi Has anyone used the Tapestry-Acegi project? I'm about to implement some role based security on our project and we're looking at this as its linked on the Tapestry home page. Unfortunately there's no doc and the builds don't appear to work as when I tried one (the latest one from June some time) it looks like there's some hivemind configuration missing. Plus the annotation file that's supposed to do all of the work for me is missing from the build! Its not going to be that hard to implement our own Acegi based security but it would be nice if the Tapestry one could do 90% of the work for us. Thanks, Rob Cole --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tapestry Acegi
Has anyone used the Tapestry-Acegi project? I'm about to implement some role based security on our project and we're looking at this as its linked on the Tapestry home page. Unfortunately there's no doc and the builds don't appear to work as when I tried one (the latest one from June some time) it looks like there's some hivemind configuration missing. Plus the annotation file that's supposed to do all of the work for me is missing from the build! Its not going to be that hard to implement our own Acegi based security but it would be nice if the Tapestry one could do 90% of the work for us. Thanks, Rob Cole --- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tapestry + Acegi + Spring integration
On Wednesday 12 July 2006 13:48, James Carman wrote: > hivemodule.xml file to get that to work. Why can't you just plug your own > SSO filter into the existing pipeline by using a symbol override? just to make clear I'm not really familiar with Hivemind, I just use it to reach the Spring Beans ;-(. Does this mean I can simply override in my Application's hivemodule.xml? That would be easy! Unfortunately I can't test it right now, but I will give it a try later. Does the SecuredMethodEnhancementWorker also work for Hivemind Services like FileDownload etc.? Thanks, Gernot -- Gernot Stocker, Institute for Genomics and Bioinformatics(IGB) Petersgasse 14, 8010 Graz, Austria Tel.: ++43 316 873 5345 http://genome.tugraz.at pgpj6Xx7AkFsr.pgp Description: PGP signature
RE: Tapestry + Acegi + Spring integration
You can use a symbol override for that: -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Jesper Zedlitz Sent: Wednesday, July 12, 2006 8:58 AM To: users@tapestry.apache.org Subject: RE: Tapestry + Acegi + Spring integration -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Carman wrote: > What did you mean by "How do I change the name used for HTTP basic > authentication?" on the Wiki? > Ok, "realm name" is more percise. Right now it is "Acegi Security" but I would like to change it to something like "super secrect area". Jesper - -- Jesper Zedlitz eMail: [EMAIL PROTECTED] Homepage : http://www.zedlitz.de ICQ# : 23890711 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEtPH6jSxW58yLxdgRAs2nAJsHrxb1rML8TcHgDaCzL4JHGbNzNACePT1G mTQhEzPeJoPQF4oq8/o4aMU= =fEIQ -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry + Acegi + Spring integration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Carman wrote: > What did you mean by "How do I change the name used for HTTP basic > authentication?" on the Wiki? > Ok, "realm name" is more percise. Right now it is "Acegi Security" but I would like to change it to something like "super secrect area". Jesper - -- Jesper Zedlitz eMail: [EMAIL PROTECTED] Homepage : http://www.zedlitz.de ICQ# : 23890711 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEtPH6jSxW58yLxdgRAs2nAJsHrxb1rML8TcHgDaCzL4JHGbNzNACePT1G mTQhEzPeJoPQF4oq8/o4aMU= =fEIQ -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry + Acegi + Spring integration
What did you mean by "How do I change the name used for HTTP basic authentication?" on the Wiki? -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Jesper Zedlitz Sent: Tuesday, July 11, 2006 8:32 AM To: users@tapestry.apache.org Subject: RE: Tapestry + Acegi + Spring integration James Carman wrote: > You can tell HiveMind to use a different password encoder if you want. > All you have to do is override the symbol > hivemind.acegi.dao.passwordEncoder: > > value="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/> > > Ok, that helps. Now I do not have to re-encode the password anymore. To use a plaintext password I use this configuration: It is important that in the case of a plaintext password the salt is an empty string. Otherwise it would be added after the password and the login would fail. Is there a way to get rid of my helper class that just forwards the UserDetails object? Right now the "implementation" element in my hivemodule.xml looks like this: Jesper -- Jesper Zedlitz eMail: [EMAIL PROTECTED] Homepage : http://www.zedlitz.de ICQ# : 23890711 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry + Acegi + Spring integration
The tapestry-acegi module allows you to use the Acegi servlet filters as ServletRequestServicerFilters. So, you can just add a javax.servlet.Filter to the pipeline and it will automatically wrap it to adapt it to the proper interface. Since the "filterChainProxy" implements javax.servlet.Filter, I think that might just work. Of course, you can't really override a contribution. You'd actually have to change the tapestry-acegi hivemodule.xml file to get that to work. Why can't you just plug your own SSO filter into the existing pipeline by using a symbol override? -Original Message- From: Gernot Stocker [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 12, 2006 7:42 AM To: Tapestry users Subject: Re: Tapestry + Acegi + Spring integration On Tuesday 11 July 2006 20:30, James Carman wrote: > Yeah, when I added tapestry-acegi support into our project at work, the > people were quite amazed at how easy it was to secure a page. Hi, I would like to use the tapestry-acegi project for ACEGI-security-checks in pages, having already implemented a SSO authentication javax.servlet.Filter / org.acegisecurity.ui.webapp.AuthenticationProcessingFilter for authentication. In order to get a cleaner tapestry integration I would like to move the glue configuration from web.xml into hivemodule.xml by using the existing Spring-internal FilterChainProxy configuration. Does something speak against overwriting the following hivemind configuration: with: Where the spring configuration looks something like this: CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anony mousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor and do the @Secure Annotations still work after this change? Thanks, Gernot -- Gernot Stocker, Institute for Genomics and Bioinformatics(IGB) Petersgasse 14, 8010 Graz, Austria Tel.: ++43 316 873 5345 http://genome.tugraz.at - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tapestry + Acegi + Spring integration
On Tuesday 11 July 2006 20:30, James Carman wrote: > Yeah, when I added tapestry-acegi support into our project at work, the > people were quite amazed at how easy it was to secure a page. Hi, I would like to use the tapestry-acegi project for ACEGI-security-checks in pages, having already implemented a SSO authentication javax.servlet.Filter / org.acegisecurity.ui.webapp.AuthenticationProcessingFilter for authentication. In order to get a cleaner tapestry integration I would like to move the glue configuration from web.xml into hivemodule.xml by using the existing Spring-internal FilterChainProxy configuration. Does something speak against overwriting the following hivemind configuration: with: Where the spring configuration looks something like this: CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor and do the @Secure Annotations still work after this change? Thanks, Gernot -- Gernot Stocker, Institute for Genomics and Bioinformatics(IGB) Petersgasse 14, 8010 Graz, Austria Tel.: ++43 316 873 5345 http://genome.tugraz.at pgptzn4Sq0UBO.pgp Description: PGP signature
RE: Tapestry + Acegi + Spring integration
Yeah, when I added tapestry-acegi support into our project at work, the people were quite amazed at how easy it was to secure a page. -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Jesper Zedlitz Sent: Tuesday, July 11, 2006 2:24 PM To: users@tapestry.apache.org Subject: Re: Tapestry + Acegi + Spring integration -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 With several tips from James I have been able to make the example clearer than it already was. Securing Tapestry pages is so easy - it is almost frightened. ;-) I have added a dependency to hivemind-lib. That makes it possible to get rid of the helper class and set the Spring bean "memoryAuthenticationDao" directly as "hivemind.acegi.dao.UserDetailsService". BTW: The example can now be found the the Tapestry Wiki http://wiki.apache.org/tapestry/AcegiSpringJava5 Jesper - -- Jesper Zedlitz eMail: [EMAIL PROTECTED] Homepage : http://www.zedlitz.de ICQ# : 23890711 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEs+zOjSxW58yLxdgRAqwqAKCLuLO184ZDpNp6JYaPsmLnf8NBygCg4iAF dt6tl4EzNPbhdB2Ut1zLzYE= =9LmY -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tapestry + Acegi + Spring integration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 With several tips from James I have been able to make the example clearer than it already was. Securing Tapestry pages is so easy - it is almost frightened. ;-) I have added a dependency to hivemind-lib. That makes it possible to get rid of the helper class and set the Spring bean "memoryAuthenticationDao" directly as "hivemind.acegi.dao.UserDetailsService". BTW: The example can now be found the the Tapestry Wiki http://wiki.apache.org/tapestry/AcegiSpringJava5 Jesper - -- Jesper Zedlitz eMail: [EMAIL PROTECTED] Homepage : http://www.zedlitz.de ICQ# : 23890711 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEs+zOjSxW58yLxdgRAqwqAKCLuLO184ZDpNp6JYaPsmLnf8NBygCg4iAF dt6tl4EzNPbhdB2Ut1zLzYE= =9LmY -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry + Acegi + Spring integration
If you have a Spring bean (which it looks like you do) that implements UserDetailsService, then you can use the hivemind.library.SpringLookupFactory to provide the implementation for your service: -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Jesper Zedlitz Sent: Tuesday, July 11, 2006 8:32 AM To: users@tapestry.apache.org Subject: RE: Tapestry + Acegi + Spring integration James Carman wrote: > You can tell HiveMind to use a different password encoder if you want. > All you have to do is override the symbol > hivemind.acegi.dao.passwordEncoder: > > value="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/> > > Ok, that helps. Now I do not have to re-encode the password anymore. To use a plaintext password I use this configuration: It is important that in the case of a plaintext password the salt is an empty string. Otherwise it would be added after the password and the login would fail. Is there a way to get rid of my helper class that just forwards the UserDetails object? Right now the "implementation" element in my hivemodule.xml looks like this: Jesper -- Jesper Zedlitz eMail: [EMAIL PROTECTED] Homepage : http://www.zedlitz.de ICQ# : 23890711 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry + Acegi + Spring integration
James Carman wrote: > You can tell HiveMind to use a different password encoder if you want. > All you have to do is override the symbol > hivemind.acegi.dao.passwordEncoder: > > value="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/> > > Ok, that helps. Now I do not have to re-encode the password anymore. To use a plaintext password I use this configuration: It is important that in the case of a plaintext password the salt is an empty string. Otherwise it would be added after the password and the login would fail. Is there a way to get rid of my helper class that just forwards the UserDetails object? Right now the "implementation" element in my hivemodule.xml looks like this: Jesper -- Jesper Zedlitz eMail: [EMAIL PROTECTED] Homepage : http://www.zedlitz.de ICQ# : 23890711 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tapestry + Acegi + Spring integration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZedroS Schwart wrote: > I wonder, Jesper, if you wouldn't have an advantage of using James' > Tapernate stuff. If not, why ? > I am using James' tapestry-acegi library. My applications make heavy use of the Spring framework. So I was looking for a way to use the already existing bean that implements Acegi's UserDetailsService. Jesper - -- Jesper Zedlitz eMail: [EMAIL PROTECTED] Homepage : http://www.zedlitz.de ICQ# : 23890711 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEs5TJjSxW58yLxdgRAsUrAJ9h2twhmDiFiwLMQXdl8usc8tGPjgCfTWvs AOkdsK9BdsKw8kTyf8tWDf0= =jLxr -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry + Acegi + Spring integration
Oh, by the way, if there are any ambitious folks out there using the tapestry-acegi (or tapernate for that matter) modules and you want to provide some documentation, feel free to drop me a patch via email and I'd be glad to merge it in. -Original Message- From: James Carman [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 11, 2006 7:13 AM To: 'Tapestry users' Subject: RE: Tapestry + Acegi + Spring integration Yes, +1. A nice Wiki entry about this stuff would be great (and it would help me document my stuff :-). Do you think we should put it in the main Tapestry Wiki? -Original Message- From: ZedroS Schwart [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 11, 2006 7:10 AM To: Tapestry users Subject: Re: Tapestry + Acegi + Spring integration I'm not a lot in this Hibernate/Spring/Acegi stuff currently but I'm really curious about it. I wonder, Jesper, if you wouldn't have an advantage of using James' Tapernate stuff. If not, why ? BTW, I think the Wiki is the best place where such excellent mail should end up ! Cheers ZedroS On 7/11/06, James Carman <[EMAIL PROTECTED]> wrote: > You can tell HiveMind to use a different password encoder if you want. All > you have to do is override the symbol hivemind.acegi.dao.passwordEncoder: > > >symbol="hivemind.acegi.dao.passwordEncoder" > value="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/> > > > -Original Message- > From: news [mailto:[EMAIL PROTECTED] On Behalf Of Jesper Zedlitz > Sent: Tuesday, July 11, 2006 3:31 AM > To: users@tapestry.apache.org > Subject: Tapestry + Acegi + Spring integration > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > The integration of Tapestry, Acegi and Spring seems to be a hot topic. > > I have created a simple example that shows how that can be done. The > complete source code can be found here: > http://www.zedlitz.de/tapestry-acegi.zip (8kB) > > If you have Maven2 installed you can go into the directoy tapestry-acegi and > enter the command "mvn jetty6:run". Then you can access the application via > this URL: http://localhost:8080/tapestry-acegi/app > > First I needed two pages (one secured): > * src/main/webapp/Home.html > * src/main/webapp/Secured.html > > Each of these pages is accompanied by a Java class: > * src/main/java/de/zedlitz/tapestry/acegi/Home.java > * src/main/java/de/zedlitz/tapestry/acegi/Secured.java (This is the only > place where you have to specify that this page is secured!) > > I have to tell Tapestry in which package to find the classes: > * src/main/webapp/WEB-INF/tapestry-acegi.application > > A standard webapplication setup for Tapestry and Spring: > * src/main/webapp/WEB-INF/web.xml > > The Spring configuration is also not spectacular. Every Spring enabled > application that uses Acegi has something like that. > * src/main/resources/applicationContext.xml > > Only three beans are created here: > * memoryAuthenticationDao (In the example the username and password is > specified here. But of course you can put any complex bean here to retrieve > user information.) > * daoAuthenticationProvider > * authenticationManager > > > Now the interesting part - how to put it together: > * src/main/resources/META-INF/hivemodule.xml > * src/main/java/de/zedlitz/tapestry/acegi/UserDetailsServiceImpl.java > > The service point "SpringApplicationInitializer" gives you access to > Spring's beans. I have written an implementation for the service > "hivemind.acegi.dao.UserDetailsService", > de.zedlitz.tapestry.acegi.UserDetailsServiceImpl that combines a Spring > UserDetailsService, the PasswordEncoder and the configured salt. From > hivemodule.xml: > > > > value="spring:memoryAuthenticationDao"/> > service-id="hivemind.acegi.dao.PasswordEncoder"/> > > > > > > The dependencies from pom.xml are probably also interesting: > * tapestry/tapestry-annotations 4.0.1 > * tapestry/tapestry 4.0.1 > * org.springframework/spring 1.2.6 > * org.acegisecurity/acegi-security-tiger 1.0.1 > * com.javaforge.tapestry/tapestry-spring 0.1.2 > * com.javaforge.tapestry/tapestry-acegi 0.1-SNAPSHOT > * com.javaforge.hivemind/hivemind-acegi-dao 0.1-SNAPSHOT > > > I think that the solution could be made easier. My UserDetailsServiceImpl > class basicly forwards a UserDetails object. The encoding of the password > could be unnecessary if you could tell Hivemind to use a different > PasswordEncoder. > > Jesper > > - -- > Jesper Zedlitz eMail: [EMAIL PROTECTED] > Homepage : http://www.zedlitz
RE: Tapestry + Acegi + Spring integration
Yes, +1. A nice Wiki entry about this stuff would be great (and it would help me document my stuff :-). Do you think we should put it in the main Tapestry Wiki? -Original Message- From: ZedroS Schwart [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 11, 2006 7:10 AM To: Tapestry users Subject: Re: Tapestry + Acegi + Spring integration I'm not a lot in this Hibernate/Spring/Acegi stuff currently but I'm really curious about it. I wonder, Jesper, if you wouldn't have an advantage of using James' Tapernate stuff. If not, why ? BTW, I think the Wiki is the best place where such excellent mail should end up ! Cheers ZedroS On 7/11/06, James Carman <[EMAIL PROTECTED]> wrote: > You can tell HiveMind to use a different password encoder if you want. All > you have to do is override the symbol hivemind.acegi.dao.passwordEncoder: > > >symbol="hivemind.acegi.dao.passwordEncoder" > value="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/> > > > -Original Message- > From: news [mailto:[EMAIL PROTECTED] On Behalf Of Jesper Zedlitz > Sent: Tuesday, July 11, 2006 3:31 AM > To: users@tapestry.apache.org > Subject: Tapestry + Acegi + Spring integration > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > The integration of Tapestry, Acegi and Spring seems to be a hot topic. > > I have created a simple example that shows how that can be done. The > complete source code can be found here: > http://www.zedlitz.de/tapestry-acegi.zip (8kB) > > If you have Maven2 installed you can go into the directoy tapestry-acegi and > enter the command "mvn jetty6:run". Then you can access the application via > this URL: http://localhost:8080/tapestry-acegi/app > > First I needed two pages (one secured): > * src/main/webapp/Home.html > * src/main/webapp/Secured.html > > Each of these pages is accompanied by a Java class: > * src/main/java/de/zedlitz/tapestry/acegi/Home.java > * src/main/java/de/zedlitz/tapestry/acegi/Secured.java (This is the only > place where you have to specify that this page is secured!) > > I have to tell Tapestry in which package to find the classes: > * src/main/webapp/WEB-INF/tapestry-acegi.application > > A standard webapplication setup for Tapestry and Spring: > * src/main/webapp/WEB-INF/web.xml > > The Spring configuration is also not spectacular. Every Spring enabled > application that uses Acegi has something like that. > * src/main/resources/applicationContext.xml > > Only three beans are created here: > * memoryAuthenticationDao (In the example the username and password is > specified here. But of course you can put any complex bean here to retrieve > user information.) > * daoAuthenticationProvider > * authenticationManager > > > Now the interesting part - how to put it together: > * src/main/resources/META-INF/hivemodule.xml > * src/main/java/de/zedlitz/tapestry/acegi/UserDetailsServiceImpl.java > > The service point "SpringApplicationInitializer" gives you access to > Spring's beans. I have written an implementation for the service > "hivemind.acegi.dao.UserDetailsService", > de.zedlitz.tapestry.acegi.UserDetailsServiceImpl that combines a Spring > UserDetailsService, the PasswordEncoder and the configured salt. From > hivemodule.xml: > > > > value="spring:memoryAuthenticationDao"/> > service-id="hivemind.acegi.dao.PasswordEncoder"/> > > > > > > The dependencies from pom.xml are probably also interesting: > * tapestry/tapestry-annotations 4.0.1 > * tapestry/tapestry 4.0.1 > * org.springframework/spring 1.2.6 > * org.acegisecurity/acegi-security-tiger 1.0.1 > * com.javaforge.tapestry/tapestry-spring 0.1.2 > * com.javaforge.tapestry/tapestry-acegi 0.1-SNAPSHOT > * com.javaforge.hivemind/hivemind-acegi-dao 0.1-SNAPSHOT > > > I think that the solution could be made easier. My UserDetailsServiceImpl > class basicly forwards a UserDetails object. The encoding of the password > could be unnecessary if you could tell Hivemind to use a different > PasswordEncoder. > > Jesper > > - -- > Jesper Zedlitz eMail: [EMAIL PROTECTED] > Homepage : http://www.zedlitz.de > ICQ# : 23890711 > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.1 (GNU/Linux) > > iD8DBQFEs1OgjSxW58yLxdgRAnqvAKDAfjpbyZPSLroWSK/xSWtVd6YwhACg63tF > U7a/UQZyLIf8IHXa0/WUV0o= > =vFNN > -END PGP SIGNATURE- > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAI
Re: Tapestry + Acegi + Spring integration
I'm not a lot in this Hibernate/Spring/Acegi stuff currently but I'm really curious about it. I wonder, Jesper, if you wouldn't have an advantage of using James' Tapernate stuff. If not, why ? BTW, I think the Wiki is the best place where such excellent mail should end up ! Cheers ZedroS On 7/11/06, James Carman <[EMAIL PROTECTED]> wrote: You can tell HiveMind to use a different password encoder if you want. All you have to do is override the symbol hivemind.acegi.dao.passwordEncoder: -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Jesper Zedlitz Sent: Tuesday, July 11, 2006 3:31 AM To: users@tapestry.apache.org Subject: Tapestry + Acegi + Spring integration -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The integration of Tapestry, Acegi and Spring seems to be a hot topic. I have created a simple example that shows how that can be done. The complete source code can be found here: http://www.zedlitz.de/tapestry-acegi.zip (8kB) If you have Maven2 installed you can go into the directoy tapestry-acegi and enter the command "mvn jetty6:run". Then you can access the application via this URL: http://localhost:8080/tapestry-acegi/app First I needed two pages (one secured): * src/main/webapp/Home.html * src/main/webapp/Secured.html Each of these pages is accompanied by a Java class: * src/main/java/de/zedlitz/tapestry/acegi/Home.java * src/main/java/de/zedlitz/tapestry/acegi/Secured.java (This is the only place where you have to specify that this page is secured!) I have to tell Tapestry in which package to find the classes: * src/main/webapp/WEB-INF/tapestry-acegi.application A standard webapplication setup for Tapestry and Spring: * src/main/webapp/WEB-INF/web.xml The Spring configuration is also not spectacular. Every Spring enabled application that uses Acegi has something like that. * src/main/resources/applicationContext.xml Only three beans are created here: * memoryAuthenticationDao (In the example the username and password is specified here. But of course you can put any complex bean here to retrieve user information.) * daoAuthenticationProvider * authenticationManager Now the interesting part - how to put it together: * src/main/resources/META-INF/hivemodule.xml * src/main/java/de/zedlitz/tapestry/acegi/UserDetailsServiceImpl.java The service point "SpringApplicationInitializer" gives you access to Spring's beans. I have written an implementation for the service "hivemind.acegi.dao.UserDetailsService", de.zedlitz.tapestry.acegi.UserDetailsServiceImpl that combines a Spring UserDetailsService, the PasswordEncoder and the configured salt. From hivemodule.xml: The dependencies from pom.xml are probably also interesting: * tapestry/tapestry-annotations 4.0.1 * tapestry/tapestry 4.0.1 * org.springframework/spring 1.2.6 * org.acegisecurity/acegi-security-tiger 1.0.1 * com.javaforge.tapestry/tapestry-spring 0.1.2 * com.javaforge.tapestry/tapestry-acegi 0.1-SNAPSHOT * com.javaforge.hivemind/hivemind-acegi-dao 0.1-SNAPSHOT I think that the solution could be made easier. My UserDetailsServiceImpl class basicly forwards a UserDetails object. The encoding of the password could be unnecessary if you could tell Hivemind to use a different PasswordEncoder. Jesper - -- Jesper Zedlitz eMail: [EMAIL PROTECTED] Homepage : http://www.zedlitz.de ICQ# : 23890711 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEs1OgjSxW58yLxdgRAnqvAKDAfjpbyZPSLroWSK/xSWtVd6YwhACg63tF U7a/UQZyLIf8IHXa0/WUV0o= =vFNN -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry + Acegi + Spring integration
You can tell HiveMind to use a different password encoder if you want. All you have to do is override the symbol hivemind.acegi.dao.passwordEncoder: -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Jesper Zedlitz Sent: Tuesday, July 11, 2006 3:31 AM To: users@tapestry.apache.org Subject: Tapestry + Acegi + Spring integration -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The integration of Tapestry, Acegi and Spring seems to be a hot topic. I have created a simple example that shows how that can be done. The complete source code can be found here: http://www.zedlitz.de/tapestry-acegi.zip (8kB) If you have Maven2 installed you can go into the directoy tapestry-acegi and enter the command "mvn jetty6:run". Then you can access the application via this URL: http://localhost:8080/tapestry-acegi/app First I needed two pages (one secured): * src/main/webapp/Home.html * src/main/webapp/Secured.html Each of these pages is accompanied by a Java class: * src/main/java/de/zedlitz/tapestry/acegi/Home.java * src/main/java/de/zedlitz/tapestry/acegi/Secured.java (This is the only place where you have to specify that this page is secured!) I have to tell Tapestry in which package to find the classes: * src/main/webapp/WEB-INF/tapestry-acegi.application A standard webapplication setup for Tapestry and Spring: * src/main/webapp/WEB-INF/web.xml The Spring configuration is also not spectacular. Every Spring enabled application that uses Acegi has something like that. * src/main/resources/applicationContext.xml Only three beans are created here: * memoryAuthenticationDao (In the example the username and password is specified here. But of course you can put any complex bean here to retrieve user information.) * daoAuthenticationProvider * authenticationManager Now the interesting part - how to put it together: * src/main/resources/META-INF/hivemodule.xml * src/main/java/de/zedlitz/tapestry/acegi/UserDetailsServiceImpl.java The service point "SpringApplicationInitializer" gives you access to Spring's beans. I have written an implementation for the service "hivemind.acegi.dao.UserDetailsService", de.zedlitz.tapestry.acegi.UserDetailsServiceImpl that combines a Spring UserDetailsService, the PasswordEncoder and the configured salt. From hivemodule.xml: The dependencies from pom.xml are probably also interesting: * tapestry/tapestry-annotations 4.0.1 * tapestry/tapestry 4.0.1 * org.springframework/spring 1.2.6 * org.acegisecurity/acegi-security-tiger 1.0.1 * com.javaforge.tapestry/tapestry-spring 0.1.2 * com.javaforge.tapestry/tapestry-acegi 0.1-SNAPSHOT * com.javaforge.hivemind/hivemind-acegi-dao 0.1-SNAPSHOT I think that the solution could be made easier. My UserDetailsServiceImpl class basicly forwards a UserDetails object. The encoding of the password could be unnecessary if you could tell Hivemind to use a different PasswordEncoder. Jesper - -- Jesper Zedlitz eMail: [EMAIL PROTECTED] Homepage : http://www.zedlitz.de ICQ# : 23890711 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEs1OgjSxW58yLxdgRAnqvAKDAfjpbyZPSLroWSK/xSWtVd6YwhACg63tF U7a/UQZyLIf8IHXa0/WUV0o= =vFNN -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tapestry + Acegi + Spring integration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The integration of Tapestry, Acegi and Spring seems to be a hot topic. I have created a simple example that shows how that can be done. The complete source code can be found here: http://www.zedlitz.de/tapestry-acegi.zip (8kB) If you have Maven2 installed you can go into the directoy tapestry-acegi and enter the command "mvn jetty6:run". Then you can access the application via this URL: http://localhost:8080/tapestry-acegi/app First I needed two pages (one secured): * src/main/webapp/Home.html * src/main/webapp/Secured.html Each of these pages is accompanied by a Java class: * src/main/java/de/zedlitz/tapestry/acegi/Home.java * src/main/java/de/zedlitz/tapestry/acegi/Secured.java (This is the only place where you have to specify that this page is secured!) I have to tell Tapestry in which package to find the classes: * src/main/webapp/WEB-INF/tapestry-acegi.application A standard webapplication setup for Tapestry and Spring: * src/main/webapp/WEB-INF/web.xml The Spring configuration is also not spectacular. Every Spring enabled application that uses Acegi has something like that. * src/main/resources/applicationContext.xml Only three beans are created here: * memoryAuthenticationDao (In the example the username and password is specified here. But of course you can put any complex bean here to retrieve user information.) * daoAuthenticationProvider * authenticationManager Now the interesting part - how to put it together: * src/main/resources/META-INF/hivemodule.xml * src/main/java/de/zedlitz/tapestry/acegi/UserDetailsServiceImpl.java The service point "SpringApplicationInitializer" gives you access to Spring's beans. I have written an implementation for the service "hivemind.acegi.dao.UserDetailsService", de.zedlitz.tapestry.acegi.UserDetailsServiceImpl that combines a Spring UserDetailsService, the PasswordEncoder and the configured salt. From hivemodule.xml: The dependencies from pom.xml are probably also interesting: * tapestry/tapestry-annotations 4.0.1 * tapestry/tapestry 4.0.1 * org.springframework/spring 1.2.6 * org.acegisecurity/acegi-security-tiger 1.0.1 * com.javaforge.tapestry/tapestry-spring 0.1.2 * com.javaforge.tapestry/tapestry-acegi 0.1-SNAPSHOT * com.javaforge.hivemind/hivemind-acegi-dao 0.1-SNAPSHOT I think that the solution could be made easier. My UserDetailsServiceImpl class basicly forwards a UserDetails object. The encoding of the password could be unnecessary if you could tell Hivemind to use a different PasswordEncoder. Jesper - -- Jesper Zedlitz eMail: [EMAIL PROTECTED] Homepage : http://www.zedlitz.de ICQ# : 23890711 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEs1OgjSxW58yLxdgRAnqvAKDAfjpbyZPSLroWSK/xSWtVd6YwhACg63tF U7a/UQZyLIf8IHXa0/WUV0o= =vFNN -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tapestry-acegi
guest/guest On 7/10/06, Andreas Bulling <[EMAIL PROTECTED]> wrote: On 10. Jul 2006 - 18:00:40, Norbert Sándor wrote: | Hello, | | I tried to download tapestry-acegi but SVN access does not seem to be | public. | How can I download it? Do you know http://www.carmanconsulting.com/tapestry-acegi/source-repository.html HTH Andreas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Jesse Kuhnert Tacos/Tapestry, team member/developer Open source based consulting work centered around dojo/tapestry/tacos/hivemind.
Re: tapestry-acegi
On 10. Jul 2006 - 18:00:40, Norbert Sándor wrote: | Hello, | | I tried to download tapestry-acegi but SVN access does not seem to be | public. | How can I download it? Do you know http://www.carmanconsulting.com/tapestry-acegi/source-repository.html HTH Andreas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tapestry-acegi
You can find both binary and source build in the Maven2 repo here http://www.carmanconsulting.com/mvn On 7/10/06, Norbert Sándor <[EMAIL PROTECTED]> wrote: Hello, I tried to download tapestry-acegi but SVN access does not seem to be public. How can I download it? Regards, Norbi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tapestry-acegi
Hello, I tried to download tapestry-acegi but SVN access does not seem to be public. How can I download it? Regards, Norbi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry/Acegi Integration...
Scott, Thank you for your kind words. No, it's not quite complete. I plan on adding in ACL support and other stuff. I just wanted to get a "proof of concept" out there. The AuthenticationManager and the AccessDecisionManager will be set automatically by HiveMind, by including the hivemind-acegi module jar file on the classpath. There are certain aspects of the Acegi support that are not exactly specific to Tapestry, so I abstracted them out into their own library so that others could use it. The tapernate-example application uses the Tapestry/Acegi integration. It's available via SVN at: www.carmanconsulting.com/svn/public/tapernate-example/trunk You can build it using Maven2 and it will automagically download everything it needs (including the hivemind-acegi stuff). I need to add in some other Maven2 repositories into the pom.xml file so that some of the specification jars (JTA, JPA, etc.) will be downloaded automatically without having to manually copy stuff into your local repo. James -Original Message- From: Scott Russell [mailto:[EMAIL PROTECTED] Sent: Saturday, June 17, 2006 11:04 PM To: users@tapestry.apache.org Subject: Re: Tapestry/Acegi Integration... Hi James, I took a look at the Tapestry-Acegi integration project at http://www.carmanconsulting.com/tapestry-acegi/ . It looks very nice, certainly a cleaner integration than what I have used before. I am just wondering how complete it is. Looking through the code, it appears that the configuration is incomplete, at least, as much as I can see the SecurityUtils service-point seems not to have the authenticationManager or accessDecisionManager properties set. Do you have any examples for how to use this in one's app, and override or set the properties on the service-points like SecurityUtils and ExceptionTranslationFilter? regards, Scott On Thursday 08 June 2006 12:37, James Carman wrote: > All, > > I have taken a stab at Tapestry/Acegi integration. The Tapernate example > application now uses Acegi to secure the CreateMessage page (using a > @Secured("ROLE_USER") annotation). By no means is this the final version. > I just wanted to get it in front of some folks to see what they thought. > Enjoy! > > James > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tapestry/Acegi Integration...
Hi James, I took a look at the Tapestry-Acegi integration project at http://www.carmanconsulting.com/tapestry-acegi/ . It looks very nice, certainly a cleaner integration than what I have used before. I am just wondering how complete it is. Looking through the code, it appears that the configuration is incomplete, at least, as much as I can see the SecurityUtils service-point seems not to have the authenticationManager or accessDecisionManager properties set. Do you have any examples for how to use this in one's app, and override or set the properties on the service-points like SecurityUtils and ExceptionTranslationFilter? regards, Scott On Thursday 08 June 2006 12:37, James Carman wrote: > All, > > I have taken a stab at Tapestry/Acegi integration. The Tapernate example > application now uses Acegi to secure the CreateMessage page (using a > @Secured("ROLE_USER") annotation). By no means is this the final version. > I just wanted to get it in front of some folks to see what they thought. > Enjoy! > > James > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry/Acegi Integration...
got in with 'anonymous' and 'anon'. -- View this message in context: http://www.nabble.com/Tapestry-Acegi-Integration...-t1752611.html#a4847443 Sent from the Tapestry - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry/Acegi Integration...
James, I tried getting access to the SVN repository via javaforge using my 'bkbonner' ID, but was unable. It said 'Tapernate project wasn't found' when doing a search. ??? I'm interested in the @Secured component you were discussing. Is this out in SVN? p.s. I see you're on maven ;) Brian -- View this message in context: http://www.nabble.com/Tapestry-Acegi-Integration...-t1752611.html#a4846956 Sent from the Tapestry - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry/Acegi Integration...
n context (never null) */ protected ApplicationContext getContext(){ return XWebApplicationContextUtils.getRequiredWebApplicationContext(getWebContext() ); } @SuppressWarnings("unchecked") private Integer[] parseIntegersString(String integersString) throws NumberFormatException { final Set integers = new HashSet(); final StringTokenizer tokenizer; tokenizer = new StringTokenizer(integersString, ",", false); while (tokenizer.hasMoreTokens()) { String integer = tokenizer.nextToken(); integers.add(new Integer(integer)); } return (Integer[]) integers.toArray(new Integer[] {}); } } -Original Message- From: James Carman [mailto:[EMAIL PROTECTED] Sent: Sunday, June 11, 2006 8:00 PM To: 'Tapestry users' Subject: RE: Tapestry/Acegi Integration... Sounds good! I'll probably call mine Secured, since it will match up with the @Secured annotation that we use in code. But, I'll probably lean on some of the work you've done here once I get a chance to read through it. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry/Acegi Integration...
Sounds good! I'll probably call mine Secured, since it will match up with the @Secured annotation that we use in code. But, I'll probably lean on some of the work you've done here once I get a chance to read through it. -Original Message- From: Jonathan Barker [mailto:[EMAIL PROTECTED] Sent: Saturday, June 10, 2006 1:03 AM To: 'Tapestry users' Subject: RE: Tapestry/Acegi Integration... Hi, I've now been lurking for two years. I finally had a project where I could use Tapestry... and Hibernate, and Spring, and Acegi... So many hills to climb... Anyway, I put together an @Authorize component combining code from the Tapestry @If component and the JSP taglib from Acegi. As it stands, it behaves exactly as an @If, except that it takes comma-separated lists of roles as parameters like the Acegi Auuthorize tag. I also use @Else along with it - it hardly seemed necessary to come up with a different AuthorizeElse component I'm using it in production, and it works beautifully. I have also put together an AclAuthorize component for instance-based security, if you are interested. I would be happy to see this component included in a properly maintained library under the Apache license. At this point, I haven't even had a chance to extract it into a library of my own or get back to it to clean up the code and comments which include remnants of the taglib. I haven't tried tapernate yet so I don't know if this is a simple drop-in. Best regards, Jonathan Barker Code: = package ca.itstrategic.tls.ptpip.ui.tapestry.components; import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.HashSet; import java.util.Iterator; import java.util.Set; import org.acegisecurity.Authentication; import org.acegisecurity.GrantedAuthority; import org.acegisecurity.GrantedAuthorityImpl; import org.acegisecurity.acl.AclManager; import org.acegisecurity.context.SecurityContextHolder; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hivemind.ApplicationRuntimeException; import org.apache.hivemind.HiveMind; import org.apache.tapestry.IActionListener; import org.apache.tapestry.IBinding; import org.apache.tapestry.IForm; import org.apache.tapestry.IMarkupWriter; import org.apache.tapestry.IRequestCycle; import org.apache.tapestry.Tapestry; import org.apache.tapestry.TapestryUtils; import org.apache.tapestry.annotations.ComponentClass; import org.apache.tapestry.annotations.InjectObject; import org.apache.tapestry.annotations.Parameter; import org.apache.tapestry.form.AbstractFormComponent; import org.apache.tapestry.services.DataSqueezer; import org.apache.tapestry.web.WebContext; import org.apache.tapestry.web.WebRequest; import org.springframework.context.ApplicationContext; import org.springframework.util.StringUtils; import diaphragma.tapspr.XWebApplicationContextUtils; /** * @author jabarker * @version $Revision: $ */ @ComponentClass(allowInformalParameters=true, allowBody=true) public abstract class Authorize extends AbstractFormComponent { @Parameter(required=false) public abstract String getIfAllGranted(); @Parameter(required=false) public abstract String getIfAnyGranted(); @Parameter(required=false) public abstract String getIfNotGranted(); /** * An implementation of {BaseComponent} that allows its * body through if some authorizations are granted to the request's principal. * * * Only works with permissions that are subclasses of [EMAIL PROTECTED] * org.acegisecurity.acl.basic.BasicAclEntry}. * * * * One or more comma separate integer permissions are specified via the * hasPermission attribute. The tag will include its body if * any of the integer permissions have been granted to the current * Authentication (obtained from the SecurityContextHolder). * * * * For this class to operate it must be able to access the application context * via the WebApplicationContextUtils and locate an [EMAIL PROTECTED] * AclManager}. Application contexts have no need to have more than one * AclManager (as a provider-based implementation can be used so * that it locates a provider that is authoritative for the given domain * object instance), so the first AclManager located will be * used. * * * @author Ben Alex */ public final static String IF_VALUE_ATTRIBUTE = "org.mb.tapestry.base.IfValue"; @Parameter(required=false) public abstract IBinding getConditionValueBinding(); @Parameter(required=false) public abstract boolean getVolatile(); @Parameter(require
RE: Tapestry/Acegi Integration...
} /** * Find the common authorities between the current authentication's [EMAIL PROTECTED] * GrantedAuthority} and the ones that have been specified in the tag's * ifAny, ifNot or ifAllGranted attributes. * * * We need to manually iterate over both collections, because the granted * authorities might not implement [EMAIL PROTECTED] Object#equals(Object)} and * [EMAIL PROTECTED] Object#hashCode()} in the same way as [EMAIL PROTECTED] * GrantedAuthorityImpl}, thereby invalidating [EMAIL PROTECTED] * Collection#retainAll(java.util.Collection)} results. * * * * CAVEAT: This method will not work if * the granted authorities returns a null string as the * return value of [EMAIL PROTECTED] * org.acegisecurity.GrantedAuthority#getAuthority()}. * * * * Reported by rawdave, on Fri Feb 04, 2005 2:11 pm in the Acegi Security * System for Spring forums. * * * @param granted The authorities granted by the authentication. May be any *implementation of [EMAIL PROTECTED] GrantedAuthority} that does *not return null from [EMAIL PROTECTED] *org.acegisecurity.GrantedAuthority#getAuthority()}. * @param required A [EMAIL PROTECTED] Set} of [EMAIL PROTECTED] GrantedAuthorityImpl}s that have *been built using ifAny, ifAll or ifNotGranted. * * @return A set containing only the common authorities between * granted and required. * * @see http://forum.springframework.org/viewtopic.php?t=3367";>authz:authorize * ifNotGranted not behaving as expected */ @SuppressWarnings("unchecked") private Set retainAll(final Collection granted, final Set required) { Set grantedRoles = authoritiesToRoles(granted); Set requiredRoles = authoritiesToRoles(required); grantedRoles.retainAll(requiredRoles); return rolesToAuthorities(grantedRoles, granted); } @SuppressWarnings("unchecked") private Set rolesToAuthorities(Set grantedRoles, Collection granted) { Set target = new HashSet(); for (Iterator iterator = grantedRoles.iterator(); iterator.hasNext();) { String role = (String) iterator.next(); for (Iterator grantedIterator = granted.iterator(); grantedIterator.hasNext();) { GrantedAuthority authority = (GrantedAuthority) grantedIterator .next(); if (authority.getAuthority().equals(role)) { target.add(authority); break; } } } return target; } // /** * */ public Authorize() { super(); // TODO Auto-generated constructor stub } /* (non-Javadoc) * @see org.apache.tapestry.form.AbstractFormComponent#getForm() */ @Override public IForm getForm() { // TODO Auto-generated method stub return null; } /* (non-Javadoc) * @see org.apache.tapestry.form.AbstractFormComponent#setForm(org.apache.tapestry.I Form) */ @Override public void setForm(IForm arg0) { // TODO Auto-generated method stub } /* (non-Javadoc) * @see org.apache.tapestry.form.IFormComponent#getDisplayName() */ public String getDisplayName() { // TODO Auto-generated method stub return null; } /* (non-Javadoc) * @see org.apache.tapestry.form.IFormComponent#getClientId() */ public String getClientId() { // TODO Auto-generated method stub return null; } } === Authorize.jwc http://jakarta.apache.org/tapestry/dtd/Tapestry_4_0.dtd";> -Original Message- From: James Carman [mailto:[EMAIL PROTECTED] Sent: Friday, June 09, 2006 5:49 PM To: 'Tapestry users'; [EMAIL PROTECTED] Subject: RE: Tapestry/Acegi Integration... I was actually thinking of a @Secured component that would conditionally show its contents only if the user has the required p
RE: Tapestry/Acegi Integration...
} /** * Find the common authorities between the current authentication's [EMAIL PROTECTED] * GrantedAuthority} and the ones that have been specified in the tag's * ifAny, ifNot or ifAllGranted attributes. * * * We need to manually iterate over both collections, because the granted * authorities might not implement [EMAIL PROTECTED] Object#equals(Object)} and * [EMAIL PROTECTED] Object#hashCode()} in the same way as [EMAIL PROTECTED] * GrantedAuthorityImpl}, thereby invalidating [EMAIL PROTECTED] * Collection#retainAll(java.util.Collection)} results. * * * * CAVEAT: This method will not work if * the granted authorities returns a null string as the * return value of [EMAIL PROTECTED] * org.acegisecurity.GrantedAuthority#getAuthority()}. * * * * Reported by rawdave, on Fri Feb 04, 2005 2:11 pm in the Acegi Security * System for Spring forums. * * * @param granted The authorities granted by the authentication. May be any *implementation of [EMAIL PROTECTED] GrantedAuthority} that does *not return null from [EMAIL PROTECTED] *org.acegisecurity.GrantedAuthority#getAuthority()}. * @param required A [EMAIL PROTECTED] Set} of [EMAIL PROTECTED] GrantedAuthorityImpl}s that have *been built using ifAny, ifAll or ifNotGranted. * * @return A set containing only the common authorities between * granted and required. * * @see http://forum.springframework.org/viewtopic.php?t=3367";>authz:authorize * ifNotGranted not behaving as expected */ @SuppressWarnings("unchecked") private Set retainAll(final Collection granted, final Set required) { Set grantedRoles = authoritiesToRoles(granted); Set requiredRoles = authoritiesToRoles(required); grantedRoles.retainAll(requiredRoles); return rolesToAuthorities(grantedRoles, granted); } @SuppressWarnings("unchecked") private Set rolesToAuthorities(Set grantedRoles, Collection granted) { Set target = new HashSet(); for (Iterator iterator = grantedRoles.iterator(); iterator.hasNext();) { String role = (String) iterator.next(); for (Iterator grantedIterator = granted.iterator(); grantedIterator.hasNext();) { GrantedAuthority authority = (GrantedAuthority) grantedIterator .next(); if (authority.getAuthority().equals(role)) { target.add(authority); break; } } } return target; } // /** * */ public Authorize() { super(); // TODO Auto-generated constructor stub } /* (non-Javadoc) * @see org.apache.tapestry.form.AbstractFormComponent#getForm() */ @Override public IForm getForm() { // TODO Auto-generated method stub return null; } /* (non-Javadoc) * @see org.apache.tapestry.form.AbstractFormComponent#setForm(org.apache.tapestry.I Form) */ @Override public void setForm(IForm arg0) { // TODO Auto-generated method stub } /* (non-Javadoc) * @see org.apache.tapestry.form.IFormComponent#getDisplayName() */ public String getDisplayName() { // TODO Auto-generated method stub return null; } /* (non-Javadoc) * @see org.apache.tapestry.form.IFormComponent#getClientId() */ public String getClientId() { // TODO Auto-generated method stub return null; } } === Authorize.jwc http://jakarta.apache.org/tapestry/dtd/Tapestry_4_0.dtd";> -Original Message- From: James Carman [mailto:[EMAIL PROTECTED] Sent: Friday, June 09, 2006 5:49 PM To: 'Tapestry users'; [EMAIL PROTECTED] Subject: RE: Tapestry/Acegi Integration... I was actually thinking of a @Secured component that would conditionally show its contents only if the user has the required p
RE: Tapestry/Acegi Integration...
I was actually thinking of a @Secured component that would conditionally show its contents only if the user has the required permissions. -Original Message- From: Hugo Palma [mailto:[EMAIL PROTECTED] Sent: Friday, June 09, 2006 5:45 PM To: Tapestry users Subject: Re: Tapestry/Acegi Integration... I was just thinking about something that would be really cool. It's a common requirement in some applications that some ui elements are hidden/shown depending on user role. What i'm thinking is that tapestry-acegi could provide the same @Secured annotation for component classes but it would have a different behavior. Instead of simply checking authorization and returning an error it the user doesn't have access permissions, it would show the component if the user had the given role and hide it otherwise. Would this be cool or what ? :o) James Carman wrote: > Form-based authentication is coming soon! :-) It should be quite easy. > > >> Hi, >> a smooth integration of ACEGI into Tapestry is really cool stuff. We >> managed it by using >> the internal org.acegisecurity.util.FilterToBeanProxy and >> FilterChainProxy for authentication >> and partially for authorization (user /not logged in without role check) >> within the web.xml. >> >> Does this mean that it would be possible to just configure the >> filterChainProxy in spring and >> inject this spring bean as a "tapestry filter" in front of Tapestry >> servlet? Or am I completely >> wrong? Unfortunately we don't use basic HTTP authentication but a form >> based authentication >> incobination with an internal SSO solution. >> Gernot >> >> On Friday 09 June 2006 10:49, James Carman wrote: >> >>> Gernot, >>> >>> I plan on making the different login mechanisms more "pluggable" soon. >>> I've >>> got an idea that will make it much easier (making Tapestry support >>> servlet >>> filters as ServletRequestServicerFilters so I don't have to write >>> "adapter" >>> subclasses). Once I get everything running smoothly, I'll release it as >>> a >>> 1.0 (hopefully won't be too long). You can use it now as-is, if all you >>> need is HTTP basic authentication. >>> >>> James >>> >> -- >> Gernot Stocker, >> Institute for Genomics and Bioinformatics(IGB) >> Petersgasse 14, 8010 Graz, Austria >> Tel.: ++43 316 873 5345 >> http://genome.tugraz.at >> >> > > > James Carman, President > Carman Consulting, Inc. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tapestry/Acegi Integration...
I was just thinking about something that would be really cool. It's a common requirement in some applications that some ui elements are hidden/shown depending on user role. What i'm thinking is that tapestry-acegi could provide the same @Secured annotation for component classes but it would have a different behavior. Instead of simply checking authorization and returning an error it the user doesn't have access permissions, it would show the component if the user had the given role and hide it otherwise. Would this be cool or what ? :o) James Carman wrote: Form-based authentication is coming soon! :-) It should be quite easy. Hi, a smooth integration of ACEGI into Tapestry is really cool stuff. We managed it by using the internal org.acegisecurity.util.FilterToBeanProxy and FilterChainProxy for authentication and partially for authorization (user /not logged in without role check) within the web.xml. Does this mean that it would be possible to just configure the filterChainProxy in spring and inject this spring bean as a "tapestry filter" in front of Tapestry servlet? Or am I completely wrong? Unfortunately we don't use basic HTTP authentication but a form based authentication incobination with an internal SSO solution. Gernot On Friday 09 June 2006 10:49, James Carman wrote: Gernot, I plan on making the different login mechanisms more "pluggable" soon. I've got an idea that will make it much easier (making Tapestry support servlet filters as ServletRequestServicerFilters so I don't have to write "adapter" subclasses). Once I get everything running smoothly, I'll release it as a 1.0 (hopefully won't be too long). You can use it now as-is, if all you need is HTTP basic authentication. James -- Gernot Stocker, Institute for Genomics and Bioinformatics(IGB) Petersgasse 14, 8010 Graz, Austria Tel.: ++43 316 873 5345 http://genome.tugraz.at James Carman, President Carman Consulting, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tapestry/Acegi Integration...
Or, Acegistry! :-) LOL > On 6/9/06, James Carman <[EMAIL PROTECTED]> wrote: > >> Oh, so you want to directly link to my site? I figured that since we >> will >> already have a link to tapestry-javaforge that folks could get to >> tapernate, tapestry-autowire, tapestry-acegi, etc. from there. I would >> imagine (and I control it) that the URL for the tapestry-acegi project's >> documentation will be www.carmanconsulting.com/tapestry-acegi. > > Why not calling it something like tapacegi or tapegi? > > Sorry couldn't resist :) > > -- > Massimo > http://meridio.blogspot.com > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > James Carman, President Carman Consulting, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tapestry/Acegi Integration...
On 6/9/06, James Carman <[EMAIL PROTECTED]> wrote: Oh, so you want to directly link to my site? I figured that since we will already have a link to tapestry-javaforge that folks could get to tapernate, tapestry-autowire, tapestry-acegi, etc. from there. I would imagine (and I control it) that the URL for the tapestry-acegi project's documentation will be www.carmanconsulting.com/tapestry-acegi. Why not calling it something like tapacegi or tapegi? Sorry couldn't resist :) -- Massimo http://meridio.blogspot.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tapestry/Acegi Integration...
It's there. So, you can link to both that and Tapernate if you wish. www.carmanconsulting.com/tapernate www.carmanconsulting.com/tapestry-acegi > Well, when you get to it let me know, it's ~very~ easy to make a change > and > quickly deploy the docs now. > > On 6/9/06, James Carman <[EMAIL PROTECTED]> wrote: >> >> Oh, so you want to directly link to my site? I figured that since we >> will >> already have a link to tapestry-javaforge that folks could get to >> tapernate, tapestry-autowire, tapestry-acegi, etc. from there. I would >> imagine (and I control it) that the URL for the tapestry-acegi project's >> documentation will be www.carmanconsulting.com/tapestry-acegi. >> >> >> > I meant linked here: >> > >> > http://tapestry.apache.org/ >> > >> > On 6/9/06, James Carman <[EMAIL PROTECTED]> wrote: >> >> >> >> The tapestry-acegi and tapernate modules are both subprojects of the >> >> tapestry-javaforge project. So, we're already linked in. I need to >> >> update the tapestry-javaforge site in SVN to point to my sites on my >> >> server. >> >> >> >> It won't be difficult to get the documentation written for >> >> tapestry-acegi. >> >> It'll just take a bit of time. >> >> >> >> > If you put up a shell mvn site I'll make sure you get linked in. >> >> > >> >> > On 6/9/06, James Carman <[EMAIL PROTECTED]> wrote: >> >> >> >> >> >> All, >> >> >> >> >> >> The tapernate-example application has been refactored to reflect >> the >> >> >> latest >> >> >> changes in the Tapestry/Acegi integration module. Now, the Acegi >> >> >> support >> >> >> is >> >> >> more "drop-in-able." Here's the only configuration required: >> >> >> >> >> >> > > >> >> >> >> >> >> > >> >> class=" >> >> >> >> com.carmanconsulting.tapernate.example.domain.dao.impl.UserDetailsSer >> >> >> viceImpl"/> >> >> >> >> >> >> >> >> >> >> >> >> This is required because the hivemind.acegi.dao module >> automatically >> >> >> adds >> >> >> the DaoAuthenticationProvider to the authentication providers list >> >> and >> >> >> the >> >> >> DaoAuthenticationProvider requires a UserDetailsService. >> >> >> >> >> >> > configuration-id="hivemind.acegi.AccessDecisionVoters >> "> >> >> >> >> >> >> >> >> >> >> >> >> This is required because Acegi needs at least one "decision >> voter." >> >> >> >> >> >> >> >> >> > /> >> >> >> >> >> >> >> >> >> This isn't exactly required, but suggested. The >> hivemind.acegi.dao >> >> >> module >> >> >> uses a system-wide salt which defaults to "CAFEBABE" (the Java >> class >> >> >> file >> >> >> "magic number"). You should override this. >> >> >> >> >> >> Other than that, it just works (as long as you want BASIC >> >> >> authentication). >> >> >> You can also override the authentication realm name using symbol >> >> >> overrides. >> >> >> >> >> >> James >> >> >> >> >> >> >> >> >> >> >> >> >> - >> >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> >> >> >> > >> >> > >> >> > -- >> >> > Jesse Kuhnert >> >> > Tacos/Tapestry, team member/developer >> >> > >> >> > Open source based consulting work centered around >> >> > dojo/tapestry/tacos/hivemind. >> >> > >> >> >> >> >> >> James Carman, President >> >> Carman Consulting, Inc. >> >> >> >> >> >> - >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> > >> > >> > -- >> > Jesse Kuhnert >> > Tacos/Tapestry, team member/developer >> > >> > Open source based consulting work centered around >> > dojo/tapestry/tacos/hivemind. >> > >> >> >> James Carman, President >> Carman Consulting, Inc. >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > -- > Jesse Kuhnert > Tacos/Tapestry, team member/developer > > Open source based consulting work centered around > dojo/tapestry/tacos/hivemind. > James Carman, President Carman Consulting, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tapestry/Acegi Integration...
Well, when you get to it let me know, it's ~very~ easy to make a change and quickly deploy the docs now. On 6/9/06, James Carman <[EMAIL PROTECTED]> wrote: Oh, so you want to directly link to my site? I figured that since we will already have a link to tapestry-javaforge that folks could get to tapernate, tapestry-autowire, tapestry-acegi, etc. from there. I would imagine (and I control it) that the URL for the tapestry-acegi project's documentation will be www.carmanconsulting.com/tapestry-acegi. > I meant linked here: > > http://tapestry.apache.org/ > > On 6/9/06, James Carman <[EMAIL PROTECTED]> wrote: >> >> The tapestry-acegi and tapernate modules are both subprojects of the >> tapestry-javaforge project. So, we're already linked in. I need to >> update the tapestry-javaforge site in SVN to point to my sites on my >> server. >> >> It won't be difficult to get the documentation written for >> tapestry-acegi. >> It'll just take a bit of time. >> >> > If you put up a shell mvn site I'll make sure you get linked in. >> > >> > On 6/9/06, James Carman <[EMAIL PROTECTED]> wrote: >> >> >> >> All, >> >> >> >> The tapernate-example application has been refactored to reflect the >> >> latest >> >> changes in the Tapestry/Acegi integration module. Now, the Acegi >> >> support >> >> is >> >> more "drop-in-able." Here's the only configuration required: >> >> >> >> >> >> >> >> > >> class=" >> >> com.carmanconsulting.tapernate.example.domain.dao.impl.UserDetailsSer >> >> viceImpl"/> >> >> >> >> >> >> >> >> This is required because the hivemind.acegi.dao module automatically >> >> adds >> >> the DaoAuthenticationProvider to the authentication providers list >> and >> >> the >> >> DaoAuthenticationProvider requires a UserDetailsService. >> >> >> >> >> >> >> >> >> >> >> >> This is required because Acegi needs at least one "decision voter." >> >> >> >> >> >> >> >> >> >> >> >> This isn't exactly required, but suggested. The hivemind.acegi.dao >> >> module >> >> uses a system-wide salt which defaults to "CAFEBABE" (the Java class >> >> file >> >> "magic number"). You should override this. >> >> >> >> Other than that, it just works (as long as you want BASIC >> >> authentication). >> >> You can also override the authentication realm name using symbol >> >> overrides. >> >> >> >> James >> >> >> >> >> >> >> >> - >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> > >> > >> > -- >> > Jesse Kuhnert >> > Tacos/Tapestry, team member/developer >> > >> > Open source based consulting work centered around >> > dojo/tapestry/tacos/hivemind. >> > >> >> >> James Carman, President >> Carman Consulting, Inc. >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > -- > Jesse Kuhnert > Tacos/Tapestry, team member/developer > > Open source based consulting work centered around > dojo/tapestry/tacos/hivemind. > James Carman, President Carman Consulting, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Jesse Kuhnert Tacos/Tapestry, team member/developer Open source based consulting work centered around dojo/tapestry/tacos/hivemind.
Re: Tapestry/Acegi Integration...
Oh, so you want to directly link to my site? I figured that since we will already have a link to tapestry-javaforge that folks could get to tapernate, tapestry-autowire, tapestry-acegi, etc. from there. I would imagine (and I control it) that the URL for the tapestry-acegi project's documentation will be www.carmanconsulting.com/tapestry-acegi. > I meant linked here: > > http://tapestry.apache.org/ > > On 6/9/06, James Carman <[EMAIL PROTECTED]> wrote: >> >> The tapestry-acegi and tapernate modules are both subprojects of the >> tapestry-javaforge project. So, we're already linked in. I need to >> update the tapestry-javaforge site in SVN to point to my sites on my >> server. >> >> It won't be difficult to get the documentation written for >> tapestry-acegi. >> It'll just take a bit of time. >> >> > If you put up a shell mvn site I'll make sure you get linked in. >> > >> > On 6/9/06, James Carman <[EMAIL PROTECTED]> wrote: >> >> >> >> All, >> >> >> >> The tapernate-example application has been refactored to reflect the >> >> latest >> >> changes in the Tapestry/Acegi integration module. Now, the Acegi >> >> support >> >> is >> >> more "drop-in-able." Here's the only configuration required: >> >> >> >> >> >> >> >> > >> class=" >> >> com.carmanconsulting.tapernate.example.domain.dao.impl.UserDetailsSer >> >> viceImpl"/> >> >> >> >> >> >> >> >> This is required because the hivemind.acegi.dao module automatically >> >> adds >> >> the DaoAuthenticationProvider to the authentication providers list >> and >> >> the >> >> DaoAuthenticationProvider requires a UserDetailsService. >> >> >> >> >> >> >> >> >> >> >> >> This is required because Acegi needs at least one "decision voter." >> >> >> >> >> >> >> >> >> >> >> >> This isn't exactly required, but suggested. The hivemind.acegi.dao >> >> module >> >> uses a system-wide salt which defaults to "CAFEBABE" (the Java class >> >> file >> >> "magic number"). You should override this. >> >> >> >> Other than that, it just works (as long as you want BASIC >> >> authentication). >> >> You can also override the authentication realm name using symbol >> >> overrides. >> >> >> >> James >> >> >> >> >> >> >> >> - >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> > >> > >> > -- >> > Jesse Kuhnert >> > Tacos/Tapestry, team member/developer >> > >> > Open source based consulting work centered around >> > dojo/tapestry/tacos/hivemind. >> > >> >> >> James Carman, President >> Carman Consulting, Inc. >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > -- > Jesse Kuhnert > Tacos/Tapestry, team member/developer > > Open source based consulting work centered around > dojo/tapestry/tacos/hivemind. > James Carman, President Carman Consulting, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tapestry/Acegi Integration...
I meant linked here: http://tapestry.apache.org/ On 6/9/06, James Carman <[EMAIL PROTECTED]> wrote: The tapestry-acegi and tapernate modules are both subprojects of the tapestry-javaforge project. So, we're already linked in. I need to update the tapestry-javaforge site in SVN to point to my sites on my server. It won't be difficult to get the documentation written for tapestry-acegi. It'll just take a bit of time. > If you put up a shell mvn site I'll make sure you get linked in. > > On 6/9/06, James Carman <[EMAIL PROTECTED]> wrote: >> >> All, >> >> The tapernate-example application has been refactored to reflect the >> latest >> changes in the Tapestry/Acegi integration module. Now, the Acegi >> support >> is >> more "drop-in-able." Here's the only configuration required: >> >> >> >> > class=" >> com.carmanconsulting.tapernate.example.domain.dao.impl.UserDetailsSer >> viceImpl"/> >> >> >> >> This is required because the hivemind.acegi.dao module automatically >> adds >> the DaoAuthenticationProvider to the authentication providers list and >> the >> DaoAuthenticationProvider requires a UserDetailsService. >> >> >> >> >> >> This is required because Acegi needs at least one "decision voter." >> >> >> >> >> >> This isn't exactly required, but suggested. The hivemind.acegi.dao >> module >> uses a system-wide salt which defaults to "CAFEBABE" (the Java class >> file >> "magic number"). You should override this. >> >> Other than that, it just works (as long as you want BASIC >> authentication). >> You can also override the authentication realm name using symbol >> overrides. >> >> James >> >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > -- > Jesse Kuhnert > Tacos/Tapestry, team member/developer > > Open source based consulting work centered around > dojo/tapestry/tacos/hivemind. > James Carman, President Carman Consulting, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Jesse Kuhnert Tacos/Tapestry, team member/developer Open source based consulting work centered around dojo/tapestry/tacos/hivemind.
Re: Tapestry/Acegi Integration...
The tapestry-acegi and tapernate modules are both subprojects of the tapestry-javaforge project. So, we're already linked in. I need to update the tapestry-javaforge site in SVN to point to my sites on my server. It won't be difficult to get the documentation written for tapestry-acegi. It'll just take a bit of time. > If you put up a shell mvn site I'll make sure you get linked in. > > On 6/9/06, James Carman <[EMAIL PROTECTED]> wrote: >> >> All, >> >> The tapernate-example application has been refactored to reflect the >> latest >> changes in the Tapestry/Acegi integration module. Now, the Acegi >> support >> is >> more "drop-in-able." Here's the only configuration required: >> >> >> >> > class=" >> com.carmanconsulting.tapernate.example.domain.dao.impl.UserDetailsSer >> viceImpl"/> >> >> >> >> This is required because the hivemind.acegi.dao module automatically >> adds >> the DaoAuthenticationProvider to the authentication providers list and >> the >> DaoAuthenticationProvider requires a UserDetailsService. >> >> >> >> >> >> This is required because Acegi needs at least one "decision voter." >> >> >> >> >> >> This isn't exactly required, but suggested. The hivemind.acegi.dao >> module >> uses a system-wide salt which defaults to "CAFEBABE" (the Java class >> file >> "magic number"). You should override this. >> >> Other than that, it just works (as long as you want BASIC >> authentication). >> You can also override the authentication realm name using symbol >> overrides. >> >> James >> >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > -- > Jesse Kuhnert > Tacos/Tapestry, team member/developer > > Open source based consulting work centered around > dojo/tapestry/tacos/hivemind. > James Carman, President Carman Consulting, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tapestry/Acegi Integration...
If you put up a shell mvn site I'll make sure you get linked in. On 6/9/06, James Carman <[EMAIL PROTECTED]> wrote: All, The tapernate-example application has been refactored to reflect the latest changes in the Tapestry/Acegi integration module. Now, the Acegi support is more "drop-in-able." Here's the only configuration required: This is required because the hivemind.acegi.dao module automatically adds the DaoAuthenticationProvider to the authentication providers list and the DaoAuthenticationProvider requires a UserDetailsService. This is required because Acegi needs at least one "decision voter." This isn't exactly required, but suggested. The hivemind.acegi.dao module uses a system-wide salt which defaults to "CAFEBABE" (the Java class file "magic number"). You should override this. Other than that, it just works (as long as you want BASIC authentication). You can also override the authentication realm name using symbol overrides. James - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Jesse Kuhnert Tacos/Tapestry, team member/developer Open source based consulting work centered around dojo/tapestry/tacos/hivemind.
Re: Tapestry/Acegi Integration...
Form-based authentication is coming soon! :-) It should be quite easy. > Hi, > a smooth integration of ACEGI into Tapestry is really cool stuff. We > managed it by using > the internal org.acegisecurity.util.FilterToBeanProxy and > FilterChainProxy for authentication > and partially for authorization (user /not logged in without role check) > within the web.xml. > > Does this mean that it would be possible to just configure the > filterChainProxy in spring and > inject this spring bean as a "tapestry filter" in front of Tapestry > servlet? Or am I completely > wrong? Unfortunately we don't use basic HTTP authentication but a form > based authentication > incobination with an internal SSO solution. > Gernot > > On Friday 09 June 2006 10:49, James Carman wrote: >> Gernot, >> >> I plan on making the different login mechanisms more "pluggable" soon. >> I've >> got an idea that will make it much easier (making Tapestry support >> servlet >> filters as ServletRequestServicerFilters so I don't have to write >> "adapter" >> subclasses). Once I get everything running smoothly, I'll release it as >> a >> 1.0 (hopefully won't be too long). You can use it now as-is, if all you >> need is HTTP basic authentication. >> >> James > -- > Gernot Stocker, > Institute for Genomics and Bioinformatics(IGB) > Petersgasse 14, 8010 Graz, Austria > Tel.: ++43 316 873 5345 > http://genome.tugraz.at > James Carman, President Carman Consulting, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tapestry/Acegi Integration...
All, The tapernate-example application has been refactored to reflect the latest changes in the Tapestry/Acegi integration module. Now, the Acegi support is more "drop-in-able." Here's the only configuration required: This is required because the hivemind.acegi.dao module automatically adds the DaoAuthenticationProvider to the authentication providers list and the DaoAuthenticationProvider requires a UserDetailsService. This is required because Acegi needs at least one "decision voter." This isn't exactly required, but suggested. The hivemind.acegi.dao module uses a system-wide salt which defaults to "CAFEBABE" (the Java class file "magic number"). You should override this. Other than that, it just works (as long as you want BASIC authentication). You can also override the authentication realm name using symbol overrides. James - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tapestry/Acegi Integration...
Hi, a smooth integration of ACEGI into Tapestry is really cool stuff. We managed it by using the internal org.acegisecurity.util.FilterToBeanProxy and FilterChainProxy for authentication and partially for authorization (user /not logged in without role check) within the web.xml. Does this mean that it would be possible to just configure the filterChainProxy in spring and inject this spring bean as a "tapestry filter" in front of Tapestry servlet? Or am I completely wrong? Unfortunately we don't use basic HTTP authentication but a form based authentication incobination with an internal SSO solution. Gernot On Friday 09 June 2006 10:49, James Carman wrote: > Gernot, > > I plan on making the different login mechanisms more "pluggable" soon. I've > got an idea that will make it much easier (making Tapestry support servlet > filters as ServletRequestServicerFilters so I don't have to write "adapter" > subclasses). Once I get everything running smoothly, I'll release it as a > 1.0 (hopefully won't be too long). You can use it now as-is, if all you > need is HTTP basic authentication. > > James -- Gernot Stocker, Institute for Genomics and Bioinformatics(IGB) Petersgasse 14, 8010 Graz, Austria Tel.: ++43 316 873 5345 http://genome.tugraz.at pgppw87buhZ4T.pgp Description: PGP signature
RE: Tapestry/Acegi Integration...
Gernot, I plan on making the different login mechanisms more "pluggable" soon. I've got an idea that will make it much easier (making Tapestry support servlet filters as ServletRequestServicerFilters so I don't have to write "adapter" subclasses). Once I get everything running smoothly, I'll release it as a 1.0 (hopefully won't be too long). You can use it now as-is, if all you need is HTTP basic authentication. James -Original Message- From: Gernot Stocker [mailto:[EMAIL PROTECTED] Sent: Friday, June 09, 2006 4:11 AM To: Tapestry users Subject: Re: Tapestry/Acegi Integration... Hi, this sounds really great! Is there already a released jar file around which can be just plugged in ;-) ? I have a Tap/Spring webapplication in which ACEGI is already securing my service facade in the backend. A proper integration into the web ui would be the next thing to do. Any plans for releasing the code may be as a beta? Thanks, Gernot On Friday 09 June 2006 01:34, James Carman wrote: > All, > > Now, Acegi secured methods are supported. So, if you have a listener method > (taken from the tapernate example): > > @Secured("ROLE_EDIT") > public void editMessage( Message message ) > { > // Blah blah > } > > The tapernate-acegi module will perform a security check prior to executing > the editMessage() method to make sure that the currently authenticated user > has the role "ROLE_EDIT". As before, you can place a @Secured annotation on > a page class and it will also be secured using a PageValidateListener which > checks for the appropriate role. > > Enjoy! > > James > > -Original Message- > From: James Carman [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 08, 2006 10:26 AM > To: 'Tapestry users' > Subject: RE: Tapestry/Acegi Integration... > > Oh, to login to the example application, you use tapernate/tapernate. > > > -----Original Message- > From: James Carman [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 07, 2006 10:38 PM > To: 'Tapestry users' > Subject: Tapestry/Acegi Integration... > > All, > > I have taken a stab at Tapestry/Acegi integration. The Tapernate example > application now uses Acegi to secure the CreateMessage page (using a > @Secured("ROLE_USER") annotation). By no means is this the final version. > I just wanted to get it in front of some folks to see what they thought. > Enjoy! > > James > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Gernot Stocker, Institute for Genomics and Bioinformatics(IGB) Petersgasse 14, 8010 Graz, Austria Tel.: ++43 316 873 5345 http://genome.tugraz.at - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tapestry/Acegi Integration...
On 09. Jun 2006 - 10:11:15, Gernot Stocker wrote: | Hi, | this sounds really great! Is there already a released jar file around which can | be just plugged in ;-) ? At the moment you have to download the whole .war archive from www.carmanconsulting.com/mvn/com/carmanconsulting/tapernate-example/0.1 and pick the needed jars from WEB-INF/lib manually. I've already requested the jars to be released seperately from the tapernate-example -> James is informed ;) HTH, Andreas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tapestry/Acegi Integration...
Hi, this sounds really great! Is there already a released jar file around which can be just plugged in ;-) ? I have a Tap/Spring webapplication in which ACEGI is already securing my service facade in the backend. A proper integration into the web ui would be the next thing to do. Any plans for releasing the code may be as a beta? Thanks, Gernot On Friday 09 June 2006 01:34, James Carman wrote: > All, > > Now, Acegi secured methods are supported. So, if you have a listener method > (taken from the tapernate example): > > @Secured("ROLE_EDIT") > public void editMessage( Message message ) > { > // Blah blah > } > > The tapernate-acegi module will perform a security check prior to executing > the editMessage() method to make sure that the currently authenticated user > has the role "ROLE_EDIT". As before, you can place a @Secured annotation on > a page class and it will also be secured using a PageValidateListener which > checks for the appropriate role. > > Enjoy! > > James > > -Original Message- > From: James Carman [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 08, 2006 10:26 AM > To: 'Tapestry users' > Subject: RE: Tapestry/Acegi Integration... > > Oh, to login to the example application, you use tapernate/tapernate. > > > -Original Message- > From: James Carman [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 07, 2006 10:38 PM > To: 'Tapestry users' > Subject: Tapestry/Acegi Integration... > > All, > > I have taken a stab at Tapestry/Acegi integration. The Tapernate example > application now uses Acegi to secure the CreateMessage page (using a > @Secured("ROLE_USER") annotation). By no means is this the final version. > I just wanted to get it in front of some folks to see what they thought. > Enjoy! > > James > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Gernot Stocker, Institute for Genomics and Bioinformatics(IGB) Petersgasse 14, 8010 Graz, Austria Tel.: ++43 316 873 5345 http://genome.tugraz.at pgpV1atzdtp5I.pgp Description: PGP signature
RE: Tapestry/Acegi Integration...
All, Now, Acegi secured methods are supported. So, if you have a listener method (taken from the tapernate example): @Secured("ROLE_EDIT") public void editMessage( Message message ) { // Blah blah } The tapernate-acegi module will perform a security check prior to executing the editMessage() method to make sure that the currently authenticated user has the role "ROLE_EDIT". As before, you can place a @Secured annotation on a page class and it will also be secured using a PageValidateListener which checks for the appropriate role. Enjoy! James -Original Message- From: James Carman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 08, 2006 10:26 AM To: 'Tapestry users' Subject: RE: Tapestry/Acegi Integration... Oh, to login to the example application, you use tapernate/tapernate. -Original Message- From: James Carman [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 07, 2006 10:38 PM To: 'Tapestry users' Subject: Tapestry/Acegi Integration... All, I have taken a stab at Tapestry/Acegi integration. The Tapernate example application now uses Acegi to secure the CreateMessage page (using a @Secured("ROLE_USER") annotation). By no means is this the final version. I just wanted to get it in front of some folks to see what they thought. Enjoy! James - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry/Acegi Integration...
Oh, to login to the example application, you use tapernate/tapernate. -Original Message- From: James Carman [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 07, 2006 10:38 PM To: 'Tapestry users' Subject: Tapestry/Acegi Integration... All, I have taken a stab at Tapestry/Acegi integration. The Tapernate example application now uses Acegi to secure the CreateMessage page (using a @Secured("ROLE_USER") annotation). By no means is this the final version. I just wanted to get it in front of some folks to see what they thought. Enjoy! James - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tapestry/Acegi Integration...
There are a few modules involved, all at JavaForge. The hivemind-acegi and hivemind-acegi-dao are located in the hivemind project. The tapestry-acegi module is located in the tapestry project. The SVN URLs are as follows: http://svn.javaforge.com/svn/hivemind/hivemind-acegi/trunk http://svn.javaforge.com/svn/hivemind/hivemind-acegi-dao/trunk http://svn.javaforge.com/svn/tapestry/tapestry-acegi/trunk You can login using anonymous/anon. -Original Message- From: Henri Dupre [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 07, 2006 11:04 PM To: Tapestry users Subject: Re: Tapestry/Acegi Integration... That's fantastic! Where's the code? On 6/7/06, James Carman <[EMAIL PROTECTED]> wrote: > > All, > > I have taken a stab at Tapestry/Acegi integration. The Tapernate example > application now uses Acegi to secure the CreateMessage page (using a > @Secured("ROLE_USER") annotation). By no means is this the final version. > I just wanted to get it in front of some folks to see what they thought. > Enjoy! > > James > > > > -- > Thanks, > > Henri. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tapestry/Acegi Integration...
That's fantastic! Where's the code? On 6/7/06, James Carman <[EMAIL PROTECTED]> wrote: All, I have taken a stab at Tapestry/Acegi integration. The Tapernate example application now uses Acegi to secure the CreateMessage page (using a @Secured("ROLE_USER") annotation). By no means is this the final version. I just wanted to get it in front of some folks to see what they thought. Enjoy! James -- Thanks, Henri.
Tapestry/Acegi Integration...
All, I have taken a stab at Tapestry/Acegi integration. The Tapernate example application now uses Acegi to secure the CreateMessage page (using a @Secured("ROLE_USER") annotation). By no means is this the final version. I just wanted to get it in front of some folks to see what they thought. Enjoy! James - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]